Files
clube67.com/nginx/default.conf
T

97 lines
2.8 KiB
Plaintext

# ── Upstream: Next.js frontend ──
upstream frontend {
server clube67-frontend:3000;
}
# ── Upstream: Express API backend ──
upstream backend {
server clube67-backend:3001;
}
server {
listen 80;
server_name clube67.com www.clube67.com;
# Limite de upload para arquivos
client_max_body_size 10M;
# ── Security Headers ──
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# ── Gzip ──
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 256;
gzip_types
text/plain text/css text/xml text/javascript
application/json application/javascript application/xml
application/rss+xml image/svg+xml font/woff2;
# ── Uploads (static) ──
location /uploads/ {
alias /www/wwwroot/clube67.com/uploads/;
expires 30d;
add_header Cache-Control "public, immutable";
access_log off;
}
# ── API proxy ──
location /api/ {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
autoindex off;
}
# ── WebSocket ──
location /socket.io/ {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400s;
}
# ── Next.js static assets ──
location /_next/static/ {
proxy_pass http://frontend;
expires 365d;
add_header Cache-Control "public, immutable";
access_log off;
}
# ── Frontend (catch-all) ──
location / {
proxy_pass http://frontend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# ── Disable hidden files ──
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
}