terry/Arkie-Library-Frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Same-origin API: empty VITE_API_URL with nginx proxy to backend-1.

Browse Source 
Frontends call /api/ on ark-library.com; nginx forwards internally to 100.93.205.19.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
thomas
2026-05-23 17:42:59 +08:00
parent e6bc212c4e
commit 2c710e2e24
3 changed files with 119 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
deploy/nginx-frontend-locations.inc Normal file
View File

@@ -0,0 +1,84 @@
# Shared SPA locations. Browser calls same-origin /api/ + /uploads/ (VITE_API_URL empty).
# Nginx proxies internally to ark-library-backend-1 (Tailscale); Host header for backend TLS.
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css application/javascript application/json application/xml image/svg+xml;
gzip_min_length 256;
location ^~ /api/admin {
return 404;
}
location ^~ /admin {
return 404;
}
location ^~ /api/ {
proxy_pass https://100.93.205.19/api/;
proxy_http_version 1.1;
proxy_ssl_server_name on;
proxy_set_header Host api.ark-library.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 512m;
client_body_timeout 600s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
location ^~ /uploads/ {
proxy_pass https://100.93.205.19/uploads/;
proxy_http_version 1.1;
proxy_ssl_server_name on;
proxy_set_header Host api.ark-library.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location = /health {
default_type text/plain;
return 200 "ok\n";
}
location = /healthz {
default_type text/plain;
return 200 "ok\n";
}
location = /index.html {
try_files $uri =404;
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
}
# Exact `/` so the HTML shell is never edge-cached without validators (avoids stale index.html → 404 on hashed /index-*.js or /assets/*).
location = / {
try_files /index.html =404;
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
}
location = /assets/logo-primary.webp {
try_files $uri =404;
add_header Cache-Control "public, max-age=3600, stale-while-revalidate=86400" always;
}
location ^~ /assets/ark-library/ {
try_files $uri =404;
add_header Cache-Control "public, max-age=86400, stale-while-revalidate=604800" always;
}
location ^~ /assets/ {
try_files $uri =404;
add_header Cache-Control "public, max-age=31536000, immutable" always;
}
# Hashed entry chunk at /index-[hash].js (Vite entryFileNames). Do not 308 to /assets — file lives here.
location ~* ^/index-[A-Za-z0-9_-]+\.(js|mjs)$ {
try_files $uri =404;
add_header Cache-Control "public, max-age=31536000, immutable" always;
}
location / {
try_files $uri $uri/ /index.html;
}