# nginx.conf für Pfandsystem mit Backend-Proxy events {} http { include mime.types; default_type application/octet-stream; # Größere Upload-Limits client_max_body_size 20M; # HTTP Server (Port 80) server { listen 80; server_name pfandsystem.backdigital.de; root /usr/share/nginx/html; index index.html; # API Proxy zum Backend location /api/ { proxy_pass http://backend:3001/api/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; } # Upload-Dateien vom Backend location /uploads/ { proxy_pass http://backend:3001/uploads/; proxy_http_version 1.1; proxy_set_header Host $host; } # Frontend SPA location / { try_files $uri $uri/ /index.html; } # Manifest und Icons location ~* \.(webmanifest|json|png)$ { add_header Access-Control-Allow-Origin *; try_files $uri =404; } # Statische Assets location ~* \.(js|css|jpg|jpeg|gif|ico|svg|txt|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public"; try_files $uri =404; } # Let's Encrypt ACME Challenge location ^~ /.well-known/acme-challenge/ { root /var/www/certbot; } } # HTTPS Server (Port 443) server { listen 443 ssl; server_name pfandsystem.backdigital.de; root /usr/share/nginx/html; index index.html; ssl_certificate /etc/letsencrypt/live/pfandsystem.backdigital.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/pfandsystem.backdigital.de/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # API Proxy zum Backend location /api/ { proxy_pass http://backend:3001/api/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; } # Upload-Dateien vom Backend location /uploads/ { proxy_pass http://backend:3001/uploads/; proxy_http_version 1.1; proxy_set_header Host $host; } # Frontend SPA location / { try_files $uri $uri/ /index.html; } # Manifest und Icons location ~* \.(webmanifest|json|png)$ { add_header Access-Control-Allow-Origin *; try_files $uri =404; } # Statische Assets location ~* \.(js|css|jpg|jpeg|gif|ico|svg|txt|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public"; try_files $uri =404; } # Let's Encrypt ACME Challenge location ^~ /.well-known/acme-challenge/ { root /var/www/certbot; } } }