hobbyhimmel/Project-Image-Uploader
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix development nginx configuration with password protection

Browse Source 
- Created clean dev nginx.conf based on working prod version
- Adapted backend service names (backend-dev)
- Replaced static file serving with React Dev Server proxying
- Added htpasswd authentication for /moderation routes

Testing confirms:
 Homepage accessible (200 OK)
 Moderation page protected (401 Unauthorized)
 Moderation API protected (401 Unauthorized)
 Upload functionality working (single + batch)
This commit is contained in:
Matthias Lotz 2025-11-07 17:27:45 +01:00
parent 3845de92a6
commit 71f1a2da82
1 changed files with 134 additions and 297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

431
docker/dev/frontend/nginx.conf
View File

@ -1,301 +1,138 @@
events {server { server {
listen 80;
worker_connections 1024; listen 80;
} server_name localhost;
client_max_body_size 200M;
http {
include /etc/nginx/mime.types; # API proxy to development backend
default_type application/octet-stream; # Upload endpoint
location /api/upload {
# Logging proxy_pass http://backend-dev:5000/upload/;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' proxy_set_header Host $host;
'$status $body_bytes_sent "$http_referer" ' proxy_set_header X-Real-IP $remote_addr;
'"$http_user_agent" "$http_x_forwarded_for"'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /var/log/nginx/access.log main; client_max_body_size 100M;
error_log /var/log/nginx/error.log warn; }
# Allow large uploads (50MB)
# Gzip Settings # Download original images client_max_body_size 50M;
gzip on; # Handle POST requests to upload endpoint # API proxy to backend-dev service
location /upload {
gzip_vary on; location /api/upload { proxy_pass http://backend-dev:5000;
proxy_set_header Host $host;
gzip_min_length 1024; proxy_pass http://backend-dev:5000/upload; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
gzip_proxied any; proxy_set_header Host $host;
gzip_comp_level 6; proxy_set_header X-Real-IP $remote_addr;
gzip_types proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
text/plain proxy_set_header X-Forwarded-Proto $scheme;
text/css proxy_set_header Content-Type $content_type;
text/xml client_max_body_size 100M;
text/javascript }
application/json
application/javascript # Preview/thumbnail images (optimized for gallery views)
application/xml+rss location /api/download {
application/atom+xml proxy_pass http://backend-dev:5000/download;
image/svg+xml; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# Server Config proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
server { proxy_set_header X-Forwarded-Proto $scheme;
listen 80; }
# Allow large uploads (50MB) location /api/previews {
client_max_body_size 50M; proxy_pass http://backend-dev:5000/previews;
proxy_set_header Host $host;
# API proxy to backend-dev service proxy_set_header X-Real-IP $remote_addr;
location /upload { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backend-dev:5000; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host; }
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Add groups endpoint
proxy_set_header X-Forwarded-Proto $scheme; location /api/groups {
proxy_pass http://backend-dev:5000/groups;
# Allow large uploads for API too proxy_set_header Host $host;
client_max_body_size 50M; proxy_set_header X-Real-IP $remote_addr;
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# API routes for new multi-upload features }
location /api/upload {
proxy_pass http://backend-dev:5000/upload; # Groups API
proxy_set_header Host $host; location /api/groups {
proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/groups;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Allow large uploads for batch upload proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100M; }
}
# Moderation Groups API (PASSWORD PROTECTED)
# API - Download original images location /moderation/groups {
location /api/download { auth_basic "Restricted Area - Moderation API";
proxy_pass http://backend-dev:5000/download; auth_basic_user_file /etc/nginx/.htpasswd;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/moderation/groups;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
# API - Preview/thumbnail images (optimized for gallery views) }
location /api/previews {
proxy_pass http://backend-dev:5000/previews; # Groups dynamic routes
proxy_set_header Host $host; location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ {
proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# API - Groups (NO PASSWORD PROTECTION) }
location /api/groups {
proxy_pass http://backend-dev:5000/groups; # Legacy download endpoint (backwards compatibility)
proxy_set_header Host $host; location /download {
proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/download;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Protected API - Moderation API routes (password protected) - must come before /groups }
location /moderation/groups {
auth_basic "Restricted Area - Moderation API"; # WebSocket support for hot reloading (React Dev Server)
auth_basic_user_file /etc/nginx/.htpasswd; location /ws {
proxy_pass http://127.0.0.1:3000;
proxy_pass http://backend-dev:5000/moderation/groups; proxy_http_version 1.1;
proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# API - Groups API routes (NO PASSWORD PROTECTION)
location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ { # Protected Frontend Routes - Moderation Pages (PASSWORD PROTECTED)
proxy_pass http://backend-dev:5000; location /moderation {
proxy_set_header Host $host; auth_basic "Restricted Area - Moderation";
proxy_set_header X-Real-IP $remote_addr; auth_basic_user_file /etc/nginx/.htpasswd;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:3000;
} proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
location /download { proxy_set_header Connection "Upgrade";
proxy_pass http://backend-dev:5000; proxy_set_header Host $host;
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
proxy_set_header X-Forwarded-Proto $scheme;
} # All other requests go to React Dev Server for Hot Module Reloading
location / {
# Frontend page - Groups overview (NO PASSWORD PROTECTION) - React Dev Server proxy_pass http://127.0.0.1:3000;
location /groups { proxy_http_version 1.1;
proxy_pass http://127.0.0.1:3000; proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1; proxy_set_header Connection "Upgrade";
proxy_set_header Upgrade $http_upgrade; proxy_set_header Host $host;
proxy_set_header Connection "Upgrade"; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr; }
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}
}
# Protected routes - Moderation (password protected) - React Dev Server # Allow large uploads for API too
location /moderation { client_max_body_size 50M;
auth_basic "Restricted Area - Moderation";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# WebSocket support for hot reloading (React Dev Server)
location /ws {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# All other requests go to React Dev Server for Hot Module Reloading
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
} }
}
# API routes for new multi-upload features
location /api/upload {
proxy_pass http://backend-dev:5000/upload;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Allow large uploads for batch upload
client_max_body_size 100M;
}
# API - Download original images
location /api/download {
proxy_pass http://backend-dev:5000/download;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# API - Preview/thumbnail images (optimized for gallery views)
location /api/previews {
proxy_pass http://backend-dev:5000/previews;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# API - Groups (NO PASSWORD PROTECTION)
location /api/groups {
proxy_pass http://backend-dev:5000/groups;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Protected API - Moderation API routes (password protected) - must come before /groups
location /moderation/groups {
auth_basic "Restricted Area - Moderation API";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://backend-dev:5000/moderation/groups;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# API - Groups API routes (NO PASSWORD PROTECTION)
location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ {
proxy_pass http://backend-dev:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /download {
proxy_pass http://backend-dev:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Frontend page - Groups overview (NO PASSWORD PROTECTION) - React Dev Server
location /groups {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Protected routes - Moderation (password protected) - React Dev Server
location /moderation {
auth_basic "Restricted Area - Moderation";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# WebSocket support for hot reloading (React Dev Server)
location /ws {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Frontend files - React Dev Server
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}