Fix development nginx configuration with password protection
- Created clean dev nginx.conf based on working prod version - Adapted backend service names (backend-dev) - Replaced static file serving with React Dev Server proxying - Added htpasswd authentication for /moderation routes Testing confirms: ✅ Homepage accessible (200 OK) ✅ Moderation page protected (401 Unauthorized) ✅ Moderation API protected (401 Unauthorized) ✅ Upload functionality working (single + batch)
This commit is contained in:
parent
3845de92a6
commit
71f1a2da82
|
|
@ -1,260 +1,98 @@
|
|||
events {server {
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
worker_connections 1024; listen 80;
|
||||
|
||||
} server_name localhost;
|
||||
|
||||
client_max_body_size 200M;
|
||||
|
||||
http {
|
||||
|
||||
include /etc/nginx/mime.types; # API proxy to development backend
|
||||
|
||||
default_type application/octet-stream; # Upload endpoint
|
||||
|
||||
location /api/upload {
|
||||
|
||||
# Logging proxy_pass http://backend-dev:5000/upload/;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' proxy_set_header Host $host;
|
||||
|
||||
'$status $body_bytes_sent "$http_referer" ' proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
'"$http_user_agent" "$http_x_forwarded_for"'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
access_log /var/log/nginx/access.log main; client_max_body_size 100M;
|
||||
|
||||
error_log /var/log/nginx/error.log warn; }
|
||||
|
||||
|
||||
|
||||
# Gzip Settings # Download original images
|
||||
|
||||
gzip on; # Handle POST requests to upload endpoint
|
||||
|
||||
gzip_vary on; location /api/upload {
|
||||
|
||||
gzip_min_length 1024; proxy_pass http://backend-dev:5000/upload;
|
||||
|
||||
gzip_proxied any; proxy_set_header Host $host;
|
||||
|
||||
gzip_comp_level 6; proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
gzip_types proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
text/plain proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
text/css proxy_set_header Content-Type $content_type;
|
||||
|
||||
text/xml client_max_body_size 100M;
|
||||
|
||||
text/javascript }
|
||||
|
||||
application/json
|
||||
|
||||
application/javascript # Preview/thumbnail images (optimized for gallery views)
|
||||
|
||||
application/xml+rss location /api/download {
|
||||
|
||||
application/atom+xml proxy_pass http://backend-dev:5000/download;
|
||||
|
||||
image/svg+xml; proxy_set_header Host $host;
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
# Server Config proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
server { proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
listen 80; }
|
||||
|
||||
|
||||
|
||||
# Allow large uploads (50MB) location /api/previews {
|
||||
|
||||
client_max_body_size 50M; proxy_pass http://backend-dev:5000/previews;
|
||||
# Allow large uploads (50MB)
|
||||
client_max_body_size 50M;
|
||||
|
||||
# API proxy to backend-dev service
|
||||
location /upload {
|
||||
proxy_pass http://backend-dev:5000;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
# API proxy to backend-dev service proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
location /upload { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_pass http://backend-dev:5000; proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
proxy_set_header Host $host; }
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Add groups endpoint
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme; location /api/groups {
|
||||
|
||||
proxy_pass http://backend-dev:5000/groups;
|
||||
|
||||
# Allow large uploads for API too proxy_set_header Host $host;
|
||||
|
||||
client_max_body_size 50M; proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# API routes for new multi-upload features }
|
||||
|
||||
location /api/upload {
|
||||
|
||||
proxy_pass http://backend-dev:5000/upload; # Groups API
|
||||
|
||||
proxy_set_header Host $host; location /api/groups {
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/groups;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
# Allow large uploads for batch upload proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
client_max_body_size 100M; }
|
||||
|
||||
# Allow large uploads for API too
|
||||
client_max_body_size 50M;
|
||||
}
|
||||
|
||||
# Moderation Groups API (PASSWORD PROTECTED)
|
||||
|
||||
# API - Download original images location /moderation/groups {
|
||||
|
||||
location /api/download { auth_basic "Restricted Area - Moderation API";
|
||||
|
||||
proxy_pass http://backend-dev:5000/download; auth_basic_user_file /etc/nginx/.htpasswd;
|
||||
|
||||
# API routes for new multi-upload features
|
||||
location /api/upload {
|
||||
