1f7f722238
Use Docker internal DNS resolver and variable for backend upstream to prevent nginx from failing to resolve hostname during config reload.
59 lines
1.8 KiB
Nginx Configuration File
59 lines
1.8 KiB
Nginx Configuration File
server {
|
|
listen 80;
|
|
server_name _;
|
|
root /usr/share/nginx/html;
|
|
index index.html;
|
|
|
|
# DNS resolver for Docker
|
|
resolver 127.0.0.11 valid=30s;
|
|
|
|
# API proxy
|
|
location /api {
|
|
set $backend_upstream "veridian-preview-backend:3000";
|
|
proxy_pass http://$backend_upstream;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_set_header Host $host;
|
|
proxy_cache_bypass $http_upgrade;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
# .well-known directory (serve directly)
|
|
location /.well-known/ {
|
|
try_files $uri =404;
|
|
add_header Content-Type application/json;
|
|
}
|
|
|
|
# APK download
|
|
location /visitorkiosk.apk {
|
|
try_files $uri =404;
|
|
add_header Content-Type application/vnd.android.package-archive;
|
|
add_header Content-Disposition "attachment; filename=visitorkiosk.apk";
|
|
}
|
|
|
|
# Static assets (JS, CSS, images, fonts)
|
|
location /assets/ {
|
|
try_files $uri =404;
|
|
add_header Cache-Control "public, max-age=31536000, immutable";
|
|
}
|
|
|
|
# HTML files - no cache to ensure fresh asset references
|
|
location ~* \.(html)$ {
|
|
try_files $uri =404;
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
|
}
|
|
|
|
# Frontend SPA routing
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
|
}
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
}
|