startup-starter/skybridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0

Browse Source
This commit is contained in:
Ryan Copley
2025-08-22 14:06:20 -04:00
commit 46264cb556
36 changed files with 7185 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
nginx/default.conf Normal file
View File

@ -0,0 +1,152 @@
server {
listen 80;
server_name localhost;
# Health check endpoint (direct response)
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
# API endpoints with rate limiting
location /api/ {
# Apply rate limiting
limit_req zone=api burst=20 nodelay;
# Add test user header for HeaderAuthenticationProvider
proxy_set_header X-User-Email "test@example.com";
# Standard proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Proxy to API service
proxy_pass http://api-service:8080/;
proxy_read_timeout 60s;
proxy_connect_timeout 10s;
proxy_send_timeout 60s;
# Handle proxy errors
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
# Login endpoints with stricter rate limiting
location ~ ^/api/(login|verify|renew) {
# Apply stricter rate limiting for auth endpoints
limit_req zone=login burst=5 nodelay;
# Add test user header for HeaderAuthenticationProvider
proxy_set_header X-User-Email "test@example.com";
# Standard proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Proxy to API service
proxy_pass http://api-service:8080/;
proxy_read_timeout 60s;
proxy_connect_timeout 10s;
proxy_send_timeout 60s;
# Handle proxy errors
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
# Metrics endpoint (for monitoring)
location /metrics {
# Only allow internal access
allow 127.0.0.1;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
proxy_pass http://api-service:9090/metrics;
}
# Default location - redirect to documentation
location / {
return 301 /api/docs;
}
# Custom error pages
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /404.html {
internal;
return 404 '{"error": "Not Found", "message": "The requested resource was not found"}';
add_header Content-Type application/json;
}
location = /50x.html {
internal;
return 500 '{"error": "Internal Server Error", "message": "An internal error occurred"}';
add_header Content-Type application/json;
}
# Security settings
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# Block access to sensitive files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~ \.(env|config|ini)$ {
deny all;
access_log off;
log_not_found off;
}
}
# Test configuration for different user scenarios
server {
listen 8081;
server_name localhost;
# Admin user for testing
location /api/ {
limit_req zone=api burst=50 nodelay;
# Admin test user
proxy_set_header X-User-Email "admin@example.com";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://api-service:8080/;
}
}
server {
listen 8082;
server_name localhost;
# Limited user for testing
location /api/ {
limit_req zone=api burst=10 nodelay;
# Limited test user
proxy_set_header X-User-Email "limited@example.com";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://api-service:8080/;
}
}