server { listen 80; server_name _; # Allow unlimited client upload size client_max_body_size 0; # Gzip compression gzip on; gzip_types text/plain text/css text/javascript application/javascript application/json; gzip_min_length 1000; # Root location - serve static files root /usr/share/nginx/html; # Cache static assets aggressively location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; } # HTML files - no cache location ~* \.html?$ { expires -1; add_header Cache-Control "no-cache, no-store, must-revalidate"; } # API proxy - forward to mam-api service location /api/ { client_max_body_size 0; proxy_pass http://mam-api:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_request_buffering off; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; } # Capture proxy - forward to capture service location /capture/ { proxy_pass http://capture:3001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_request_buffering off; } # SPA fallback - try to serve file, else route to index.html location / { try_files $uri $uri/ /index.html; expires -1; add_header Cache-Control "no-cache, no-store, must-revalidate"; } # Health check endpoint location /health { access_log off; return 200 "healthy\n"; add_header Content-Type text/plain; } # Deny access to dotfiles location ~ /\. { deny all; } }