186 lines
6.6 KiB
Plaintext
186 lines
6.6 KiB
Plaintext
# ==============================================
|
|
# Production конфигурация для uchill.online
|
|
# ==============================================
|
|
|
|
# Редирект HTTP на HTTPS (отключено для dev - нет SSL сертификатов)
|
|
# server {
|
|
# listen 80;
|
|
# listen [::]:80;
|
|
# server_name uchill.online www.uchill.online;
|
|
#
|
|
# # Let's Encrypt challenge
|
|
# location /.well-known/acme-challenge/ {
|
|
# root /var/www/certbot;
|
|
# }
|
|
#
|
|
# # Редирект на HTTPS
|
|
# location / {
|
|
# return 301 https://$host$request_uri;
|
|
# }
|
|
# }
|
|
|
|
# HTTPS сервер (отключено для dev - нет SSL сертификатов)
|
|
# Для включения: создайте сертификаты в /etc/nginx/ssl/ и раскомментируйте
|
|
# server {
|
|
# listen 443 ssl;
|
|
# listen [::]:443 ssl;
|
|
# http2 on;
|
|
# server_name uchill.online www.uchill.online;
|
|
#
|
|
# # SSL сертификаты Let's Encrypt
|
|
# ssl_certificate /etc/nginx/ssl/fullchain.pem;
|
|
# ssl_certificate_key /etc/nginx/ssl/privkey.pem;
|
|
#
|
|
# # SSL настройки
|
|
# ssl_protocols TLSv1.2 TLSv1.3;
|
|
# ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
|
|
# ssl_prefer_server_ciphers on;
|
|
# ssl_session_cache shared:SSL:10m;
|
|
# ssl_session_timeout 10m;
|
|
# ssl_stapling on;
|
|
# ssl_stapling_verify on;
|
|
#
|
|
# # Безопасность
|
|
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
# add_header X-Frame-Options "SAMEORIGIN" always;
|
|
# add_header X-Content-Type-Options "nosniff" always;
|
|
# add_header X-XSS-Protection "1; mode=block" always;
|
|
# add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
#
|
|
# # Размер загружаемых файлов
|
|
# client_max_body_size 100M;
|
|
#
|
|
# # Таймауты
|
|
# proxy_connect_timeout 60s;
|
|
# proxy_send_timeout 60s;
|
|
# proxy_read_timeout 60s;
|
|
#
|
|
# # ==============================================
|
|
# # Статические файлы
|
|
# # ==============================================
|
|
# location /static/ {
|
|
# alias /staticfiles/;
|
|
# expires 30d;
|
|
# add_header Cache-Control "public, immutable";
|
|
# access_log off;
|
|
# }
|
|
#
|
|
# location /media/ {
|
|
# alias /media/;
|
|
# expires 7d;
|
|
# add_header Cache-Control "public";
|
|
# access_log off;
|
|
# }
|
|
#
|
|
# # ==============================================
|
|
# # API (Backend)
|
|
# # ==============================================
|
|
# location /api/ {
|
|
# limit_req zone=api_limit burst=20 nodelay;
|
|
# limit_conn conn_limit 10;
|
|
#
|
|
# proxy_pass http://backend;
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
# proxy_set_header X-Forwarded-Host $host;
|
|
# proxy_set_header X-Forwarded-Port $server_port;
|
|
#
|
|
# # WebSocket поддержка
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
#
|
|
# # Кэширование для GET запросов
|
|
# proxy_cache api_cache;
|
|
# proxy_cache_valid 200 5m;
|
|
# proxy_cache_methods GET HEAD;
|
|
# proxy_cache_key "$scheme$request_method$host$request_uri";
|
|
# add_header X-Cache-Status $upstream_cache_status;
|
|
# }
|
|
#
|
|
# # Health check без ограничений
|
|
# location /health/ {
|
|
# proxy_pass http://backend;
|
|
# proxy_set_header Host $host;
|
|
# access_log off;
|
|
# }
|
|
#
|
|
# # Django Admin
|
|
# location /admin/ {
|
|
# limit_req zone=login_limit burst=5 nodelay;
|
|
#
|
|
# proxy_pass http://backend;
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
# }
|
|
#
|
|
# # ==============================================
|
|
# # WebSocket для уведомлений
|
|
# # ==============================================
|
|
# location /ws/ {
|
|
# proxy_pass http://backend;
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
#
|
|
# # Таймауты для WebSocket
|
|
# proxy_read_timeout 3600s;
|
|
# proxy_send_timeout 3600s;
|
|
# }
|
|
#
|
|
# # ==============================================
|
|
# # Whiteboard (Collaborative Whiteboard)
|
|
# # ==============================================
|
|
# location /whiteboard/ {
|
|
# proxy_pass http://whiteboard/;
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
# proxy_set_header X-Forwarded-Host $host;
|
|
#
|
|
# # WebSocket для whiteboard
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
#
|
|
# # Таймауты для WebSocket
|
|
# proxy_read_timeout 3600s;
|
|
# proxy_send_timeout 3600s;
|
|
# }
|
|
#
|
|
# # ==============================================
|
|
# # Frontend (Next.js)
|
|
# # ==============================================
|
|
# location / {
|
|
# limit_req zone=api_limit burst=50 nodelay;
|
|
#
|
|
# proxy_pass http://frontend;
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
# proxy_set_header X-Forwarded-Host $host;
|
|
#
|
|
# # WebSocket для Next.js HMR (только в dev)
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
# }
|
|
#
|
|
# # Блокировка доступа к скрытым файлам
|
|
# location ~ /\. {
|
|
# deny all;
|
|
# access_log off;
|
|
# log_not_found off;
|
|
# }
|
|
# }
|