dzinesco
d8e4818a9f
- Update NGINX configuration for correct domain - Update deployment guide with proper SSL certificate paths - Update service URLs in documentation 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
46 lines
1.4 KiB
Plaintext
46 lines
1.4 KiB
Plaintext
# NGINX Configuration for Black Canyon Tickets
|
|
# Copy to /etc/nginx/sites-available/blackcanyontickets
|
|
|
|
server {
|
|
listen 80;
|
|
listen 443 ssl http2;
|
|
server_name bct.crispygoat.com;
|
|
|
|
# SSL Configuration - Certbot will handle this
|
|
ssl_certificate /etc/letsencrypt/live/bct.crispygoat.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/bct.crispygoat.com/privkey.pem;
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
# Redirect HTTP to HTTPS
|
|
if ($scheme != "https") {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
# Astro app - All routes
|
|
location / {
|
|
proxy_pass http://localhost:3000;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# Health check endpoint
|
|
location = /api/health {
|
|
access_log off;
|
|
proxy_pass http://localhost:3000;
|
|
}
|
|
}
|
|
|
|
# Static file optimization
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
|
proxy_pass http://localhost:3000;
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
add_header X-Content-Type-Options nosniff;
|
|
}
|
|
} |