aheh/PrivyDrop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
27375c1a4dbd295fc3c50f2c7d580229f0dd22e6
PrivyDrop/backend/docker/Nginx/default
T
david_bai 3d222fd316 chore(doc):improve UX message clarity and add cache optimization 
- Update duplicate room ID messages across all languages for better clarity
- Enhance cached ID tips with double-click save mode functionality
- Add image optimization cache configuration to Nginx
- Document production environment variable sync requirements
- Add NEXT_IMAGE_UNOPTIMIZED to production config
2025-10-29 23:12:09 +08:00

139 lines
5.7 KiB
Plaintext
Raw Blame History

server { # Redirect HTTP to HTTPS
listen 80;
server_name YourDomain www.YourDomain;
return 301 https://$server_name$request_uri;
}
server {
# No longer listening on public 443/TCP, change to listening on internal port
listen 127.0.0.1:4443 ssl;
http2 on;
ssl_protocols TLSv1.2 TLSv1.3;
server_name YourDomain www.YourDomain;
# Redirect bare domain to www
if ($host = 'YourDomain') {
return 301 https://www.YourDomain$request_uri;
}
# SSL Configuration (using placeholder certs for Certbot)
# Certbot will find this block and replace these with the real certificates.
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
# SSL Optimization
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Modern Configuration
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (Enable with caution)
# add_header Strict-Transport-Security "max-age=63072000" always;
# Define the root path of the frontend build artifacts inside the container
# !!! Important: Please modify this path to the actual path of your frontend project build inside the Nginx container !!!
set $frontend_build_root path/to/PrivyDrop/frontend;
# 1. Prioritize handling of Next.js core static resources (_next/static)
location /_next/static/ {
alias $frontend_build_root/.next/static/;
expires 365d; # Long-term cache
access_log off; # Disable access log for this path
add_header Cache-Control "public"; # Explicitly inform the browser that it can be cached publicly
}
# WebSocket signaling server configuration
location /socket.io/ {
proxy_pass http://localhost:3001/socket.io/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS Configuration
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
# WebSocket related optimizations
proxy_read_timeout 86400; # 24h
proxy_send_timeout 86400; # 24h
proxy_connect_timeout 7d;
proxy_buffering off;
}
# Backend API address -- forward
location /api/ {
proxy_pass http://localhost:3001/api/; # Backend API address -- forward
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Modify CORS configuration, only set one Origin
add_header Access-Control-Allow-Origin "https://www.privydrop.app" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" always;
add_header Access-Control-Allow-Credentials "true" always;
}
# Next.js Image Optimization Service (usually handled by the Next.js application)
location /_next/image {
proxy_pass http://localhost:3002; # Point to the Next.js application
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# Add cache optimization for image optimization
proxy_cache_valid 200 1d;
add_header Cache-Control "public, max-age=31536000, immutable";
proxy_read_timeout 60s;
proxy_connect_timeout 5s;
}
# 2. Handle static files under the public directory and Next.js dynamic requests
# This location should be after specific proxies (like /api/, /socket.io/),
# but it can be before or after /_next/static/ because they match different paths.
# For clarity, we put it here.
location / {
# root points to the parent directory of the public directory, which is the root directory of the frontend build artifacts
root $frontend_build_root/public;
# Try to find files in order:
# 1. $uri: as a file in the public directory (e.g., /image.png -> $frontend_build_root/public/image.png)
# 2. @nextjs: If none of the above are found, pass the request to the Next.js application for processing
try_files $uri @nextjs_app;
}
# Named location, used to proxy requests to the Next.js application
location @nextjs_app {
proxy_pass http://localhost:3002; # Point to the Next.js application
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server { # Add a server block for Certbot to install certificates for TURN server
listen 80;
server_name TurnServerName;
# Only process Let's Encrypt validation requests
location /.well-known/acme-challenge/ {
root /var/www/html;
}
}
Reference in New Issue View Git Blame Copy Permalink