mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
dabb7bf5e3afee459cabb1b317cd077f0cdd75df
meldestelle/docs/proxmox-nginx/meldestelle.conf
T
stefan ea560fc221 fixing client
2025-09-15 17:48:57 +02:00

182 lines
6.0 KiB
Plaintext
Raw Blame History

# ===================================================================
# Nginx Host-Level Konfiguration für Proxmox-Server
# Meldestelle Project - Reverse Proxy Setup
# ===================================================================
# Installation auf Proxmox:
# sudo cp meldestelle.conf /etc/nginx/sites-available/
# sudo ln -s /etc/nginx/sites-available/meldestelle.conf /etc/nginx/sites-enabled/
# sudo nginx -t && sudo systemctl reload nginx
# ===================================================================
# Upstream-Definitionen für Container-Services
upstream meldestelle-web-app {
server localhost:4000;
}
upstream meldestelle-desktop-vnc {
server localhost:6080;
}
upstream meldestelle-api-gateway {
server localhost:8081;
}
# ===================================================================
# Web-App (Hauptanwendung)
# ===================================================================
server {
listen 80;
server_name meldestelle.yourdomain.com;
# Security Headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Logging
access_log /var/log/nginx/meldestelle-web.access.log;
error_log /var/log/nginx/meldestelle-web.error.log;
# Reverse Proxy zur Web-App
location / {
proxy_pass http://meldestelle-web-app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffering
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
}
# Health-Check Endpoint
location /health {
proxy_pass http://meldestelle-web-app/health;
access_log off;
}
}
# ===================================================================
# Desktop-VNC (noVNC Web-Interface)
# ===================================================================
server {
listen 80;
server_name vnc.meldestelle.yourdomain.com;
# Logging
access_log /var/log/nginx/meldestelle-vnc.access.log;
error_log /var/log/nginx/meldestelle-vnc.error.log;
# Reverse Proxy zum VNC-Container
location / {
proxy_pass http://meldestelle-desktop-vnc;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket Support für noVNC
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Origin "";
# VNC-spezifische Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
# Buffering deaktivieren für Real-time
proxy_buffering off;
}
}
# ===================================================================
# API-Gateway (Direkter Zugriff)
# ===================================================================
server {
listen 80;
server_name api.meldestelle.yourdomain.com;
# Logging
access_log /var/log/nginx/meldestelle-api.access.log;
error_log /var/log/nginx/meldestelle-api.error.log;
# CORS Headers für API-Zugriff
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With" always;
# Reverse Proxy zum API-Gateway
location / {
# Handle preflight requests
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With";
add_header Access-Control-Max-Age 86400;
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
proxy_pass http://meldestelle-api-gateway;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# API-spezifische Timeouts
proxy_connect_timeout 30s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# Health-Check Endpoint
location /actuator/health {
proxy_pass http://meldestelle-api-gateway/actuator/health;
access_log off;
}
}
# ===================================================================
# SSL/HTTPS Konfiguration (Optional - für Cloudflare)
# ===================================================================
# Uncomment für HTTPS mit Let's Encrypt oder Cloudflare:
#
# server {
# listen 443 ssl http2;
# server_name meldestelle.yourdomain.com;
#
# ssl_certificate /etc/ssl/certs/meldestelle.crt;
# ssl_certificate_key /etc/ssl/private/meldestelle.key;
#
# # SSL Configuration
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
# ssl_prefer_server_ciphers off;
# ssl_session_cache shared:SSL:10m;
#
# # Rest der Web-App Konfiguration hier...
# }
# ===================================================================
# HTTP -> HTTPS Redirect (Optional)
# ===================================================================
# Uncomment für automatische HTTPS-Weiterleitung:
#
# server {
# listen 80;
# server_name meldestelle.yourdomain.com vnc.meldestelle.yourdomain.com api.meldestelle.yourdomain.com;
# return 301 https://$server_name$request_uri;
# }
Reference in New Issue View Git Blame Copy Permalink