proxy_pass http://backend-dev:5000/upload;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/moderation/groups;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# API - Preview/thumbnail images (optimized for gallery views) }
|
||||
# Allow large uploads for batch upload
|
||||
client_max_body_size 100M;
|
||||
}
|
||||
|
||||
# API - Download original images
|
||||
location /api/download {
|
||||
proxy_pass http://backend-dev:5000/download;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# API - Preview/thumbnail images (optimized for gallery views)
|
||||
location /api/previews {
|
||||
|
||||
proxy_pass http://backend-dev:5000/previews; # Groups dynamic routes
|
||||
|
||||
proxy_set_header Host $host; location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ {
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_pass http://backend-dev:5000/previews;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# API - Groups (NO PASSWORD PROTECTION) }
|
||||
|
||||
# API - Groups (NO PASSWORD PROTECTION)
|
||||
location /api/groups {
|
||||
|
||||
proxy_pass http://backend-dev:5000/groups; # Legacy download endpoint (backwards compatibility)
|
||||
|
||||
proxy_set_header Host $host; location /download {
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/download;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_pass http://backend-dev:5000/groups;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Protected API - Moderation API routes (password protected) - must come before /groups }
|
||||
|
||||
# Protected API - Moderation API routes (password protected) - must come before /groups
|
||||
location /moderation/groups {
|
||||
auth_basic "Restricted Area - Moderation API";
|
||||
auth_basic_user_file /etc/nginx/.htpasswd;
|
||||
|
||||
auth_basic "Restricted Area - Moderation API"; # WebSocket support for hot reloading (React Dev Server)
|
||||
|
||||
auth_basic_user_file /etc/nginx/.htpasswd; location /ws {
|
||||
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
|
||||
proxy_pass http://backend-dev:5000/moderation/groups; proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade;
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr; proxy_set_header Connection "Upgrade";
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_pass http://backend-dev:5000/moderation/groups;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# API - Groups API routes (NO PASSWORD PROTECTION)
|
||||
|
||||
location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ { # Protected Frontend Routes - Moderation Pages (PASSWORD PROTECTED)
|
||||
|
||||
proxy_pass http://backend-dev:5000; location /moderation {
|
||||
|
||||
proxy_set_header Host $host; auth_basic "Restricted Area - Moderation";
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr; auth_basic_user_file /etc/nginx/.htpasswd;
|
||||
|
||||
location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ {
|
||||
proxy_pass http://backend-dev:5000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:3000;
|
||||
|
||||
} proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
|
||||
location /download { proxy_set_header Connection "Upgrade";
|
||||
|
||||
proxy_pass http://backend-dev:5000; proxy_set_header Host $host;
|
||||
|
||||
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
} # All other requests go to React Dev Server for Hot Module Reloading
|
||||
location /download {
|
||||
proxy_pass http://backend-dev:5000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
location / {
|
||||
|
||||
# Frontend page - Groups overview (NO PASSWORD PROTECTION) - React Dev Server proxy_pass http://127.0.0.1:3000;
|
||||
|
||||
location /groups { proxy_http_version 1.1;
|
||||
|
||||
proxy_pass http://127.0.0.1:3000; proxy_set_header Upgrade $http_upgrade;
|
||||
|
||||
proxy_http_version 1.1; proxy_set_header Connection "Upgrade";
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade; proxy_set_header Host $host;
|
||||
|
||||
proxy_set_header Connection "Upgrade"; proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr; }
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}
|
||||
# Frontend page - Groups overview (NO PASSWORD PROTECTION) - React Dev Server
|
||||
location /groups {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
# Protected routes - Moderation (password protected) - React Dev Server
|
||||
|
|
@ -282,7 +120,7 @@ http {
|
|||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
# All other requests go to React Dev Server for Hot Module Reloading
|
||||
# Frontend files - React Dev Server
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
proxy_http_version 1.1;
|
||||
|
|
@ -297,5 +135,4 @@ http {
|
|||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user