# ============================================================================= # nginx.conf.template — rendered by deploy.sh on every deploy # ============================================================================= # # Variables substituted by `envsubst`: # ${POSTGREST_HOST_PORT} dynamic host port of the PostgREST container # ${NEXTJS_HOST_PORT} dynamic host port of the Next.js container # ${NEXT_PUBLIC_API_URL} (informational only — used in comment header) # # Layout: # /api/* -> http://127.0.0.1:${POSTGREST_HOST_PORT} # /* -> http://127.0.0.1:${NEXTJS_HOST_PORT} # # Tested against nginx >= 1.18 (Debian 11 / Ubuntu 22.04). Adjust ssl_* # lines if you don't have a cert yet — deploy.sh only tests/renders, the # operator decides whether to terminate TLS here. # ============================================================================= # --- upstream definitions --------------------------------------------------- upstream postgrest_upstream { server 127.0.0.1:${POSTGREST_HOST_PORT}; keepalive 16; } upstream nextjs_upstream { server 127.0.0.1:${NEXTJS_HOST_PORT}; keepalive 16; } # --- HTTP -> HTTPS upgrade (optional; remove if you only run on LAN) -------- server { listen 80; listen [::]:80; server_name _; # ACME http-01 challenge needs to be served on port 80. location /.well-known/acme-challenge/ { root /var/www/letsencrypt; } # Redirect everything else to HTTPS. Comment out for plain-HTTP dev. location / { return 301 https://$host$request_uri; } } # --- main server block ------------------------------------------------------ server { listen 443 ssl; listen [::]:443 ssl; http2 on; server_name _; # --- TLS (uncomment + adjust after you obtain a cert) ------------------ # ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem; # ssl_protocols TLSv1.2 TLSv1.3; # ssl_ciphers HIGH:!aNULL:!MD5; # --- sensible defaults ------------------------------------------------ client_max_body_size 25m; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Connection ""; # --- API: /api/* -> PostgREST ---------------------------------------- location /api/ { proxy_pass http://postgrest_upstream; proxy_read_timeout 60s; proxy_send_timeout 60s; } # PostgREST exposes its OpenAPI spec at the root of the API; expose it # under a stable URL too. location = /api { proxy_pass http://postgrest_upstream; } # --- everything else -> Next.js -------------------------------------- location / { proxy_pass http://nextjs_upstream; proxy_read_timeout 120s; proxy_send_timeout 120s; } }