ui/nginx.conf at main · rust-ui/ui · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
# FLOW: Browser → Cloudflare → nginx:80/443 → Rust App:3000
events {
    worker_connections 1024;
}

http {
    include      /etc/nginx/mime.types;
    default_type application/octet-stream;

    access_log /var/log/nginx/access.log;
    error_log  /var/log/nginx/error.log;

    sendfile        on;
    keepalive_timeout 65;


    # ── HTTP (port 80) ───────────────────────────────────────────────────────
    server {
        listen      80;
        server_name rust-ui.com www.rust-ui.com;

        # WASM/JS: always revalidate (no-cache) to prevent payload mismatch on deploy
        location /pkg/ {
            proxy_pass http://app:3000;
            proxy_set_header Host              $host;
            proxy_set_header X-Real-IP         $remote_addr;
            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Connection        "";
            proxy_http_version 1.1;
            add_header Cache-Control "no-cache" always;
        }

        location / {
            proxy_pass http://app:3000;

            proxy_set_header Host              $host;
            proxy_set_header X-Real-IP         $remote_addr;
            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Connection        "";
            proxy_http_version 1.1;

            proxy_connect_timeout 30s;
            proxy_send_timeout    30s;
            proxy_read_timeout    30s;
        }

        location /health {
            access_log off;
            return 200 "healthy\n";
            add_header Content-Type text/plain;
        }
    }


    # ── HTTPS (port 443) ─────────────────────────────────────────────────────
    server {
        listen      443 ssl;
        server_name rust-ui.com www.rust-ui.com;

        # Self-signed cert — Cloudflare terminates public SSL (mode: Full)
        ssl_certificate     /etc/nginx/ssl/nginx-selfsigned.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;
        ssl_protocols       TLSv1.2 TLSv1.3;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        # WASM/JS: always revalidate (no-cache) to prevent payload mismatch on deploy
        location /pkg/ {
            proxy_pass http://app:3000;
            proxy_set_header Host              $host;
            proxy_set_header X-Real-IP         $remote_addr;
            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Connection        "";
            proxy_http_version 1.1;
            add_header Cache-Control "no-cache" always;
        }

        location / {
            proxy_pass http://app:3000;

            proxy_set_header Host              $host;
            proxy_set_header X-Real-IP         $remote_addr;
            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Connection        "";
            proxy_http_version 1.1;

            proxy_connect_timeout 30s;
            proxy_send_timeout    30s;
            proxy_read_timeout    30s;
        }

        location /health {
            access_log off;
            return 200 "healthy\n";
            add_header Content-Type text/plain;
        }
    }


    # ── HTTP — dioxus.rust-ui.com ────────────────────────────────────────────
    server {
        listen      80;
        server_name dioxus.rust-ui.com;

        location / {
            proxy_pass         http://host-gateway:5000;
            proxy_set_header   Host              $host;
            proxy_set_header   X-Real-IP         $remote_addr;
            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
            proxy_set_header   Connection        "";
            proxy_http_version 1.1;
            proxy_connect_timeout 30s;
            proxy_send_timeout    30s;
            proxy_read_timeout    30s;
        }

        location /health {
            access_log off;
            return 200 "healthy\n";
            add_header Content-Type text/plain;
        }
    }


    # ── HTTPS — dioxus.rust-ui.com ───────────────────────────────────────────
    server {
        listen      443 ssl;
        server_name dioxus.rust-ui.com;

        ssl_certificate     /etc/nginx/ssl/nginx-selfsigned.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;
        ssl_protocols       TLSv1.2 TLSv1.3;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        location / {
            proxy_pass         http://host-gateway:5000;
            proxy_set_header   Host              $host;
            proxy_set_header   X-Real-IP         $remote_addr;
            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
            proxy_set_header   Connection        "";
            proxy_http_version 1.1;
            proxy_connect_timeout 30s;
            proxy_send_timeout    30s;
            proxy_read_timeout    30s;
        }

        location /health {
            access_log off;
            return 200 "healthy\n";
            add_header Content-Type text/plain;
        }
    }
}