PR AB: complete Phoenix deployment scaffolding (add 3 files referenced by main 4a1f69a) (#32)
Some checks failed
Deploy to Phoenix / deploy (push) Failing after 7s
Some checks failed
Deploy to Phoenix / deploy (push) Failing after 7s
Adds webapp-nginx.conf, systemd/currencicombo-orchestrator.service, and install-prune-cron.sh — all three referenced by main's existing install.sh / deploy script / webapp.service / README but missing from the4a1f69acommit. Byte-identical to PR #31 branchded7d24. Closes gap so CT 8604 can boot cleanly.
This commit was merged in pull request #32.
This commit is contained in:
80
scripts/deployment/webapp-nginx.conf
Normal file
80
scripts/deployment/webapp-nginx.conf
Normal file
@@ -0,0 +1,80 @@
|
||||
# Self-contained nginx.conf for the CurrenciCombo Vite SPA.
|
||||
# Invoked by the `currencicombo-webapp.service` systemd unit and installed
|
||||
# to /etc/currencicombo/webapp-nginx.conf by scripts/deployment/install.sh.
|
||||
#
|
||||
# Listens on :3000 (NPMplus upstream). NPMplus path-routes /api/* to the
|
||||
# orchestrator on :8080 (with SSE-friendly settings — see README.md);
|
||||
# everything else lands here.
|
||||
# This config does NOT proxy /api itself — that's intentional so a wrong
|
||||
# NPMplus rule fails loudly instead of silently bypassing the orchestrator.
|
||||
|
||||
worker_processes auto;
|
||||
error_log /var/log/currencicombo/webapp-nginx.error.log warn;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
access_log /var/log/currencicombo/webapp-nginx.access.log combined;
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
keepalive_timeout 65;
|
||||
server_tokens off;
|
||||
gzip on;
|
||||
gzip_types text/plain text/css application/javascript application/json image/svg+xml;
|
||||
gzip_min_length 1024;
|
||||
|
||||
# Uploads/bodies: the portal is a static SPA, so any request with a body
|
||||
# is almost certainly mis-routed. Cap tight.
|
||||
client_max_body_size 1m;
|
||||
|
||||
server {
|
||||
listen 3000 default_server;
|
||||
listen [::]:3000 default_server;
|
||||
server_name _;
|
||||
|
||||
root /opt/currencicombo/webapp/dist;
|
||||
index index.html;
|
||||
|
||||
# Security headers are also set by NPMplus, but apply them here too
|
||||
# so they survive a direct-to-CT curl for debugging.
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
|
||||
# Immutable asset bundles.
|
||||
location /assets/ {
|
||||
access_log off;
|
||||
expires 1y;
|
||||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
# Deny sourcemaps in prod.
|
||||
location ~ \.map$ {
|
||||
access_log off;
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# Guard-rail: if NPMplus fails to path-route /api/*, surface it as a
|
||||
# clean 421 rather than serving index.html and confusing the browser
|
||||
# with a JSON parse error. The SSE endpoint lives at
|
||||
# /api/plans/:id/events/stream, which also sits under /api/, so one
|
||||
# rule covers both.
|
||||
location /api/ {
|
||||
return 421 "NPMplus is misconfigured: /api/* must proxy to orchestrator :8080\n";
|
||||
add_header Content-Type text/plain always;
|
||||
}
|
||||
|
||||
# SPA fallback. Must come last.
|
||||
location / {
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user