From 71f1a2da8219f8571bfaf2f51f1218dcfef0c462 Mon Sep 17 00:00:00 2001 From: "matthias.lotz" Date: Fri, 7 Nov 2025 17:27:45 +0100 Subject: [PATCH] Fix development nginx configuration with password protection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Created clean dev nginx.conf based on working prod version - Adapted backend service names (backend-dev) - Replaced static file serving with React Dev Server proxying - Added htpasswd authentication for /moderation routes Testing confirms: ✅ Homepage accessible (200 OK) ✅ Moderation page protected (401 Unauthorized) ✅ Moderation API protected (401 Unauthorized) ✅ Upload functionality working (single + batch) --- docker/dev/frontend/nginx.conf | 431 ++++++++++----------------------- 1 file changed, 134 insertions(+), 297 deletions(-) diff --git a/docker/dev/frontend/nginx.conf b/docker/dev/frontend/nginx.conf index e8fa78c..5da7c6a 100644 --- a/docker/dev/frontend/nginx.conf +++ b/docker/dev/frontend/nginx.conf @@ -1,301 +1,138 @@ -events {server { - - worker_connections 1024; listen 80; - -} server_name localhost; - - client_max_body_size 200M; - -http { - - include /etc/nginx/mime.types; # API proxy to development backend - - default_type application/octet-stream; # Upload endpoint - - location /api/upload { - - # Logging proxy_pass http://backend-dev:5000/upload/; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' proxy_set_header Host $host; - - '$status $body_bytes_sent "$http_referer" ' proxy_set_header X-Real-IP $remote_addr; - - '"$http_user_agent" "$http_x_forwarded_for"'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - access_log /var/log/nginx/access.log main; client_max_body_size 100M; - - error_log /var/log/nginx/error.log warn; } - +server { + listen 80; - - # Gzip Settings # Download original images - - gzip on; # Handle POST requests to upload endpoint - - gzip_vary on; location /api/upload { - - gzip_min_length 1024; proxy_pass http://backend-dev:5000/upload; - - gzip_proxied any; proxy_set_header Host $host; - - gzip_comp_level 6; proxy_set_header X-Real-IP $remote_addr; - - gzip_types proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - text/plain proxy_set_header X-Forwarded-Proto $scheme; - - text/css proxy_set_header Content-Type $content_type; - - text/xml client_max_body_size 100M; - - text/javascript } - - application/json - - application/javascript # Preview/thumbnail images (optimized for gallery views) - - application/xml+rss location /api/download { - - application/atom+xml proxy_pass http://backend-dev:5000/download; - - image/svg+xml; proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; - - # Server Config proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - server { proxy_set_header X-Forwarded-Proto $scheme; - - listen 80; } - - - - # Allow large uploads (50MB) location /api/previews { - - client_max_body_size 50M; proxy_pass http://backend-dev:5000/previews; - - proxy_set_header Host $host; - - # API proxy to backend-dev service proxy_set_header X-Real-IP $remote_addr; - - location /upload { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_pass http://backend-dev:5000; proxy_set_header X-Forwarded-Proto $scheme; - - proxy_set_header Host $host; } - - proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Add groups endpoint - - proxy_set_header X-Forwarded-Proto $scheme; location /api/groups { - - proxy_pass http://backend-dev:5000/groups; - - # Allow large uploads for API too proxy_set_header Host $host; - - client_max_body_size 50M; proxy_set_header X-Real-IP $remote_addr; - - } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - # API routes for new multi-upload features } - - location /api/upload { - - proxy_pass http://backend-dev:5000/upload; # Groups API - - proxy_set_header Host $host; location /api/groups { - - proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/groups; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; - - proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # Allow large uploads for batch upload proxy_set_header X-Forwarded-Proto $scheme; - - client_max_body_size 100M; } - - } - - # Moderation Groups API (PASSWORD PROTECTED) - - # API - Download original images location /moderation/groups { - - location /api/download { auth_basic "Restricted Area - Moderation API"; - - proxy_pass http://backend-dev:5000/download; auth_basic_user_file /etc/nginx/.htpasswd; - - proxy_set_header Host $host; - - proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/moderation/groups; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; - - proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; - - } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - + # Allow large uploads (50MB) + client_max_body_size 50M; + + # API proxy to backend-dev service + location /upload { + proxy_pass http://backend-dev:5000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - - # API - Preview/thumbnail images (optimized for gallery views) } - - location /api/previews { - - proxy_pass http://backend-dev:5000/previews; # Groups dynamic routes - - proxy_set_header Host $host; location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ { - - proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; - - proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; - - } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - # API - Groups (NO PASSWORD PROTECTION) } - - location /api/groups { - - proxy_pass