Spaces:
Paused
Paused
| # Nginx configuration for Legal Dashboard | |
| upstream fastapi_backend { | |
| server legal-dashboard:8000; | |
| } | |
| # Rate limiting | |
| limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; | |
| limit_req_zone $binary_remote_addr zone=upload:10m rate=2r/s; | |
| server { | |
| listen 80; | |
| server_name _; | |
| # Security headers | |
| add_header X-Frame-Options "SAMEORIGIN" always; | |
| add_header X-Content-Type-Options "nosniff" always; | |
| add_header X-XSS-Protection "1; mode=block" always; | |
| add_header Referrer-Policy "strict-origin-when-cross-origin" always; | |
| add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self';" always; | |
| # Logging | |
| access_log /var/log/nginx/access.log; | |
| error_log /var/log/nginx/error.log; | |
| # Client max body size for file uploads | |
| client_max_body_size 50M; | |
| # Gzip compression | |
| gzip on; | |
| gzip_vary on; | |
| gzip_min_length 1024; | |
| gzip_proxied any; | |
| gzip_comp_level 6; | |
| gzip_types | |
| text/plain | |
| text/css | |
| text/xml | |
| text/javascript | |
| application/json | |
| application/javascript | |
| application/xml+rss | |
| application/atom+xml | |
| image/svg+xml; | |
| # API endpoints with rate limiting | |
| location /api/ { | |
| limit_req zone=api burst=20 nodelay; | |
| proxy_pass http://fastapi_backend; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| # Timeouts | |
| proxy_connect_timeout 60s; | |
| proxy_send_timeout 60s; | |
| proxy_read_timeout 60s; | |
| # Buffer settings | |
| proxy_buffering on; | |
| proxy_buffer_size 4k; | |
| proxy_buffers 8 4k; | |
| } | |
| # File upload endpoint with stricter rate limiting | |
| location /api/documents/upload { | |
| limit_req zone=upload burst=5 nodelay; | |
| proxy_pass http://fastapi_backend; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| # Longer timeout for file uploads | |
| proxy_connect_timeout 300s; | |
| proxy_send_timeout 300s; | |
| proxy_read_timeout 300s; | |
| } | |
| # Static files caching | |
| location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { | |
| expires 1y; | |
| add_header Cache-Control "public, immutable"; | |
| proxy_pass http://fastapi_backend; | |
| } | |
| # Health check endpoint | |
| location /api/health { | |
| access_log off; | |
| proxy_pass http://fastapi_backend; | |
| proxy_set_header Host $host; | |
| } | |
| # Default location | |
| location / { | |
| proxy_pass http://fastapi_backend; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| } | |
| # Error pages | |
| error_page 404 /404.html; | |
| error_page 500 502 503 504 /50x.html; | |
| location = /50x.html { | |
| root /usr/share/nginx/html; | |
| } | |
| } | |
| # HTTPS configuration (uncomment and configure SSL certificates) | |
| # server { | |
| # listen 443 ssl http2; | |
| # server_name your-domain.com; | |
| # | |
| # ssl_certificate /etc/nginx/ssl/cert.pem; | |
| # ssl_certificate_key /etc/nginx/ssl/key.pem; | |
| # ssl_protocols TLSv1.2 TLSv1.3; | |
| # ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384; | |
| # ssl_prefer_server_ciphers off; | |
| # | |
| # # Same configuration as above | |
| # # ... (copy the location blocks from above) | |
| # } |