Hugging Face's logo

Spaces:
Really-amin
/
Hoghoghi
Paused

App Files Community
1
Really-amin commited on
Commit
208447c
·
verified ·
1 Parent(s): 8af52bf

Update nginx.conf

Browse files
Files changed (1) hide show
  1. nginx.conf +121 -127
nginx.conf CHANGED
@@ -1,127 +1,121 @@
1
- # Nginx configuration for Legal Dashboard
2
- upstream fastapi_backend {
3
- server legal-dashboard:8000;
4
- }
5
-
6
- # Rate limiting
7
- limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
8
- limit_req_zone $binary_remote_addr zone=upload:10m rate=2r/s;
9
-
10
- server {
11
- listen 80;
12
- server_name _;
13
-
14
- # Security headers
15
- add_header X-Frame-Options "SAMEORIGIN" always;
16
- add_header X-Content-Type-Options "nosniff" always;
17
- add_header X-XSS-Protection "1; mode=block" always;
18
- add_header Referrer-Policy "strict-origin-when-cross-origin" always;
19
- add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self';" always;
20
-
21
- # Logging
22
- access_log /var/log/nginx/access.log;
23
- error_log /var/log/nginx/error.log;
24
-
25
- # Client max body size for file uploads
26
- client_max_body_size 50M;
27
-
28
- # Gzip compression
29
- gzip on;
30
- gzip_vary on;
31
- gzip_min_length 1024;
32
- gzip_proxied any;
33
- gzip_comp_level 6;
34
- gzip_types
35
- text/plain
36
- text/css
37
- text/xml
38
- text/javascript
39
- application/json
40
- application/javascript
41
- application/xml+rss
42
- application/atom+xml
43
- image/svg+xml;
44
-
45
- # API endpoints with rate limiting
46
- location /api/ {
47
- limit_req zone=api burst=20 nodelay;
48
-
49
- proxy_pass http://fastapi_backend;
50
- proxy_set_header Host $host;
51
- proxy_set_header X-Real-IP $remote_addr;
52
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
53
- proxy_set_header X-Forwarded-Proto $scheme;
54
-
55
- # Timeouts
56
- proxy_connect_timeout 60s;
57
- proxy_send_timeout 60s;
58
- proxy_read_timeout 60s;
59
-
60
- # Buffer settings
61
- proxy_buffering on;
62
- proxy_buffer_size 4k;
63
- proxy_buffers 8 4k;
64
- }
65
-
66
- # File upload endpoint with stricter rate limiting
67
- location /api/documents/upload {
68
- limit_req zone=upload burst=5 nodelay;
69
-
70
- proxy_pass http://fastapi_backend;
71
- proxy_set_header Host $host;
72
- proxy_set_header X-Real-IP $remote_addr;
73
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
74
- proxy_set_header X-Forwarded-Proto $scheme;
75
-
76
- # Longer timeout for file uploads
77
- proxy_connect_timeout 300s;
78
- proxy_send_timeout 300s;
79
- proxy_read_timeout 300s;
80
- }
81
-
82
- # Static files caching
83
- location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
84
- expires 1y;
85
- add_header Cache-Control "public, immutable";
86
- proxy_pass http://fastapi_backend;
87
- }
88
-
89
- # Health check endpoint
90
- location /api/health {
91
- access_log off;
92
- proxy_pass http://fastapi_backend;
93
- proxy_set_header Host $host;
94
- }
95
-
96
- # Default location
97
- location / {
98
- proxy_pass http://fastapi_backend;
99
- proxy_set_header Host $host;
100
- proxy_set_header X-Real-IP $remote_addr;
101
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
102
- proxy_set_header X-Forwarded-Proto $scheme;
103
- }
104
-
105
- # Error pages
106
- error_page 404 /404.html;
107
- error_page 500 502 503 504 /50x.html;
108
-
109
- location = /50x.html {
110
- root /usr/share/nginx/html;
111
- }
112
- }
113
-
114
- # HTTPS configuration (uncomment and configure SSL certificates)
115
- # server {
116
- # listen 443 ssl http2;
117
- # server_name your-domain.com;
118
- #
119
- # ssl_certificate /etc/nginx/ssl/cert.pem;
120
- # ssl_certificate_key /etc/nginx/ssl/key.pem;
121
- # ssl_protocols TLSv1.2 TLSv1.3;
122
- # ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
123
- # ssl_prefer_server_ciphers off;
124
- #
125
- # # Same configuration as above
126
- # # ... (copy the location blocks from above)
127
- # }
 