http://backend-dev:5000/groups; # Legacy download endpoint (backwards compatibility) - - proxy_set_header Host $host; location /download { - - proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/download; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; - - proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; - - } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - # Protected API - Moderation API routes (password protected) - must come before /groups } - - location /moderation/groups { - - auth_basic "Restricted Area - Moderation API"; # WebSocket support for hot reloading (React Dev Server) - - auth_basic_user_file /etc/nginx/.htpasswd; location /ws { - - proxy_pass http://127.0.0.1:3000; - - proxy_pass http://backend-dev:5000/moderation/groups; proxy_http_version 1.1; - - proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; - - proxy_set_header X-Real-IP $remote_addr; proxy_set_header Connection "Upgrade"; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; - - proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; - - } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - } - - # API - Groups API routes (NO PASSWORD PROTECTION) - - location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ { # Protected Frontend Routes - Moderation Pages (PASSWORD PROTECTED) - - proxy_pass http://backend-dev:5000; location /moderation { - - proxy_set_header Host $host; auth_basic "Restricted Area - Moderation"; - - proxy_set_header X-Real-IP $remote_addr; auth_basic_user_file /etc/nginx/.htpasswd; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:3000; - - } proxy_http_version 1.1; - - proxy_set_header Upgrade $http_upgrade; - - location /download { proxy_set_header Connection "Upgrade"; - - proxy_pass http://backend-dev:5000; proxy_set_header Host $host; - - proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } - - proxy_set_header X-Forwarded-Proto $scheme; - - } # All other requests go to React Dev Server for Hot Module Reloading - - location / { - - # Frontend page - Groups overview (NO PASSWORD PROTECTION) - React Dev Server proxy_pass http://127.0.0.1:3000; - - location /groups { proxy_http_version 1.1; - - proxy_pass http://127.0.0.1:3000; proxy_set_header Upgrade $http_upgrade; - - proxy_http_version 1.1; proxy_set_header Connection "Upgrade"; - - proxy_set_header Upgrade $http_upgrade; proxy_set_header Host $host; - - proxy_set_header Connection "Upgrade"; proxy_set_header X-Real-IP $remote_addr; - - proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Real-IP $remote_addr; } - - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;} - } - # Protected routes - Moderation (password protected) - React Dev Server - location /moderation { - auth_basic "Restricted Area - Moderation"; - auth_basic_user_file /etc/nginx/.htpasswd; - - proxy_pass http://127.0.0.1:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - # WebSocket support for hot reloading (React Dev Server) - location /ws { - proxy_pass http://127.0.0.1:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - # All other requests go to React Dev Server for Hot Module Reloading - location / { - proxy_pass http://127.0.0.1:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } + # Allow large uploads for API too + client_max_body_size 50M; } -} \ No newline at end of file + + # API routes for new multi-upload features + location /api/upload { + proxy_pass http://backend-dev:5000/upload; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Allow large uploads for batch upload + client_max_body_size 100M; + } + + # API - Download original images + location /api/download { + proxy_pass http://backend-dev:5000/download; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # API - Preview/thumbnail images (optimized for gallery views) + location /api/previews { + proxy_pass http://backend-dev:5000/previews; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # API - Groups (NO PASSWORD PROTECTION) + location /api/groups { + proxy_pass http://backend-dev:5000/groups; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # Protected API - Moderation API routes (password protected) - must come before /groups + location /moderation/groups { + auth_basic "Restricted Area - Moderation API"; + auth_basic_user_file /etc/nginx/.htpasswd; + + proxy_pass http://backend-dev:5000/moderation/groups; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # API - Groups API routes (NO PASSWORD PROTECTION) + location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ { + proxy_pass http://backend-dev:5000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /download { + proxy_pass http://backend-dev:5000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # Frontend page - Groups overview (NO PASSWORD PROTECTION) - React Dev Server + location /groups { + proxy_pass http://127.0.0.1:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + # Protected routes - Moderation (password protected) - React Dev Server + location /moderation { + auth_basic "Restricted Area - Moderation"; + auth_basic_user_file /etc/nginx/.htpasswd; + + proxy_pass http://127.0.0.1:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + # WebSocket support for hot reloading (React Dev Server) + location /ws { + proxy_pass http://127.0.0.1:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + # Frontend files - React Dev Server + location / { + proxy_pass http://127.0.0.1:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } +}