startup-starter/skybridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

org

Browse Source
This commit is contained in:
Ryan Copley
2025-08-26 19:16:41 -04:00
parent 7ca61eb712
commit 6725529b01
113 changed files with 0 additions and 337 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
nginx/default.conf
View File

@ -1,172 +0,0 @@
server {
listen 80;
server_name localhost;
# Health check endpoint (direct response)
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
# API endpoints with rate limiting
location /api/ {
# Apply rate limiting
limit_req zone=api burst=20 nodelay;
# Development mode: only user email header required
proxy_set_header X-User-Email "test@example.com";
# Standard proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Proxy to API service
proxy_pass http://api-service:8080;
proxy_read_timeout 60s;
proxy_connect_timeout 10s;
proxy_send_timeout 60s;
# Handle proxy errors
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
# Login endpoints with stricter rate limiting
location ~ ^/api/(login|verify|renew) {
# Apply stricter rate limiting for auth endpoints
limit_req zone=login burst=5 nodelay;
# Development mode: only user email header required
proxy_set_header X-User-Email "test@example.com";
# Standard proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Proxy to API service
proxy_pass http://api-service:8080;
proxy_read_timeout 60s;
proxy_connect_timeout 10s;
proxy_send_timeout 60s;
# Handle proxy errors
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
# Metrics endpoint (for monitoring)
location /metrics {
# Only allow internal access
allow 127.0.0.1;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
proxy_pass http://api-service:9090/metrics;
}
# Default location - serve React frontend
location / {
proxy_pass http://frontend:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Handle React Router (client-side routing)
proxy_intercept_errors on;
error_page 404 = @fallback;
}
# Fallback for React Router
location @fallback {
proxy_pass http://frontend:80;
proxy_set_header Host $host;
}
# Custom error pages
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /404.html {
internal;
return 404 '{"error": "Not Found", "message": "The requested resource was not found"}';
add_header Content-Type application/json;
}
location = /50x.html {
internal;
return 500 '{"error": "Internal Server Error", "message": "An internal error occurred"}';
add_header Content-Type application/json;
}
# Static assets - proxy to frontend with caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
proxy_pass http://frontend:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
expires 1y;
add_header Cache-Control "public, immutable";
}
# Block access to sensitive files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~ \.(env|config|ini)$ {
deny all;
access_log off;
log_not_found off;
}
}
# Test configuration for different user scenarios
server {
listen 8081;
server_name localhost;
# Admin user for testing
location /api/ {
limit_req zone=api burst=50 nodelay;
# Development mode: admin test user
proxy_set_header X-User-Email "admin@example.com";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://api-service:8080;
}
}
server {
listen 8082;
server_name localhost;
# Limited user for testing
location /api/ {
limit_req zone=api burst=10 nodelay;
# Development mode: limited test user
proxy_set_header X-User-Email "limited@example.com";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://api-service:8080;
}
}

41
nginx/nginx.conf
View File

@ -1,41 +0,0 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# Rate limiting
limit_req_zone $binary_remote_addr zone=api:10m rate=100r/m;
limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m;
# Security headers
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
# Hide nginx version
server_tokens off;
include /etc/nginx/conf.d/*.conf;
}