org

2025-08-26 19:16:41 -04:00
parent 7ca61eb712
commit 6725529b01
113 changed files with 0 additions and 337 deletions
--- a/nginx/default.conf
+++ b/nginx/default.conf
@ -1,172 +0,0 @@
-server {
-    listen 80;
-    server_name localhost;
-
-    # Health check endpoint (direct response)
-    location /health {
-        access_log off;
-        return 200 "healthy\n";
-        add_header Content-Type text/plain;
-    }
-
-    # API endpoints with rate limiting
-    location /api/ {
-        # Apply rate limiting
-        limit_req zone=api burst=20 nodelay;
-        
-        # Development mode: only user email header required
-        proxy_set_header X-User-Email "test@example.com";
-        
-        # Standard proxy headers
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        
-        # Proxy to API service
-        proxy_pass http://api-service:8080;
-        proxy_read_timeout 60s;
-        proxy_connect_timeout 10s;
-        proxy_send_timeout 60s;
-        
-        # Handle proxy errors
-        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
-    }
-    
-    # Login endpoints with stricter rate limiting
-    location ~ ^/api/(login|verify|renew) {
-        # Apply stricter rate limiting for auth endpoints
-        limit_req zone=login burst=5 nodelay;
-        
-        # Development mode: only user email header required
-        proxy_set_header X-User-Email "test@example.com";
-        
-        # Standard proxy headers
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        
-        # Proxy to API service
-        proxy_pass http://api-service:8080;
-        proxy_read_timeout 60s;
-        proxy_connect_timeout 10s;
-        proxy_send_timeout 60s;
-        
-        # Handle proxy errors
-        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
-    }
-
-    # Metrics endpoint (for monitoring)
-    location /metrics {
-        # Only allow internal access
-        allow 127.0.0.1;
-        allow 10.0.0.0/8;
-        allow 172.16.0.0/12;
-        allow 192.168.0.0/16;
-        deny all;
-        
-        proxy_pass http://api-service:9090/metrics;
-    }
-
-    # Default location - serve React frontend
-    location / {
-        proxy_pass http://frontend:80;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        
-        # Handle React Router (client-side routing)
-        proxy_intercept_errors on;
-        error_page 404 = @fallback;
-    }
-    
-    # Fallback for React Router
-    location @fallback {
-        proxy_pass http://frontend:80;
-        proxy_set_header Host $host;
-    }
-
-    # Custom error pages
-    error_page 404 /404.html;
-    error_page 500 502 503 504 /50x.html;
-    
-    location = /404.html {
-        internal;
-        return 404 '{"error": "Not Found", "message": "The requested resource was not found"}';
-        add_header Content-Type application/json;
-    }
-    
-    location = /50x.html {
-        internal;
-        return 500 '{"error": "Internal Server Error", "message": "An internal error occurred"}';
-        add_header Content-Type application/json;
-    }
-
-    # Static assets - proxy to frontend with caching
-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
-        proxy_pass http://frontend:80;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        
-        expires 1y;
-        add_header Cache-Control "public, immutable";
-    }
-
-    # Block access to sensitive files
-    location ~ /\. {
-        deny all;
-        access_log off;
-        log_not_found off;
-    }
-    
-    location ~ \.(env|config|ini)$ {
-        deny all;
-        access_log off;
-        log_not_found off;
-    }
-}
-
-# Test configuration for different user scenarios
-server {
-    listen 8081;
-    server_name localhost;
-
-    # Admin user for testing
-    location /api/ {
-        limit_req zone=api burst=50 nodelay;
-        
-        # Development mode: admin test user
-        proxy_set_header X-User-Email "admin@example.com";
-        
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        
-        proxy_pass http://api-service:8080;
-    }
-}
-
-server {
-    listen 8082;
-    server_name localhost;
-
-    # Limited user for testing
-    location /api/ {
-        limit_req zone=api burst=10 nodelay;
-        
-        # Development mode: limited test user
-        proxy_set_header X-User-Email "limited@example.com";
-        
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        
-        proxy_pass http://api-service:8080;
-    }
-}