radziel/spotlightcam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f284eb3f2e8e11a8711b3fe9ae015acddcadccac
spotlightcam/nginx/conf.d/default.conf

110 lines
3.6 KiB
Plaintext
Raw Normal View History

feat: initial project setup with frontend mockup - Docker Compose setup with nginx reverse proxy and frontend service - React + Vite + Tailwind CSS configuration - Complete mockup of all application views: - Authentication (login/register) - Events list and selection - Event chat with matchmaking - 1:1 private chat with WebRTC P2P video transfer mockup - Partner rating system - Collaboration history - Mock data for users, events, messages, matches, and ratings - All UI text and messages in English - Project documentation (CONTEXT.md, TODO.md, README.md, QUICKSTART.md)
2025-11-12 17:50:44 +01:00
upstream frontend {
server frontend:5173;
}
feat: add backend setup with Express and unit tests Backend Foundation (Phase 1 - Step 1): **Infrastructure:** - Add backend service to docker-compose.yml - Configure nginx to proxy /api/* to backend - Node.js 20 Alpine Docker container **Backend Setup:** - Express.js REST API server - CORS configuration - Request logging middleware - Error handling (404, 500) - Graceful shutdown on SIGTERM/SIGINT - Health check endpoint: GET /api/health **Testing:** - Jest + Supertest for unit tests - 7 test cases covering: - Health check endpoint - 404 error handling - CORS headers - JSON body parsing - Code coverage: 88.23% **Project Structure:** - backend/src/app.js - Express app setup - backend/src/server.js - Server entry point - backend/src/__tests__/ - Unit tests - backend/README.md - Backend documentation **Environment:** - .env.example template - Development configuration - Ready for PostgreSQL integration All tests passing ✅
2025-11-12 21:42:52 +01:00
upstream backend {
server backend:3000;
}
feat: initial project setup with frontend mockup - Docker Compose setup with nginx reverse proxy and frontend service - React + Vite + Tailwind CSS configuration - Complete mockup of all application views: - Authentication (login/register) - Events list and selection - Event chat with matchmaking - 1:1 private chat with WebRTC P2P video transfer mockup - Partner rating system - Collaboration history - Mock data for users, events, messages, matches, and ratings - All UI text and messages in English - Project documentation (CONTEXT.md, TODO.md, README.md, QUICKSTART.md)
2025-11-12 17:50:44 +01:00
server {
listen 80;
server_name localhost;
security: add nginx headers and fix npm vulnerabilities - Add security headers to nginx (X-Frame-Options, CSP, etc.) - Reduce client_max_body_size from 500M to 10M - Add npm overrides to fix cookie vulnerability in csurf - Make navbar sticky with full width
2025-11-29 15:04:26 +01:00
client_max_body_size 10M;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
# Content Security Policy (permissive for dev, tighten for production)
feat(security): implement Cloudflare Turnstile CAPTCHA on contact form - Add Turnstile script to frontend/index.html - Implement programmatic widget rendering in ContactPage - Add backend verification via Cloudflare API - Include client IP in verification request - Update CSP headers to allow Cloudflare resources - Add environment variable configuration for site and secret keys - Pass VITE_TURNSTILE_SITE_KEY to frontend container - Add validation and error handling for CAPTCHA tokens
2025-12-05 18:08:05 +01:00
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' ws: wss: https://challenges.cloudflare.com; media-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-src https://challenges.cloudflare.com;" always;
feat: initial project setup with frontend mockup - Docker Compose setup with nginx reverse proxy and frontend service - React + Vite + Tailwind CSS configuration - Complete mockup of all application views: - Authentication (login/register) - Events list and selection - Event chat with matchmaking - 1:1 private chat with WebRTC P2P video transfer mockup - Partner rating system - Collaboration history - Mock data for users, events, messages, matches, and ratings - All UI text and messages in English - Project documentation (CONTEXT.md, TODO.md, README.md, QUICKSTART.md)
2025-11-12 17:50:44 +01:00
fix(nginx): allow Vite dev dependencies in development mode - Changed regex /\. to /\.(git|svn|htaccess|htpasswd|env) to allow .vite directory - Removed node_modules from nginx blocked paths for Vite dependency serving - Set VITE_ALLOWED_HOSTS=all in development mode for Docker networking Fixes issue where nginx was blocking Vite's pre-bundled dependencies in /node_modules/.vite/deps/, causing 404 errors for React and other imports.
