andrei/maternal-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c22fa82521472dfe23fb15e558f2700245907bdb
maternal-app/nginx/sites-enabled/parentflowapp.conf
Andrei a6b3ad67fb
Some checks failed
ParentFlow CI/CD Pipeline / Backend Tests (push) Has been cancelled
Details
ParentFlow CI/CD Pipeline / Frontend Tests (push) Has been cancelled
Details
ParentFlow CI/CD Pipeline / Security Scanning (push) Has been cancelled
Details
ParentFlow CI/CD Pipeline / Build Docker Images (map[context:maternal-app/maternal-app-backend dockerfile:Dockerfile.production name:backend]) (push) Has been cancelled
Details
ParentFlow CI/CD Pipeline / Build Docker Images (map[context:maternal-web dockerfile:Dockerfile.production name:frontend]) (push) Has been cancelled
Details
ParentFlow CI/CD Pipeline / Deploy to Development (push) Has been cancelled
Details
ParentFlow CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Details
CI/CD Pipeline / Lint and Test (push) Has been cancelled
Details
CI/CD Pipeline / E2E Tests (push) Has been cancelled
Details
CI/CD Pipeline / Build Application (push) Has been cancelled
Details
feat: Complete Docker infrastructure and CI/CD pipeline 
- Created production-ready Dockerfiles with multi-stage builds
- Implemented complete CI/CD pipeline with GitHub Actions:
  - Automated testing for backend and frontend
  - Security scanning with Trivy
  - Docker image building and pushing to GHCR
  - Automated deployments to dev and production
  - Zero-downtime deployment strategy with rollback
- Set up docker-compose for both development and production
- Configured Nginx reverse proxy with SSL support
- Domain configuration:
  - Development: maternal.noru1.ro:3005, maternal-api.noru1.ro:3015
  - Production: parentflowapp.com, api.parentflowapp.com
- Created comprehensive health check endpoints for monitoring
- Updated port configuration for development environment
- Added environment-specific configuration files

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-06 13:49:28 +00:00

180 lines
6.3 KiB
Plaintext
Raw Blame History

# Production Configuration - ParentFlow
# Domains: parentflowapp.com, api.parentflowapp.com
# Redirect HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name parentflowapp.com www.parentflowapp.com api.parentflowapp.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$server_name$request_uri;
}
}
# Frontend - parentflowapp.com
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name parentflowapp.com www.parentflowapp.com;
# SSL Configuration (Update paths after Let's Encrypt setup)
ssl_certificate /etc/nginx/ssl/parentflowapp.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/parentflowapp.com/privkey.pem;
ssl_trusted_certificate /etc/nginx/ssl/parentflowapp.com/chain.pem;
# Security Headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Content-Security-Policy "default-src 'self' https://api.parentflowapp.com wss://api.parentflowapp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' https://api.parentflowapp.com wss://api.parentflowapp.com https://app.posthog.com;" always;
# Logging
access_log /var/log/nginx/parentflowapp.access.log main;
error_log /var/log/nginx/parentflowapp.error.log warn;
# Root location - proxy to Next.js frontend
location / {
proxy_pass http://frontend;
proxy_http_version 1.1;
# Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Cache static assets
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://frontend;
proxy_cache parentflow_cache;
proxy_cache_valid 200 302 1h;
proxy_cache_valid 404 1m;
add_header X-Cache-Status $upstream_cache_status;
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# Next.js specific paths
location /_next/static {
proxy_pass http://frontend;
proxy_cache parentflow_cache;
proxy_cache_valid 200 302 24h;
add_header Cache-Control "public, max-age=31536000, immutable";
}
location /api {
proxy_pass http://frontend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# API Backend - api.parentflowapp.com
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.parentflowapp.com;
# SSL Configuration (Update paths after Let's Encrypt setup)
ssl_certificate /etc/nginx/ssl/api.parentflowapp.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/api.parentflowapp.com/privkey.pem;
ssl_trusted_certificate /etc/nginx/ssl/api.parentflowapp.com/chain.pem;
# Security Headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Access-Control-Allow-Origin "https://parentflowapp.com" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials "true" always;
# Logging
access_log /var/log/nginx/api.parentflowapp.access.log main;
error_log /var/log/nginx/api.parentflowapp.error.log warn;
# Handle preflight requests
location / {
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin "https://parentflowapp.com" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Max-Age 86400;
add_header Content-Type text/plain;
add_header Content-Length 0;
return 204;
}
# Rate limiting for API
limit_req zone=api_limit burst=20 nodelay;
proxy_pass http://backend;
proxy_http_version 1.1;
# Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffering
proxy_buffering off;
proxy_request_buffering off;
}
# WebSocket support for real-time features
location /ws {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket timeouts
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
# GraphQL endpoint
location /graphql {
limit_req zone=api_limit burst=10 nodelay;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Larger timeouts for GraphQL
proxy_connect_timeout 120s;
proxy_send_timeout 120s;
proxy_read_timeout 120s;
}
# Health check endpoint
location /health {
proxy_pass http://backend;
access_log off;
}
}
Reference in New Issue View Git Blame Copy Permalink