bunker-admin
776aa6fbac
The generated api.conf and services.conf we edited earlier were overwritten at container startup by envsubst from *.template files. Fix the actual templates: - api.conf.template: X-Forwarded-For → $remote_addr, add limit_req - services.conf.template: add frame-ancestors CSP after proxy_hide_header - Add Prisma migration file for ticket_tiers.reserved_count Bunker Admin
42 lines
1.4 KiB
Plaintext
42 lines
1.4 KiB
Plaintext
server {
|
|
listen 80;
|
|
server_name api.${DOMAIN};
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
|
|
# Media API endpoints (must come BEFORE / for longest prefix match)
|
|
# Uses variable proxy_pass for runtime DNS resolution after container restarts
|
|
location /media/ {
|
|
limit_req zone=api_global burst=60 nodelay;
|
|
set $upstream_media http://changemaker-media-api:4100;
|
|
rewrite ^/media/(.*) /api/$1 break;
|
|
proxy_pass $upstream_media;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# Large upload support
|
|
client_max_body_size 10G;
|
|
proxy_read_timeout 3600s;
|
|
proxy_connect_timeout 75s;
|
|
proxy_request_buffering off;
|
|
|
|
# WebSocket support
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
}
|
|
|
|
# Main API (Express)
|
|
location / {
|
|
limit_req zone=api_global burst=60 nodelay;
|
|
set $upstream_api http://changemaker-v2-api:4000;
|
|
proxy_pass $upstream_api;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_read_timeout 300s;
|
|
proxy_connect_timeout 75s;
|
|
}
|
|
}
|