trip-planner/docker/nginx/production.conf

server {
    listen 80;
    server_name _;

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;

    # Disable server tokens
    server_tokens off;

    # Gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml application/atom+xml image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype;

    # API Backend
    location /api {
        root /var/www/html/public;
        try_files $uri $uri/ /index.php?$query_string;

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
            fastcgi_buffer_size 32k;
            fastcgi_buffers 8 16k;
            fastcgi_read_timeout 240;
        }
    }

    # Sanctum/CSRF cookie endpoint
    location /sanctum/csrf-cookie {
        root /var/www/html/public;
        try_files $uri /index.php?$query_string;

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
    }

    # Storage files (user uploads, etc)
    location /storage {
        alias /var/www/html/storage/app/public;
        try_files $uri =404;
        expires 1y;
        add_header Cache-Control "public, immutable";
    }

    # Frontend SPA
    location / {
        root /usr/share/nginx/html;
        try_files $uri $uri/ /index.html;

        # Cache static assets
        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
            expires 1y;
            add_header Cache-Control "public, immutable";
        }
    }

    # Health check endpoints
    location /health {
        access_log off;
        return 200 "healthy\n";
        add_header Content-Type text/plain;
    }

    # Laravel health check endpoint
    location /up {
        root /var/www/html/public;
        try_files $uri /index.php?$query_string;

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
    }

    # Deny access to hidden files
    location ~ /\.(?!well-known).* {
        deny all;
    }

    # Logging
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log warn;
}
2 - tmp 2025-11-16 15:53:52 +01:00			`server {`
			`listen 80;`
			`server_name _;`

			`# Security headers`
			`add_header X-Frame-Options "SAMEORIGIN" always;`
			`add_header X-Content-Type-Options "nosniff" always;`
			`add_header X-XSS-Protection "1; mode=block" always;`
			`add_header Referrer-Policy "strict-origin-when-cross-origin" always;`

			`# Disable server tokens`
			`server_tokens off;`

			`# Gzip compression`
			`gzip on;`
			`gzip_vary on;`
			`gzip_min_length 1024;`
			`gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml application/atom+xml image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype;`

			`# API Backend`
			`location /api {`
			`root /var/www/html/public;`
			`try_files $uri $uri/ /index.php?$query_string;`

			`location ~ \.php$ {`
			`try_files $uri =404;`
			`fastcgi_pass 127.0.0.1:9000;`
			`fastcgi_index index.php;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`include fastcgi_params;`
			`fastcgi_buffer_size 32k;`
			`fastcgi_buffers 8 16k;`
			`fastcgi_read_timeout 240;`
			`}`
			`}`

			`# Sanctum/CSRF cookie endpoint`
			`location /sanctum/csrf-cookie {`
			`root /var/www/html/public;`
			`try_files $uri /index.php?$query_string;`

			`location ~ \.php$ {`
			`try_files $uri =404;`
			`fastcgi_pass 127.0.0.1:9000;`
			`fastcgi_index index.php;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`include fastcgi_params;`
			`}`
			`}`

			`# Storage files (user uploads, etc)`
			`location /storage {`
			`alias /var/www/html/storage/app/public;`
			`try_files $uri =404;`
			`expires 1y;`
			`add_header Cache-Control "public, immutable";`
			`}`

			`# Frontend SPA`
			`location / {`
			`root /usr/share/nginx/html;`
			`try_files $uri $uri/ /index.html;`

			`# Cache static assets`
			`location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico\|svg\|woff\|woff2\|ttf\|eot)$ {`
			`expires 1y;`
			`add_header Cache-Control "public, immutable";`
			`}`
			`}`

			`# Health check endpoints`
			`location /health {`
			`access_log off;`
			`return 200 "healthy\n";`
			`add_header Content-Type text/plain;`
			`}`

			`# Laravel health check endpoint`
			`location /up {`
			`root /var/www/html/public;`
			`try_files $uri /index.php?$query_string;`

			`location ~ \.php$ {`
			`try_files $uri =404;`
			`fastcgi_pass 127.0.0.1:9000;`
			`fastcgi_index index.php;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`include fastcgi_params;`
			`}`
			`}`

			`# Deny access to hidden files`
			`location ~ /\.(?!well-known).* {`
			`deny all;`
			`}`

			`# Logging`
			`access_log /var/log/nginx/access.log;`
			`error_log /var/log/nginx/error.log warn;`
			`}`