events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; # Logging log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; error_log /var/log/nginx/error.log warn; # Gzip Settings gzip on; gzip_vary on; gzip_min_length 1024; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/atom+xml image/svg+xml; # Server Config server { listen 80; # Allow large uploads (50MB) client_max_body_size 50M; # Generic API proxy for all backend endpoints under /api/ # This mirrors the dev setup: forward everything under /api/ to the backend service location /api/ { proxy_pass http://image-uploader-backend:5000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Allow large uploads for batch upload endpoints client_max_body_size 100M; } # Protected API - Moderation API routes (password protected) - must come before /groups # Keep this route protected and proxy to backend if moderation endpoints exist there. location /moderation/groups { auth_basic "Restricted Area - Moderation API"; auth_basic_user_file /etc/nginx/.htpasswd; proxy_pass http://image-uploader-backend:5000/moderation/groups; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # API - Groups API routes (NO PASSWORD PROTECTION) location ~ ^/groups/[a-zA-Z0-9_-]+(/.*)?$ { proxy_pass http://image-uploader-backend:5000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /download { proxy_pass http://image-uploader-backend:5000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Frontend page - Groups overview (NO PASSWORD PROTECTION) location /groups { root /usr/share/nginx/html; index index.html index.htm; try_files $uri $uri/ /index.html; expires -1; # Prevent indexing add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always; } # Protected routes - Moderation (password protected) location /moderation { auth_basic "Restricted Area - Moderation"; auth_basic_user_file /etc/nginx/.htpasswd; root /usr/share/nginx/html; index index.html index.htm; try_files $uri $uri/ /index.html; expires -1; # Prevent indexing add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always; } # Frontend files location / { root /usr/share/nginx/html; index index.html index.htm; try_files $uri $uri/ /index.html; expires -1; # Set it to different value depending on your standard requirements } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } }