marco/VigilanzaTurni
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5830d08c55
VigilanzaTurni/deploy/nginx.conf
marco370 a7df004348 Update deployment scripts and server setup for automatic deployment and database backup 
Update deploy scripts to include database backup and restore functionality, configure Nginx for vt.alfacom.it, and modify server setup to use the provided database password.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 42d8028a-fa71-4ec2-938c-e43eedf7df01
Replit-Commit-Checkpoint-Type: intermediate_checkpoint
2025-10-16 10:54:16 +00:00

92 lines
2.5 KiB
Nginx Configuration File
Raw Blame History

# Configurazione Nginx per VigilanzaTurni
# Salvare in: /etc/nginx/conf.d/vigilanza-turni.conf
upstream vigilanza_backend {
server 127.0.0.1:5000;
keepalive 64;
}
# HTTP → HTTPS redirect
server {
listen 80;
listen [::]:80;
server_name vt.alfacom.it;
# Let's Encrypt challenge
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$server_name$request_uri;
}
}
# HTTPS Server
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name vt.alfacom.it;
# SSL Certificate (generato da certbot)
ssl_certificate /etc/letsencrypt/live/vt.alfacom.it/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vt.alfacom.it/privkey.pem;
# SSL Security
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Security Headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Logs
access_log /var/log/nginx/vigilanza-turni-access.log;
error_log /var/log/nginx/vigilanza-turni-error.log;
# Client max body size (per upload)
client_max_body_size 10M;
# Proxy to Node.js backend
location / {
proxy_pass http://vigilanza_backend;
proxy_http_version 1.1;
# Headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Cache bypass
proxy_cache_bypass $http_upgrade;
}
# Static assets (dopo build Vite)
location /assets/ {
alias /var/www/vigilanza-turni/dist/public/assets/;
expires 1y;
add_header Cache-Control "public, immutable";
}
# Gzip compression
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss
application/x-font-ttf font/opentype image/svg+xml;
}
Reference in New Issue View Git Blame Copy Permalink