From a0994cfffe35984f8b1d17e49f52e027b7965ce4 Mon Sep 17 00:00:00 2001
From: Zac Gaetano <zgaetano@wilddragon.net>
Date: Tue, 7 Apr 2026 21:58:21 -0400
Subject: [PATCH] add services/web-ui/nginx.conf

---
 services/web-ui/nginx.conf | 71 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 services/web-ui/nginx.conf

diff --git a/services/web-ui/nginx.conf b/services/web-ui/nginx.conf
new file mode 100644
index 0000000..de63a91
--- /dev/null
+++ b/services/web-ui/nginx.conf
@@ -0,0 +1,71 @@
+server {
+    listen 80;
+    server_name _;
+
+    # Gzip compression
+    gzip on;
+    gzip_types text/plain text/css text/javascript application/javascript application/json;
+    gzip_min_length 1000;
+
+    # Root location - serve static files
+    root /usr/share/nginx/html;
+
+    # Cache static assets aggressively
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+
+    # HTML files - no cache
+    location ~* \.html?$ {
+        expires -1;
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+    }
+
+    # API proxy - forward to mam-api service
+    location /api/ {
+        proxy_pass http://mam-api:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_buffering off;
+        proxy_request_buffering off;
+    }
+
+    # Capture proxy - forward to capture service
+    location /capture/ {
+        proxy_pass http://capture:3001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_buffering off;
+        proxy_request_buffering off;
+    }
+
+    # SPA fallback - try to serve file, else route to index.html
+    location / {
+        try_files $uri $uri/ /index.html;
+        expires -1;
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+    }
+
+    # Health check endpoint
+    location /health {
+        access_log off;
+        return 200 "healthy\n";
+        add_header Content-Type text/plain;
+    }
+
+    # Deny access to dotfiles
+    location ~ /\. {
+        deny all;
+    }
+}