events { worker_connections 1024; } http { upstream littleshop { server littleshop:5000; } # Rate limiting limit_req_zone $binary_remote_addr zone=littleshop_limit:10m rate=10r/s; server { listen 80; server_name shop.thebankofdebbie.giize.com; # Redirect HTTP to HTTPS return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name shop.thebankofdebbie.giize.com; # SSL Configuration (if you have certificates) # ssl_certificate /etc/nginx/ssl/cert.pem; # ssl_certificate_key /etc/nginx/ssl/key.pem; # For development/testing without SSL, comment out ssl lines above # and change listen to: listen 443; # Security headers add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # Rate limiting limit_req zone=littleshop_limit burst=20 nodelay; # Client max body size (for file uploads) client_max_body_size 50M; location / { proxy_pass http://littleshop; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; # Timeout settings proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; # Buffer settings proxy_buffering on; proxy_buffer_size 4k; proxy_buffers 8 4k; proxy_busy_buffers_size 8k; } # Static files (optional optimization) location /wwwroot/ { proxy_pass http://littleshop; expires 1d; add_header Cache-Control "public, immutable"; } # Health check endpoint location /api/test { proxy_pass http://littleshop; access_log off; } } }