events {server { worker_connections 1024; listen 80; } server_name localhost; client_max_body_size 200M; http { include /etc/nginx/mime.types; # API proxy to development backend default_type application/octet-stream; # Upload endpoint location /api/upload { # Logging proxy_pass http://backend-dev:5000/upload/; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' proxy_set_header Host $host; '$status $body_bytes_sent "$http_referer" ' proxy_set_header X-Real-IP $remote_addr; '"$http_user_agent" "$http_x_forwarded_for"'; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; access_log /var/log/nginx/access.log main; client_max_body_size 100M; error_log /var/log/nginx/error.log warn; } # Gzip Settings # Download original images gzip on; # Handle POST requests to upload endpoint gzip_vary on; location /api/upload { gzip_min_length 1024; proxy_pass http://backend-dev:5000/upload; gzip_proxied any; proxy_set_header Host $host; gzip_comp_level 6; proxy_set_header X-Real-IP $remote_addr; gzip_types proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; text/plain proxy_set_header X-Forwarded-Proto $scheme; text/css proxy_set_header Content-Type $content_type; text/xml client_max_body_size 100M; text/javascript } application/json application/javascript # Preview/thumbnail images (optimized for gallery views) application/xml+rss location /api/download { application/atom+xml proxy_pass http://backend-dev:5000/download; image/svg+xml; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; # Server Config proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; server { proxy_set_header X-Forwarded-Proto $scheme; listen 80; } # Allow large uploads (50MB) location /api/previews { client_max_body_size 50M; proxy_pass http://backend-dev:5000/previews; proxy_set_header Host $host; # API proxy to backend-dev service proxy_set_header X-Real-IP $remote_addr; location /upload { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend-dev:5000; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; } proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Add groups endpoint proxy_set_header X-Forwarded-Proto $scheme; location /api/groups { proxy_pass http://backend-dev:5000/groups; # Allow large uploads for API too proxy_set_header Host $host; client_max_body_size 50M; proxy_set_header X-Real-IP $remote_addr; } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # API routes for new multi-upload features } location /api/upload { proxy_pass http://backend-dev:5000/upload; # Groups API proxy_set_header Host $host; location /api/groups { proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/groups; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Allow large uploads for batch upload proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 100M; } } # Moderation Groups API (PASSWORD PROTECTED) # API - Download original images location /moderation/groups { location /api/download { auth_basic "Restricted Area - Moderation API"; proxy_pass http://backend-dev:5000/download; auth_basic_user_file /etc/nginx/.htpasswd; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/moderation/groups; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # API - Preview/thumbnail images (optimized for gallery views) } location /api/previews { proxy_pass http://backend-dev:5000/previews; # Groups dynamic routes proxy_set_header Host $host; location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ { proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # API - Groups (NO PASSWORD PROTECTION) } location /api/groups { proxy_pass http://backend-dev:5000/groups; # Legacy download endpoint (backwards compatibility) proxy_set_header Host $host; location /download { proxy_set_header X-Real-IP $remote_addr; proxy_pass http://backend-dev:5000/download; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Protected API - Moderation API routes (password protected) - must come before /groups } location /moderation/groups { auth_basic "Restricted Area - Moderation API"; # WebSocket support for hot reloading (React Dev Server) auth_basic_user_file /etc/nginx/.htpasswd; location /ws { proxy_pass http://127.0.0.1:3000; proxy_pass http://backend-dev:5000/moderation/groups; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # API - Groups API routes (NO PASSWORD PROTECTION) location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ { # Protected Frontend Routes - Moderation Pages (PASSWORD PROTECTED) proxy_pass http://backend-dev:5000; location /moderation { proxy_set_header Host $host; auth_basic "Restricted Area - Moderation"; proxy_set_header X-Real-IP $remote_addr; auth_basic_user_file /etc/nginx/.htpasswd; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:3000; } proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; location /download { proxy_set_header Connection "Upgrade"; proxy_pass http://backend-dev:5000; proxy_set_header Host $host; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } proxy_set_header X-Forwarded-Proto $scheme; } # All other requests go to React Dev Server for Hot Module Reloading location / { # Frontend page - Groups overview (NO PASSWORD PROTECTION) - React Dev Server proxy_pass http://127.0.0.1:3000; location /groups { proxy_http_version 1.1; proxy_pass http://127.0.0.1:3000; proxy_set_header Upgrade $http_upgrade; proxy_http_version 1.1; proxy_set_header Connection "Upgrade"; proxy_set_header Upgrade $http_upgrade; proxy_set_header Host $host; proxy_set_header Connection "Upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;} } # Protected routes - Moderation (password protected) - React Dev Server location /moderation { auth_basic "Restricted Area - Moderation"; auth_basic_user_file /etc/nginx/.htpasswd; proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # WebSocket support for hot reloading (React Dev Server) location /ws { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # All other requests go to React Dev Server for Hot Module Reloading location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } }