bakery-ia/frontend/nginx.conf

# Nginx configuration for Bakery IA Frontend
# This file is used inside the container at /etc/nginx/conf.d/default.conf

server {
    listen 3000;
    server_name localhost;
    root /usr/share/nginx/html;
    index index.html;

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js.stripe.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' http://localhost http://localhost:8000 http://localhost:8001 http://localhost:8006 ws: wss:; frame-src https://js.stripe.com;" always;

    # Gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types
        text/plain
        text/css
        text/xml
        text/javascript
        application/json
        application/javascript
        application/xml+rss
        application/atom+xml
        image/svg+xml;

    # Note: API routing is handled by ingress, not by this nginx
    # The frontend makes requests to /api which are routed by the ingress controller

    # Source map files - serve with proper CORS headers and content type
    # Note: These are typically only needed in development, but served in production for error reporting
    location ~* ^/assets/.*\.map$ {
        # Short cache time to avoid mismatches with JS files
        expires 1m;
        add_header Cache-Control "public, must-revalidate";
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET";
        add_header Access-Control-Allow-Headers "Content-Type";
        add_header Content-Type "application/json";
        # Disable access logging for source maps as they're requested frequently
        access_log off;
        try_files $uri =404;
    }

    # Static assets with appropriate caching
    # Note: JS/CSS files have content hashes for cache busting, but use shorter cache times to handle deployment issues
    location ~* ^/assets/.*\.(js|css)$ {
        expires 1h;
        add_header Cache-Control "public";
        add_header Vary Accept-Encoding;
        add_header Access-Control-Allow-Origin "*";
        access_log off;
        try_files $uri =404;
    }

    # Static assets that don't change often (images, fonts) can have longer cache times
    location ~* ^/assets/.*\.(png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header Vary Accept-Encoding;
        add_header Access-Control-Allow-Origin "*";
        access_log off;
        try_files $uri =404;
    }

    # Handle JS and CSS files anywhere in the structure (for dynamic imports) with shorter cache
    location ~* \.(js|css)$ {
        expires 1h;
        add_header Cache-Control "public";
        add_header Vary Accept-Encoding;
        access_log off;
        try_files $uri =404;
    }

    # Special handling for PWA assets
    location ~* \.(webmanifest|manifest\.json)$ {
        expires 1d;
        add_header Cache-Control "public";
        add_header Content-Type application/manifest+json;
    }

    location = /sw.js {
        expires 1d;
        add_header Cache-Control "public";
        add_header Content-Type application/javascript;
    }

    # Main location block for SPA routing
    location / {
        try_files $uri $uri/ @fallback;
    }

    # Fallback for SPA routing - serve index.html
    location @fallback {
        rewrite ^.*$ /index.html last;
    }

    # Health check endpoint
    location /health {
        access_log off;
        return 200 "healthy\n";
        add_header Content-Type text/plain;
    }

    # Deny access to hidden files
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Logging
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log warn;
}
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`# Nginx configuration for Bakery IA Frontend`
			`# This file is used inside the container at /etc/nginx/conf.d/default.conf`

			`server {`
			`listen 3000;`
			`server_name localhost;`
			`root /usr/share/nginx/html;`
			`index index.html;`

			`# Security headers`
			`add_header X-Frame-Options "SAMEORIGIN" always;`
			`add_header X-Content-Type-Options "nosniff" always;`
			`add_header X-XSS-Protection "1; mode=block" always;`
			`add_header Referrer-Policy "strict-origin-when-cross-origin" always;`
New alert service 2025-12-05 20:07:01 +01:00			add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js.stripe.com; script-src-elem 'self' 'unsafe-inline' https://js.stripe.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' http://localhost http://localhost:8000 http://localhost:8001 http://localhost:8006 ws: wss:; frame-src https://js.stripe.com;" always;
Fix new Frontend 1 2025-08-03 19:36:17 +02:00
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`# Gzip compression`
Fix new Frontend 1 2025-08-03 19:36:17 +02:00			`gzip on;`
			`gzip_vary on;`
			`gzip_min_length 1024;`
			`gzip_proxied any;`
			`gzip_comp_level 6;`
			`gzip_types`
			`text/plain`
			`text/css`
			`text/xml`
			`text/javascript`
			`application/json`
			`application/javascript`
			`application/xml+rss`
			`application/atom+xml`
			`image/svg+xml;`

