diff --git a/nginx/502.html b/nginx/502.html new file mode 100644 index 00000000..3326012a --- /dev/null +++ b/nginx/502.html @@ -0,0 +1,59 @@ + + + + + + + Service Temporarily Unavailable + + + + +
+
502
+

Service Temporarily Unavailable

+

The server is temporarily unable to service your request. This may be due to maintenance or capacity problems. +

+

Please try again in a few moments.

+
+ + + \ No newline at end of file diff --git a/nginx/conf.d/default.conf b/nginx/conf.d/default.conf new file mode 100644 index 00000000..ef1ab44a --- /dev/null +++ b/nginx/conf.d/default.conf @@ -0,0 +1,67 @@ +# Default server configuration +upstream frappe-bench-frappe { + server backend:8000 fail_timeout=0; +} + +upstream frappe-bench-socketio { + server websocket:9000 fail_timeout=0; +} + +# HTTP server +server { + listen 80; + server_name _; + + root /var/www/html/sites; + + # Health check endpoint + location /health { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + + # Static files + location /assets { + try_files $uri =404; + add_header Cache-Control "max-age=31536000"; + } + + location ~ ^/protected/(.*) { + internal; + try_files /sites/$host/$1 =404; + } + + # Socket.io + location /socket.io { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Frappe-Site-Name $host; + proxy_set_header Origin $scheme://$http_host; + proxy_set_header Host $host; + + proxy_pass http://frappe-bench-socketio; + } + + # Main application + location / { + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frappe-Site-Name $host; + proxy_set_header Host $host; + proxy_set_header X-Use-X-Accel-Redirect True; + proxy_read_timeout 120; + proxy_redirect off; + + proxy_pass http://frappe-bench-frappe; + } + + # Error pages + error_page 502 /502.html; + location = /502.html { + root /usr/share/nginx/html; + internal; + } +} diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 00000000..5c7afe27 --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,43 @@ +# Nginx configuration for Academy LMS +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + client_max_body_size 50M; + + # Gzip compression + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml application/atom+xml image/svg+xml; + + # Security headers + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + + # Include site configurations + include /etc/nginx/conf.d/*.conf; +}