prvng_platform/nginx/nginx.conf

user nginx;
worker_processes ${NGINX_WORKER_PROCESSES:-4};
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
    worker_connections ${NGINX_WORKER_CONNECTIONS:-1024};
    use epoll;
    multi_accept on;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Logging
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for" '
                    'rt=$request_time uct="$upstream_connect_time" '
                    'uht="$upstream_header_time" urt="$upstream_response_time"';

    log_format json escape=json '{'
        '"time": "$time_iso8601",'
        '"remote_addr": "$remote_addr",'
        '"request_method": "$request_method",'
        '"request_uri": "$request_uri",'
        '"status": $status,'
        '"body_bytes_sent": $body_bytes_sent,'
        '"request_time": $request_time,'
        '"upstream_response_time": "$upstream_response_time",'
        '"upstream_addr": "$upstream_addr",'
        '"http_referrer": "$http_referer",'
        '"http_user_agent": "$http_user_agent"'
    '}';

    access_log /var/log/nginx/access.log main;

    # Performance
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    client_max_body_size 100M;

    # Gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1000;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml text/javascript
               application/json application/javascript application/xml+rss
               application/rss+xml application/atom+xml image/svg+xml
               text/x-component;

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;

    # Rate limiting zones
    limit_req_zone $binary_remote_addr zone=api_limit:10m rate=${NGINX_RATE_LIMIT_REQUESTS:-100}r/m;
    limit_req_zone $binary_remote_addr zone=auth_limit:10m rate=10r/m;
    limit_conn_zone $binary_remote_addr zone=conn_limit:10m;

    # Upstream definitions
    upstream orchestrator {
        server orchestrator:8080 max_fails=3 fail_timeout=30s;
        keepalive 32;
    }

    upstream control_center {
        server control-center:8081 max_fails=3 fail_timeout=30s;
        keepalive 32;
    }

    upstream api_server {
        server api-server:8083 max_fails=3 fail_timeout=30s;
        keepalive 32;
    }

    upstream oci_registry {
        server oci-registry:5000 max_fails=3 fail_timeout=30s;
        keepalive 16;
    }

    upstream extension_registry {
        server extension-registry:8082 max_fails=3 fail_timeout=30s;
        keepalive 16;
    }

    upstream gitea {
        server gitea:3000 max_fails=3 fail_timeout=30s;
        keepalive 16;
    }

    upstream grafana {
        server grafana:3000 max_fails=3 fail_timeout=30s;
        keepalive 16;
    }

    # Health check endpoint
    server {
        listen 80;
        server_name _;

        location /health {
            access_log off;
            return 200 "healthy\n";
            add_header Content-Type text/plain;
        }
    }

    # Include additional configuration files
    include /etc/nginx/conf.d/*.conf;
}
core: init repo and codebase 2025-10-07 10:59:52 +01:00			`user nginx;`
			`worker_processes ${NGINX_WORKER_PROCESSES:-4};`
			`error_log /var/log/nginx/error.log warn;`
			`pid /var/run/nginx.pid;`

			`events {`
			`worker_connections ${NGINX_WORKER_CONNECTIONS:-1024};`
			`use epoll;`
			`multi_accept on;`
			`}`

			`http {`
			`include /etc/nginx/mime.types;`
			`default_type application/octet-stream;`

			`# Logging`
			`log_format main '$remote_addr - $remote_user [$time_local] "$request" '`
			`'$status $body_bytes_sent "$http_referer" '`
			`'"$http_user_agent" "$http_x_forwarded_for" '`
			`'rt=$request_time uct="$upstream_connect_time" '`
			`'uht="$upstream_header_time" urt="$upstream_response_time"';`

			`log_format json escape=json '{'`
			`'"time": "$time_iso8601",'`
			`'"remote_addr": "$remote_addr",'`
			`'"request_method": "$request_method",'`
			`'"request_uri": "$request_uri",'`
			`'"status": $status,'`
			`'"body_bytes_sent": $body_bytes_sent,'`
			`'"request_time": $request_time,'`
			`'"upstream_response_time": "$upstream_response_time",'`
			`'"upstream_addr": "$upstream_addr",'`
			`'"http_referrer": "$http_referer",'`
			`'"http_user_agent": "$http_user_agent"'`
			`'}';`

			`access_log /var/log/nginx/access.log main;`

			`# Performance`
			`sendfile on;`
			`tcp_nopush on;`
			`tcp_nodelay on;`
			`keepalive_timeout 65;`
			`types_hash_max_size 2048;`
			`client_max_body_size 100M;`

			`# Gzip compression`
			`gzip on;`
			`gzip_vary on;`
			`gzip_min_length 1000;`
			`gzip_comp_level 6;`
			`gzip_types text/plain text/css text/xml text/javascript`
			`application/json application/javascript application/xml+rss`
			`application/rss+xml application/atom+xml image/svg+xml`
			`text/x-component;`

			`# Security headers`
			`add_header X-Frame-Options "SAMEORIGIN" always;`
			`add_header X-Content-Type-Options "nosniff" always;`
			`add_header X-XSS-Protection "1; mode=block" always;`
			`add_header Referrer-Policy "no-referrer-when-downgrade" always;`

			`# Rate limiting zones`
			`limit_req_zone $binary_remote_addr zone=api_limit:10m rate=${NGINX_RATE_LIMIT_REQUESTS:-100}r/m;`
			`limit_req_zone $binary_remote_addr zone=auth_limit:10m rate=10r/m;`
			`limit_conn_zone $binary_remote_addr zone=conn_limit:10m;`

			`# Upstream definitions`
			`upstream orchestrator {`
			`server orchestrator:8080 max_fails=3 fail_timeout=30s;`
			`keepalive 32;`
			`}`

			`upstream control_center {`
			`server control-center:8081 max_fails=3 fail_timeout=30s;`
			`keepalive 32;`
			`}`

			`upstream api_server {`
			`server api-server:8083 max_fails=3 fail_timeout=30s;`
			`keepalive 32;`
			`}`

			`upstream oci_registry {`
			`server oci-registry:5000 max_fails=3 fail_timeout=30s;`
			`keepalive 16;`
			`}`

			`upstream extension_registry {`
			`server extension-registry:8082 max_fails=3 fail_timeout=30s;`
			`keepalive 16;`
			`}`

			`upstream gitea {`
			`server gitea:3000 max_fails=3 fail_timeout=30s;`
			`keepalive 16;`
			`}`

			`upstream grafana {`
			`server grafana:3000 max_fails=3 fail_timeout=30s;`
			`keepalive 16;`
			`}`

			`# Health check endpoint`
			`server {`
			`listen 80;`
			`server_name _;`

			`location /health {`
			`access_log off;`
			`return 200 "healthy\n";`
			`add_header Content-Type text/plain;`
			`}`
			`}`

			`# Include additional configuration files`
			`include /etc/nginx/conf.d/*.conf;`
			`}`