106 lines
3.2 KiB
PHP
106 lines
3.2 KiB
PHP
# Shared SPA locations. Browser calls same-origin /apnew/api/ (VITE_API_PREFIX=/apnew).
|
|
# /apnew/api/ avoids ALB listener rule that sends /api/* to an unreachable backend target group.
|
|
# Nginx proxies internally to ark-library-backend-1 (Tailscale); Host header for backend TLS.
|
|
# Legacy /api/ locations are commented below for reference only.
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 5;
|
|
gzip_types text/plain text/css application/javascript application/json application/xml image/svg+xml;
|
|
gzip_min_length 256;
|
|
|
|
location ^~ /apnew/api/admin {
|
|
return 404;
|
|
}
|
|
# Legacy same-origin /api admin block. Disabled while production uses /apnew/api.
|
|
# location ^~ /api/admin {
|
|
# return 404;
|
|
# }
|
|
location ^~ /admin {
|
|
return 404;
|
|
}
|
|
|
|
location ^~ /apnew/api/ {
|
|
proxy_pass https://100.93.205.19/api/;
|
|
proxy_http_version 1.1;
|
|
proxy_ssl_server_name on;
|
|
proxy_set_header Host api.ark-library.com;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
client_max_body_size 512m;
|
|
client_body_timeout 600s;
|
|
proxy_read_timeout 600s;
|
|
proxy_send_timeout 600s;
|
|
}
|
|
|
|
# Legacy same-origin /api proxy. Disabled while production uses /apnew/api.
|
|
# location ^~ /api/ {
|
|
# proxy_pass https://100.93.205.19/api/;
|
|
# proxy_http_version 1.1;
|
|
# proxy_ssl_server_name on;
|
|
# proxy_set_header Host api.ark-library.com;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
# client_max_body_size 512m;
|
|
# client_body_timeout 600s;
|
|
# proxy_read_timeout 600s;
|
|
# proxy_send_timeout 600s;
|
|
# }
|
|
|
|
location ^~ /uploads/ {
|
|
proxy_pass https://100.93.205.19/uploads/;
|
|
proxy_http_version 1.1;
|
|
proxy_ssl_server_name on;
|
|
proxy_set_header Host api.ark-library.com;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
location = /health {
|
|
default_type text/plain;
|
|
return 200 "ok\n";
|
|
}
|
|
|
|
location = /healthz {
|
|
default_type text/plain;
|
|
return 200 "ok\n";
|
|
}
|
|
|
|
location = /index.html {
|
|
try_files $uri =404;
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
|
|
}
|
|
|
|
# Exact `/` so the HTML shell is never edge-cached without validators (avoids stale index.html → 404 on hashed /index-*.js or /assets/*).
|
|
location = / {
|
|
try_files /index.html =404;
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
|
|
}
|
|
|
|
location = /assets/logo-primary.webp {
|
|
try_files $uri =404;
|
|
add_header Cache-Control "public, max-age=3600, stale-while-revalidate=86400" always;
|
|
}
|
|
location ^~ /assets/ark-library/ {
|
|
try_files $uri =404;
|
|
add_header Cache-Control "public, max-age=86400, stale-while-revalidate=604800" always;
|
|
}
|
|
|
|
location ^~ /assets/ {
|
|
try_files $uri =404;
|
|
add_header Cache-Control "public, max-age=31536000, immutable" always;
|
|
}
|
|
|
|
# Hashed entry chunk at /index-[hash].js (Vite entryFileNames). Do not 308 to /assets — file lives here.
|
|
location ~* ^/index-[A-Za-z0-9_-]+\.(js|mjs)$ {
|
|
try_files $uri =404;
|
|
add_header Cache-Control "public, max-age=31536000, immutable" always;
|
|
}
|
|
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
}
|