1
+ upstream fastapi_backend {
2
+ server legal-dashboard:8000;
3
+ }
4
+
5
+ server {
6
+ listen 80;
7
+ server_name localhost;
8
+ client_max_body_size 100M;
9
+
10
+ # Security headers
11
+ add_header X-Frame-Options "SAMEORIGIN" always;
12
+ add_header X-Content-Type-Options "nosniff" always;
13
+ add_header X-XSS-Protection "1; mode=block" always;
14
+ add_header Referrer-Policy "no-referrer-when-downgrade" always;
15
+ add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
16
+
17
+ # Gzip compression
18
+ gzip on;
19
+ gzip_vary on;
20
+ gzip_min_length 1024;
21
+ gzip_proxied expired no-cache no-store private must-revalidate auth;
22
+ gzip_types
23
+ text/plain
24
+ text/css
25
+ text/xml
26
+ text/javascript
27
+ application/javascript
28
+ application/xml+rss
29
+ application/json;
30
+
31
+ # Static files
32
+ location /static/ {
33
+ alias /usr/share/nginx/html/static/;
34
+ expires 1y;
35
+ add_header Cache-Control "public, immutable";
36
+
37
+ # Try to serve file directly, fallback to FastAPI
38
+ try_files $uri $uri/ @fastapi;
39
+ }
40
+
41
+ # API routes
42
+ location /api/ {
43
+ proxy_pass http://fastapi_backend;
44
+ proxy_set_header Host $host;
45
+ proxy_set_header X-Real-IP $remote_addr;
46
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
47
+ proxy_set_header X-Forwarded-Proto $scheme;
48
+
49
+ # WebSocket support
50
+ proxy_http_version 1.1;
51
+ proxy_set_header Upgrade $http_upgrade;
52
+ proxy_set_header Connection "upgrade";
53
+
54
+ # Timeouts
55
+ proxy_connect_timeout 60s;
56
+ proxy_send_timeout 60s;
57
+ proxy_read_timeout 60s;
58
+ }
59
+
60
+ # Health check
61
+ location /health {
62
+ proxy_pass http://fastapi_backend;
63
+ proxy_set_header Host $host;
64
+ proxy_set_header X-Real-IP $remote_addr;
65
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
66
+ proxy_set_header X-Forwarded-Proto $scheme;
67
+ }
68
+
69
+ # Docs and admin routes
70
+ location ~ ^/(docs|redoc|openapi\.json) {
71
+ proxy_pass http://fastapi_backend;
72
+ proxy_set_header Host $host;
73
+ proxy_set_header X-Real-IP $remote_addr;
74
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
75
+ proxy_set_header X-Forwarded-Proto $scheme;
76
+ }
77
+
78
+ # Root and HTML files
79
+ location / {
80
+ # Try static file first, then proxy to FastAPI
81
+ try_files $uri $uri/ @fastapi;
82
+ }
83
+
84
+ # FastAPI fallback
85
+ location @fastapi {
86
+ proxy_pass http://fastapi_backend;
87
+ proxy_set_header Host $host;
88
+ proxy_set_header X-Real-IP $remote_addr;
89
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
90
+ proxy_set_header X-Forwarded-Proto $scheme;
91
+
92
+ # Handle large uploads
93
+ proxy_request_buffering off;
94
+ proxy_buffering off;
95
+ }
96
+
97
+ # Error pages
98
+ error_page 404 /static/404.html;
99
+ error_page 500 502 503 504 /static/50x.html;
100
+
101
+ # Logging
102
+ access_log /var/log/nginx/access.log;
103
+ error_log /var/log/nginx/error.log;
104
+ }
105
+
106
+ # HTTPS server (uncomment and configure for production)
107
+ # server {
108
+ # listen 443 ssl http2;
109
+ # server_name localhost;
110
+ #
111
+ # ssl_certificate /etc/nginx/ssl/cert.pem;
112
+ # ssl_certificate_key /etc/nginx/ssl/key.pem;
113
+ #
114
+ # # SSL configuration
115
+ # ssl_protocols TLSv1.2 TLSv1.3;
116
+ # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
117
+ # ssl_prefer_server_ciphers off;
118
+ #
119
+ # # Include the same location blocks as above
120
+ # include /etc/nginx/conf.d/common-locations.conf;
121
+ # }