# Nginx reverse proxy configuration for Coolify deployment # Place this in /etc/nginx/conf.d/ai.allucanget.biz.conf or use Coolify's built-in proxy # Backend API proxy upstream backend { server 127.0.0.1:12015; } # Frontend proxy upstream frontend { server 127.0.0.1:12016; } server { listen 80; server_name ai.allucanget.biz www.ai.allucanget.biz; # Redirect HTTP to HTTPS return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name ai.allucanget.biz www.ai.allucanget.biz; # SSL configuration (managed by Let's Encrypt / Certbot) ssl_certificate /etc/letsencrypt/live/ai.allucanget.biz/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ai.allucanget.biz/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; # Backend API proxy location /api/ { proxy_pass http://backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket support (if needed in future) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # Frontend proxy location / { proxy_pass http://frontend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Static files caching location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { proxy_pass http://frontend; expires 30d; add_header Cache-Control "public, immutable"; } } # Health check endpoint location /health { proxy_pass http://backend; proxy_set_header Host $host; } }