# Nginx configuration to proxy to Docker drone detection application # Copy this file to /etc/nginx/sites-enabled/ on your server upstream drone_frontend { server localhost:3001; # Frontend container port } upstream drone_backend { server localhost:3002; # Backend API container port } # HTTP configuration for drone detection system server { listen 80; server_name drones.local drones.cqers.com; # Change to your preferred domain # Main application - proxy to React frontend location / { proxy_pass http://drone_frontend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; # WebSocket support for real-time updates proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Timeouts proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; # Handle large payloads client_max_body_size 10M; } # API routing - proxy to Node.js backend location /api/ { proxy_pass http://drone_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; # API specific headers proxy_set_header Content-Type application/json; # Timeouts for API calls proxy_connect_timeout 30s; proxy_send_timeout 30s; proxy_read_timeout 60s; # Handle large API payloads client_max_body_size 10M; } # Health check endpoint location /health { proxy_pass http://drone_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # WebSocket endpoint for real-time updates location /socket.io/ { proxy_pass http://drone_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket specific headers proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_cache_bypass $http_upgrade; # Longer timeouts for persistent connections proxy_connect_timeout 60s; proxy_send_timeout 300s; proxy_read_timeout 300s; } # Static assets caching (optional optimization) location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { proxy_pass http://drone_frontend; proxy_set_header Host $host; # Cache static assets expires 1y; add_header Cache-Control "public, immutable"; # CORS headers for assets add_header Access-Control-Allow-Origin "*"; } # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; } # HTTPS configuration (optional - uncomment and configure SSL) # server { # listen 443 ssl http2; # server_name drones.local drones.cqers.com; # # # SSL certificate configuration (adjust paths to your certificates) # ssl_certificate /path/to/your/certificate.crt; # ssl_certificate_key /path/to/your/private.key; # # # SSL security settings # ssl_protocols TLSv1.2 TLSv1.3; # ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384; # ssl_prefer_server_ciphers off; # ssl_session_cache shared:SSL:10m; # ssl_session_timeout 10m; # # # Same location blocks as HTTP configuration above # location / { # proxy_pass http://drone_frontend; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Port $server_port; # # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # # proxy_connect_timeout 60s; # proxy_send_timeout 60s; # proxy_read_timeout 60s; # client_max_body_size 10M; # } # # location /api/ { # proxy_pass http://drone_backend; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Port $server_port; # # proxy_connect_timeout 30s; # proxy_send_timeout 30s; # proxy_read_timeout 60s; # client_max_body_size 10M; # } # # location /socket.io/ { # proxy_pass http://drone_backend; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # proxy_cache_bypass $http_upgrade; # # proxy_connect_timeout 60s; # proxy_send_timeout 300s; # proxy_read_timeout 300s; # } # # # Security headers for HTTPS # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # add_header X-Frame-Options "SAMEORIGIN" always; # add_header X-Content-Type-Options "nosniff" always; # add_header X-XSS-Protection "1; mode=block" always; # add_header Referrer-Policy "strict-origin-when-cross-origin" always; # }