2025-12-03 19:21:52 +01:00
# Block access to hidden files and directories (but allow .vite for development)
location ~ /\.(git|svn|htaccess|htpasswd|env) {
security(nginx): block access to sensitive files and directories Added comprehensive security rules to all nginx configurations: Dev proxy (nginx/conf.d/default.conf): - Block dotfiles and .git directory - Block .env* files and config files - Block node_modules, docker configs, package files - Block backup files (.bak, .swp, ~) Prod proxy (nginx/conf.d.prod/default.conf): - All dev security rules - Added security headers (X-Frame-Options, CSP, etc.) - Strict CSP with frame-ancestors 'none' Frontend container (frontend/nginx.conf): - Block dotfiles and sensitive config files - Block node_modules and build configs - Added security headers All blocked paths return 404 and disable logging to avoid log spam. Blocks: .env*, .git, node_modules, docker*, package*.json, prisma, backup*, *.bak, *.swp, tsconfig.json, and more.
2025-12-02 19:55:08 +01:00
deny all;
access_log off;
log_not_found off;
return 404;
}
location ~ \.(env|git|gitignore|dockerignore|htaccess|htpasswd)$ {
deny all;
access_log off;
log_not_found off;
return 404;
}
fix(nginx): allow Vite dev dependencies in development mode - Changed regex /\. to /\.(git|svn|htaccess|htpasswd|env) to allow .vite directory - Removed node_modules from nginx blocked paths for Vite dependency serving - Set VITE_ALLOWED_HOSTS=all in development mode for Docker networking Fixes issue where nginx was blocking Vite's pre-bundled dependencies in /node_modules/.vite/deps/, causing 404 errors for React and other imports.
2025-12-03 19:21:52 +01:00
# DEV MODE: node_modules allowed for Vite dependencies
# Block access to sensitive files and directories (excluding node_modules for Vite)
location ~ ^/(\.git|\.vscode|\.idea|docker-compose|Dockerfile|package\.json|package-lock\.json|yarn\.lock|pnpm-lock\.yaml|\.npmrc|\.yarnrc|tsconfig\.json|\.eslintrc|\.prettierrc|prisma|\.env.*|\.db|\.sqlite|\.sql|backup|backups|dumps|logs)/? {
security(nginx): block access to sensitive files and directories Added comprehensive security rules to all nginx configurations: Dev proxy (nginx/conf.d/default.conf): - Block dotfiles and .git directory - Block .env* files and config files - Block node_modules, docker configs, package files - Block backup files (.bak, .swp, ~) Prod proxy (nginx/conf.d.prod/default.conf): - All dev security rules - Added security headers (X-Frame-Options, CSP, etc.) - Strict CSP with frame-ancestors 'none' Frontend container (frontend/nginx.conf): - Block dotfiles and sensitive config files - Block node_modules and build configs - Added security headers All blocked paths return 404 and disable logging to avoid log spam. Blocks: .env*, .git, node_modules, docker*, package*.json, prisma, backup*, *.bak, *.swp, tsconfig.json, and more.
