Daniel Volz
e41efdf98b
Replace increased proxy buffer sizes with proxy_max_temp_file_size 0 to stream upstream responses directly to clients instead of buffering to temp files. Eliminates warnings for large medication images without increasing per-connection RAM usage.
52 lines
1.7 KiB
Nginx Configuration File
52 lines
1.7 KiB
Nginx Configuration File
server {
|
|
# Port 8080 for unprivileged nginx (non-root)
|
|
listen 8080;
|
|
server_name _;
|
|
|
|
root /usr/share/nginx/html;
|
|
index index.html;
|
|
|
|
# Access log control (suppressed when LOG_LEVEL is warn or higher)
|
|
access_log ${NGINX_ACCESS_LOG};
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
|
|
# Allow larger file uploads (for medication images and data import/export)
|
|
client_max_body_size 50M;
|
|
|
|
location / {
|
|
try_files $uri /index.html;
|
|
}
|
|
|
|
location /api/ {
|
|
# Use variable for runtime DNS resolution (nginx resolves at startup by default)
|
|
# Docker embedded DNS (127.0.0.11) with 10s cache
|
|
resolver 127.0.0.11 valid=10s ipv6=off;
|
|
set $backend_upstream ${BACKEND_URL};
|
|
|
|
# Strip /api prefix (nginx doesn't auto-rewrite when using variables in proxy_pass)
|
|
rewrite ^/api/(.*)$ /$1 break;
|
|
proxy_pass http://$backend_upstream;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# Pass cookies through
|
|
proxy_pass_header Set-Cookie;
|
|
proxy_cookie_path / /;
|
|
|
|
# Timeout for uploads
|
|
proxy_read_timeout 60s;
|
|
proxy_send_timeout 60s;
|
|
|
|
# Prevent buffering upstream responses to temp files (images can be large)
|
|
# nginx streams directly to client instead of buffering the full response
|
|
proxy_max_temp_file_size 0;
|
|
}
|
|
}
|