# Nginx Site Configuration for Tool_OCR upstream backend { server 127.0.0.1:8000; keepalive 32; } server { listen 12015; server_name _; # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; # Root directory for frontend root /app/frontend/dist; index index.html; # Logging access_log /var/log/nginx/tool_ocr_access.log; error_log /var/log/nginx/tool_ocr_error.log; # Backend API proxy location /api/ { proxy_pass http://backend/api/; proxy_http_version 1.1; # Headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Connection ""; # Timeouts proxy_connect_timeout 60s; proxy_send_timeout 300s; proxy_read_timeout 300s; # Buffering proxy_buffering off; proxy_request_buffering off; } # Health check endpoint (backend) location /health { proxy_pass http://backend/health; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Connection ""; } # API docs (backend) location /docs { proxy_pass http://backend/docs; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Connection ""; } location /openapi.json { proxy_pass http://backend/openapi.json; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Connection ""; } # Frontend static files with caching location /assets/ { expires 1y; add_header Cache-Control "public, immutable"; } # Frontend - React Router support (SPA fallback) location / { try_files $uri $uri/ /index.html; expires -1; add_header Cache-Control "no-store, no-cache, must-revalidate"; } # Deny access to hidden files location ~ /\. { deny all; access_log off; log_not_found off; } }