2025-12-02 19:55:08 +01:00
deny all;
access_log off;
log_not_found off;
return 404;
}
location ~ \.(bak|backup|swp|tmp|old|orig|save|~)$ {
deny all;
access_log off;
log_not_found off;
return 404;
}
feat: initial project setup with frontend mockup - Docker Compose setup with nginx reverse proxy and frontend service - React + Vite + Tailwind CSS configuration - Complete mockup of all application views: - Authentication (login/register) - Events list and selection - Event chat with matchmaking - 1:1 private chat with WebRTC P2P video transfer mockup - Partner rating system - Collaboration history - Mock data for users, events, messages, matches, and ratings - All UI text and messages in English - Project documentation (CONTEXT.md, TODO.md, README.md, QUICKSTART.md)
2025-11-12 17:50:44 +01:00
# Frontend - Vite Dev Server
location / {
proxy_pass http://frontend;
proxy_http_version 1.1;
# WebSocket support (dla Vite HMR)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Standard proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
feat: add backend setup with Express and unit tests Backend Foundation (Phase 1 - Step 1): **Infrastructure:** - Add backend service to docker-compose.yml - Configure nginx to proxy /api/* to backend - Node.js 20 Alpine Docker container **Backend Setup:** - Express.js REST API server - CORS configuration - Request logging middleware - Error handling (404, 500) - Graceful shutdown on SIGTERM/SIGINT - Health check endpoint: GET /api/health **Testing:** - Jest + Supertest for unit tests - 7 test cases covering: - Health check endpoint - 404 error handling - CORS headers - JSON body parsing - Code coverage: 88.23% **Project Structure:** - backend/src/app.js - Express app setup - backend/src/server.js - Server entry point - backend/src/__tests__/ - Unit tests - backend/README.md - Backend documentation **Environment:** - .env.example template - Development configuration - Ready for PostgreSQL integration All tests passing ✅
2025-11-12 21:42:52 +01:00
# Backend API
location /api {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
feat: initial project setup with frontend mockup - Docker Compose setup with nginx reverse proxy and frontend service - React + Vite + Tailwind CSS configuration - Complete mockup of all application views: - Authentication (login/register) - Events list and selection - Event chat with matchmaking - 1:1 private chat with WebRTC P2P video transfer mockup - Partner rating system - Collaboration history - Mock data for users, events, messages, matches, and ratings - All UI text and messages in English - Project documentation (CONTEXT.md, TODO.md, README.md, QUICKSTART.md)
2025-11-12 17:50:44 +01:00
feat: implement real-time chat with Socket.IO Implemented WebSocket-based real-time messaging for both event rooms and private match chats using Socket.IO with comprehensive test coverage. Backend changes: - Installed socket.io@4.8.1 for WebSocket server - Created Socket.IO server with JWT authentication middleware - Implemented event room management (join/leave/messages) - Added active users tracking with real-time updates - Implemented private match room messaging - Integrated Socket.IO with Express HTTP server - Messages are persisted to PostgreSQL via Prisma - Added 12 comprehensive unit tests (89.13% coverage) Frontend changes: - Installed socket.io-client for WebSocket connections - Created socket service layer for connection management - Updated EventChatPage with real-time messaging - Updated MatchChatPage with real-time private chat - Added connection status indicators (● Connected/Disconnected) - Disabled message input when not connected Infrastructure: - Updated nginx config to proxy WebSocket connections at /socket.io - Added Upgrade and Connection headers for WebSocket support - Set long timeouts (7d) for persistent WebSocket connections Key features: - JWT-authenticated socket connections - Room-based architecture for events and matches - Real-time message broadcasting - Active users list with automatic updates - Automatic cleanup on disconnect - Message persistence in database Test coverage: - 12 tests passing (authentication, event rooms, match rooms, disconnect, errors) - Socket.IO module: 89.13% statements, 81.81% branches, 91.66% functions - Overall coverage: 81.19% Phase 1, Step 4 completed. Ready for Phase 2 (Core Features).
2025-11-12 22:42:15 +01:00
# WebSocket for Socket.IO
location /socket.io {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Timeouts for WebSocket
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
feat: initial project setup with frontend mockup - Docker Compose setup with nginx reverse proxy and frontend service - React + Vite + Tailwind CSS configuration - Complete mockup of all application views: - Authentication (login/register) - Events list and selection - Event chat with matchmaking - 1:1 private chat with WebRTC P2P video transfer mockup - Partner rating system - Collaboration history - Mock data for users, events, messages, matches, and ratings - All UI text and messages in English - Project documentation (CONTEXT.md, TODO.md, README.md, QUICKSTART.md)
2025-11-12 17:50:44 +01:00
}
Reference in New Issue Copy Permalink