arifal/CKB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix redirect url to port

Browse Source
This commit is contained in:
arifal
2025-06-13 15:30:19 +07:00
parent 6625baf7bd
commit ac55ed1b67
8 changed files with 249 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
docker/nginx-proxy.conf
View File

@@ -49,14 +49,96 @@ http {
# HTTP server configuration
server {
listen 80;
server_name bengkel.digitaloasis.xyz www.bengkel.digitaloasis.xyz _;
server_name bengkel.digitaloasis.xyz www.bengkel.digitaloasis.xyz localhost _;
# Let's Encrypt challenge
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# Main application for HTTP
# Handle static files with proper headers
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|otf)$ {
proxy_pass http://app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Port $server_port;
# Cache static assets
expires 1y;
add_header Cache-Control "public, immutable";
add_header Access-Control-Allow-Origin "*";
# Proxy timeouts
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Handle Laravel Mix versioned assets
location ~* \.(css|js)\?id=[a-zA-Z0-9]+ {
proxy_pass http://app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Port $server_port;
# Cache versioned assets
expires 1y;
add_header Cache-Control "public, immutable";
add_header Access-Control-Allow-Origin "*";
# Proxy timeouts
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Rate limiting for login endpoints
location ~ ^/(login|register|password) {
limit_req zone=login burst=5 nodelay;
proxy_pass http://app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Port $server_port;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Rate limiting for API endpoints
location /api/ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Port $server_port;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Health check endpoint
location /health {
access_log off;
proxy_pass http://app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Main application for HTTP (catch-all)
location / {
proxy_pass http://app;
proxy_set_header Host $host;
@@ -70,31 +152,6 @@ http {
proxy_send_timeout 300;
}
# Handle static files
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://app;
expires 1y;
add_header Cache-Control "public, immutable";
}
# Rate limiting for login endpoints
location ~ ^/(login|register|password) {
limit_req zone=login burst=5 nodelay;
proxy_pass http://app;
}
# Rate limiting for API endpoints
location /api/ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://app;
}
# Health check endpoint
location /health {
access_log off;
proxy_pass http://app;
}
# Block access to sensitive files
location ~ /\. {
deny all;