hobbyhimmel/Project-Image-Uploader
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix development nginx configuration with password protection

Browse Source 
- Created clean dev nginx.conf based on working prod version
- Adapted backend service names (backend-dev)
- Replaced static file serving with React Dev Server proxying
- Added htpasswd authentication for /moderation routes

Testing confirms:
 Homepage accessible (200 OK)
 Moderation page protected (401 Unauthorized)
 Moderation API protected (401 Unauthorized)
 Upload functionality working (single + batch)
This commit is contained in:
Matthias Lotz 2025-11-07 17:27:45 +01:00
parent 3845de92a6
commit 71f1a2da82
1 changed files with 134 additions and 297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

301
docker/dev/frontend/nginx.conf
View File

@ -1,260 +1,98 @@
events {server { server {
listen 80;
worker_connections 1024; listen 80; # Allow large uploads (50MB)
client_max_body_size 50M;
} server_name localhost;
client_max_body_size 200M;
http {
include /etc/nginx/mime.types; # API proxy to development backend
default_type application/octet-stream; # Upload endpoint
location /api/upload {
# Logging proxy_pass http://backend-dev:5000/upload/;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' proxy_set_header Host $host;
'$status $body_bytes_sent "$http_referer" ' proxy_set_header X-Real-IP $remote_addr;
'"$http_user_agent" "$http_x_forwarded_for"'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /var/log/nginx/access.log main; client_max_body_size 100M;
error_log /var/log/nginx/error.log warn; }
# Gzip Settings # Download original images
gzip on; # Handle POST requests to upload endpoint
gzip_vary on; location /api/upload {
gzip_min_length 1024; proxy_pass http://backend-dev:5000/upload;
gzip_proxied any; proxy_set_header Host $host;
gzip_comp_level 6; proxy_set_header X-Real-IP $remote_addr;
gzip_types proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
text/plain proxy_set_header X-Forwarded-Proto $scheme;
text/css proxy_set_header Content-Type $content_type;
text/xml client_max_body_size 100M;
text/javascript }
application/json
application/javascript # Preview/thumbnail images (optimized for gallery views)
application/xml+rss location /api/download {
application/atom+xml proxy_pass http://backend-dev:5000/download;
image/svg+xml; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# Server Config proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
server { proxy_set_header X-Forwarded-Proto $scheme;
listen 80; }
# Allow large uploads (50MB) location /api/previews {
client_max_body_size 50M; proxy_pass http://backend-dev:5000/previews;
# API proxy to backend-dev service
location /upload {
proxy_pass http://backend-dev:5000;
proxy_set_header Host $host; proxy_set_header Host $host;
# API proxy to backend-dev service proxy_set_header X-Real-IP $remote_addr;
location /upload { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backend-dev:5000; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host; }
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Add groups endpoint
proxy_set_header X-Forwarded-Proto $scheme; location /api/groups {
proxy_pass http://backend-dev:5000/groups;
# Allow large uploads for API too proxy_set_header Host $host;
client_max_body_size 50M; proxy_set_header X-Real-IP $remote_addr;
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
# API routes for new multi-upload features } # Allow large uploads for API too
client_max_body_size 50M;
location /api/upload {
proxy_pass http://backend-dev:5000/upload; # Groups API
proxy_set_header Host $host; location /api/groups {
proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/groups;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Allow large uploads for batch upload proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100M; }
} }
# Moderation Groups API (PASSWORD PROTECTED) # API routes for new multi-upload features
location /api/upload {
# API - Download original images location /moderation/groups { proxy_pass http://backend-dev:5000/upload;
location /api/download { auth_basic "Restricted Area - Moderation API";
proxy_pass http://backend-dev:5000/download; auth_basic_user_file /etc/nginx/.htpasswd;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/moderation/groups; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
# API - Preview/thumbnail images (optimized for gallery views) } # Allow large uploads for batch upload
client_max_body_size 100M;
}
# API - Download original images
location /api/download {
proxy_pass http://backend-dev:5000/download;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# API - Preview/thumbnail images (optimized for gallery views)
location /api/previews { location /api/previews {
proxy_pass http://backend-dev:5000/previews;
proxy_pass http://backend-dev:5000/previews; # Groups dynamic routes proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host; location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
}
# API - Groups (NO PASSWORD PROTECTION) } # API - Groups (NO PASSWORD PROTECTION)
location /api/groups { location /api/groups {
proxy_pass http://backend-dev:5000/groups;
proxy_pass http://backend-dev:5000/groups; # Legacy download endpoint (backwards compatibility) proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host; location /download { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/download;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
}
# Protected API - Moderation API routes (password protected) - must come before /groups } # Protected API - Moderation API routes (password protected) - must come before /groups
location /moderation/groups { location /moderation/groups {
auth_basic "Restricted Area - Moderation API";
auth_basic_user_file /etc/nginx/.htpasswd;
auth_basic "Restricted Area - Moderation API"; # WebSocket support for hot reloading (React Dev Server) proxy_pass http://backend-dev:5000/moderation/groups;
proxy_set_header Host $host;
auth_basic_user_file /etc/nginx/.htpasswd; location /ws { proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:3000; proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://backend-dev:5000/moderation/groups; proxy_http_version 1.1;
proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} }
# API - Groups API routes (NO PASSWORD PROTECTION) # API - Groups API routes (NO PASSWORD PROTECTION)
location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ {
location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ { # Protected Frontend Routes - Moderation Pages (PASSWORD PROTECTED) proxy_pass http://backend-dev:5000;
proxy_set_header Host $host;
proxy_pass http://backend-dev:5000; location /moderation { proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host; auth_basic "Restricted Area - Moderation";
proxy_set_header X-Real-IP $remote_addr; auth_basic_user_file /etc/nginx/.htpasswd;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:3000;
} proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
location /download { proxy_set_header Connection "Upgrade";
proxy_pass http://backend-dev:5000; proxy_set_header Host $host;
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
}
} # All other requests go to React Dev Server for Hot Module Reloading location /download {
proxy_pass http://backend-dev:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / { # Frontend page - Groups overview (NO PASSWORD PROTECTION) - React Dev Server
location /groups {
# Frontend page - Groups overview (NO PASSWORD PROTECTION) - React Dev Server proxy_pass http://127.0.0.1:3000; proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
location /groups { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://127.0.0.1:3000; proxy_set_header Upgrade $http_upgrade; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Host $host;
proxy_set_header Connection "Upgrade"; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr; }
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}
} }
# Protected routes - Moderation (password protected) - React Dev Server # Protected routes - Moderation (password protected) - React Dev Server
@ -282,7 +120,7 @@ http {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} }
# All other requests go to React Dev Server for Hot Module Reloading # Frontend files - React Dev Server
location / { location / {
proxy_pass http://127.0.0.1:3000; proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1; proxy_http_version 1.1;
@ -298,4 +136,3 @@ http {
root /usr/share/nginx/html; root /usr/share/nginx/html;
} }
} }
}