# ROA2WEB Virtual Host Configuration # HTTP server for development (no redirect) server { listen 80; server_name localhost roa2web.local; # Let's Encrypt challenge (for future production use) location /.well-known/acme-challenge/ { root /var/www/certbot; } # Development: serve content directly via HTTP location /api/ { proxy_pass http://roa_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /health { proxy_pass http://roa_backend/health; proxy_set_header Host $host; } location /api/health { proxy_pass http://roa_backend/health; proxy_set_header Host $host; } location / { proxy_pass http://roa_frontend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } # HTTPS main server (disabled for development) # server { # listen 443 ssl http2; # server_name localhost roa2web.local; # # # SSL configuration # include /etc/nginx/conf.d/ssl.conf; # # # Security headers # include /etc/nginx/conf.d/security.conf; # # # Logging # access_log /var/log/nginx/roa2web_access.log main; # error_log /var/log/nginx/roa2web_error.log warn; # # # API routes - proxy to FastAPI backend # location /api/ { # # Rate limiting for API # limit_req zone=api burst=20 nodelay; # # # Proxy configuration # proxy_pass http://roa_backend; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Port $server_port; # # # Timeouts # proxy_connect_timeout 30s; # proxy_send_timeout 30s; # proxy_read_timeout 30s; # # # Buffering # proxy_buffering on; # proxy_buffer_size 4k; # proxy_buffers 8 4k; # # # No caching for API responses # add_header Cache-Control "no-cache, no-store, must-revalidate"; # add_header Pragma "no-cache"; # add_header Expires "0"; # } # # # Health check endpoints # location /health { # access_log off; # proxy_pass http://health_backend/health; # proxy_set_header Host $host; # } # # # Backend health check # location /api/health { # access_log off; # proxy_pass http://roa_backend/health; # proxy_set_header Host $host; # } # # # Static assets with caching # location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { # limit_req zone=static burst=50 nodelay; # # proxy_pass http://roa_frontend; # proxy_set_header Host $host; # # # Long-term caching for assets with hash # expires 1y; # add_header Cache-Control "public, immutable"; # add_header Vary "Accept-Encoding"; # # # Gzip compression # gzip_static on; # } # # # Frontend SPA - everything else goes to Vue.js # location / { # limit_req zone=static burst=100 nodelay; # # proxy_pass http://roa_frontend; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # # # Short caching for HTML files # add_header Cache-Control "no-cache, must-revalidate"; # expires 5m; # } # # # Deny access to sensitive files # location ~ /\. { # deny all; # access_log off; # log_not_found off; # } # # location ~ \.(sql|env|key|pem)$ { # deny all; # access_log off; # log_not_found off; # } # } # Development HTTP server (for local development) server { listen 8080; server_name dev.localhost; # Simple HTTP setup for development location /api/ { proxy_pass http://roa_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /health { proxy_pass http://roa_backend/health; proxy_set_header Host $host; } location /api/health { proxy_pass http://roa_backend/health; proxy_set_header Host $host; } location / { proxy_pass http://roa_frontend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }