Spaces:
Paused
Paused
| upstream fastapi_backend { | |
| server legal-dashboard:8000; | |
| } | |
| server { | |
| listen 80; | |
| server_name localhost; | |
| client_max_body_size 100M; | |
| # Security headers | |
| add_header X-Frame-Options "SAMEORIGIN" always; | |
| add_header X-Content-Type-Options "nosniff" always; | |
| add_header X-XSS-Protection "1; mode=block" always; | |
| add_header Referrer-Policy "no-referrer-when-downgrade" always; | |
| add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; | |
| # Gzip compression | |
| gzip on; | |
| gzip_vary on; | |
| gzip_min_length 1024; | |
| gzip_proxied expired no-cache no-store private must-revalidate auth; | |
| gzip_types | |
| text/plain | |
| text/css | |
| text/xml | |
| text/javascript | |
| application/javascript | |
| application/xml+rss | |
| application/json; | |
| # Static files | |
| location /static/ { | |
| alias /usr/share/nginx/html/static/; | |
| expires 1y; | |
| add_header Cache-Control "public, immutable"; | |
| # Try to serve file directly, fallback to FastAPI | |
| try_files $uri $uri/ @fastapi; | |
| } | |
| # API routes | |
| location /api/ { | |
| proxy_pass http://fastapi_backend; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| # WebSocket support | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| # Timeouts | |
| proxy_connect_timeout 60s; | |
| proxy_send_timeout 60s; | |
| proxy_read_timeout 60s; | |
| } | |
| # Health check | |
| location /health { | |
| proxy_pass http://fastapi_backend; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| } | |
| # Docs and admin routes | |
| location ~ ^/(docs|redoc|openapi\.json) { | |
| proxy_pass http://fastapi_backend; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| } | |
| # Root and HTML files | |
| location / { | |
| # Try static file first, then proxy to FastAPI | |
| try_files $uri $uri/ @fastapi; | |
| } | |
| # FastAPI fallback | |
| location @fastapi { | |
| proxy_pass http://fastapi_backend; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| # Handle large uploads | |
| proxy_request_buffering off; | |
| proxy_buffering off; | |
| } | |
| # Error pages | |
| error_page 404 /static/404.html; | |
| error_page 500 502 503 504 /static/50x.html; | |
| # Logging | |
| access_log /var/log/nginx/access.log; | |
| error_log /var/log/nginx/error.log; | |
| } | |
| # HTTPS server (uncomment and configure for production) | |
| # server { | |
| # listen 443 ssl http2; | |
| # server_name localhost; | |
| # | |
| # ssl_certificate /etc/nginx/ssl/cert.pem; | |
| # ssl_certificate_key /etc/nginx/ssl/key.pem; | |
| # | |
| # # SSL configuration | |
| # ssl_protocols TLSv1.2 TLSv1.3; | |
| # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384; | |
| # ssl_prefer_server_ciphers off; | |
| # | |
| # # Include the same location blocks as above | |
| # include /etc/nginx/conf.d/common-locations.conf; | |
| # } |