Add base kubernetes support 4 2025-09-27 17:19:00 +02:00			`# Note: API routing is handled by ingress, not by this nginx`
			`# The frontend makes requests to /api which are routed by the ingress controller`
Fix new Frontend 1 2025-08-03 19:36:17 +02:00
Add minio support and forntend analitycs 2026-01-17 22:42:40 +01:00			`# Source map files - serve with proper CORS headers and content type`
			`# Note: These are typically only needed in development, but served in production for error reporting`
			`location ~* ^/assets/.*\.map$ {`
			`# Short cache time to avoid mismatches with JS files`
			`expires 1m;`
			`add_header Cache-Control "public, must-revalidate";`
			`add_header Access-Control-Allow-Origin "*";`
			`add_header Access-Control-Allow-Methods "GET";`
			`add_header Access-Control-Allow-Headers "Content-Type";`
			`add_header Content-Type "application/json";`
			`# Disable access logging for source maps as they're requested frequently`
			`access_log off;`
			`try_files $uri =404;`
			`}`

			`# Static assets with appropriate caching`
			`# Note: JS/CSS files have content hashes for cache busting, but use shorter cache times to handle deployment issues`
			`location ~* ^/assets/.*\.(js\|css)$ {`
			`expires 1h;`
			`add_header Cache-Control "public";`
			`add_header Vary Accept-Encoding;`
			`add_header Access-Control-Allow-Origin "*";`
			`access_log off;`
			`try_files $uri =404;`
			`}`

			`# Static assets that don't change often (images, fonts) can have longer cache times`
			`location ~* ^/assets/.*\.(png\|jpg\|jpeg\|gif\|ico\|svg\|woff\|woff2\|ttf\|eot)$ {`
Add subcription feature 9 2026-01-16 20:25:45 +01:00			`expires 1y;`
			`add_header Cache-Control "public, immutable";`
			`add_header Vary Accept-Encoding;`
Add minio support and forntend analitycs 2026-01-17 22:42:40 +01:00			`add_header Access-Control-Allow-Origin "*";`
Add subcription feature 9 2026-01-16 20:25:45 +01:00			`access_log off;`
			`try_files $uri =404;`
			`}`

Add minio support and forntend analitycs 2026-01-17 22:42:40 +01:00			`# Handle JS and CSS files anywhere in the structure (for dynamic imports) with shorter cache`
Add subcription feature 9 2026-01-16 20:25:45 +01:00			`location ~* \.(js\|css)$ {`
Add minio support and forntend analitycs 2026-01-17 22:42:40 +01:00			`expires 1h;`
			`add_header Cache-Control "public";`
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`add_header Vary Accept-Encoding;`
			`access_log off;`
New enterprise feature 2025-11-30 09:12:40 +01:00			`try_files $uri =404;`
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`}`
Fix new Frontend 1 2025-08-03 19:36:17 +02:00
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`# Special handling for PWA assets`
			`location ~* \.(webmanifest\|manifest\.json)$ {`
			`expires 1d;`
			`add_header Cache-Control "public";`
			`add_header Content-Type application/manifest+json;`
			`}`
Fix new Frontend 1 2025-08-03 19:36:17 +02:00
Add base kubernetes support 2025-09-27 11:18:13 +02:00			`location = /sw.js {`
			`expires 1d;`
			`add_header Cache-Control "public";`
			`add_header Content-Type application/javascript;`
Fix new Frontend 1 2025-08-03 19:36:17 +02:00			`}`
Add base kubernetes support 2025-09-27 11:18:13 +02:00
			`# Main location block for SPA routing`
			`location / {`
			`try_files $uri $uri/ @fallback;`
			`}`

			`# Fallback for SPA routing - serve index.html`
			`location @fallback {`
			`rewrite ^.*$ /index.html last;`
			`}`

			`# Health check endpoint`
			`location /health {`
			`access_log off;`
			`return 200 "healthy\n";`
			`add_header Content-Type text/plain;`
			`}`

			`# Deny access to hidden files`
			`location ~ /\. {`
			`deny all;`
			`access_log off;`
			`log_not_found off;`
			`}`

			`# Logging`
			`access_log /var/log/nginx/access.log;`
			`error_log /var/log/nginx/error.log warn;`
			`}`