chris/beachPartyBalloons
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
beachPartyBalloons/nginx/nginx.conf
chris 7d5f74a79e Serve Apple Pay verification file via nginx 
Move domain association file to estore/public/.well-known/ so Next.js
serves it, and add a /.well-known/ location block in nginx so Apple's
servers can reach it at the domain root.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-28 17:50:17 -04:00

95 lines
4.5 KiB
Nginx Configuration File
Raw Blame History

events {}
http {
# ── Compression ──────────────────────────────────────────────────────────────
gzip on;
gzip_types text/plain text/css text/javascript application/javascript application/json image/svg+xml;
gzip_min_length 1024;
gzip_vary on;
# ── Upstreams ─────────────────────────────────────────────────────────────────
upstream estore {
server estore:3000;
}
upstream main_site {
server main-site:3050;
}
upstream gallery {
server gallery-backend:5000;
}
server {
listen 80;
server_name _;
client_max_body_size 20m;
# ── Security headers ─────────────────────────────────────────────────────
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# ── Redirect old color-picker URL ────────────────────────────────────────
location ~ ^/color-picker(/.*)?$ { return 301 /color$1; }
# ── Redirects for legal pages (moved from main site into estore) ─────────
location = /privacy { return 301 /shop/privacy; }
location = /privacy/ { return 301 /shop/privacy; }
location = /terms { return 301 /shop/terms; }
location = /terms/ { return 301 /shop/terms; }
location = /refund { return 301 /shop/refund; }
location = /refund/ { return 301 /shop/refund; }
# ── Gallery API and uploaded images ──────────────────────────────────────
location ^~ /photos {
proxy_pass http://gallery;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ^~ /uploads {
proxy_pass http://gallery;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# ── Apple Pay domain verification ────────────────────────────────────────
location ^~ /.well-known/ {
proxy_pass http://estore;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# ── eStore: /shop and everything under it ────────────────────────────────
location ^~ /shop {
proxy_pass http://estore;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# ── Main site: everything else ───────────────────────────────────────────
location / {
proxy_pass http://main_site;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
Reference in New Issue View Git Blame Copy Permalink