67 lines
3.1 KiB
Plaintext
67 lines
3.1 KiB
Plaintext
|
|
# ===== CORS Configuration =====
|
|
set $cors_allow_origin "";
|
|
if ($http_origin ~* "^https?://(localhost(:\\d+)?|127\\.0\\.0\\.1(:\\d+)?|np-dms\\.work|www\\.np-dms\\.work|lcbp3\\.np-dms\\.work)$") {
|
|
set $cors_allow_origin $http_origin;
|
|
}
|
|
|
|
add_header Vary "Origin" always;
|
|
add_header Access-Control-Allow-Credentials "true" always;
|
|
add_header Access-Control-Allow-Origin $cors_allow_origin always;
|
|
add_header Access-Control-Expose-Headers "Content-Disposition,Content-Length" always;
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
|
|
add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, Origin, Referer, User-Agent, X-Requested-With, Cache-Control, Pragma" always;
|
|
|
|
# ===== OPTIONS preflight =====
|
|
if ($request_method = OPTIONS) {
|
|
add_header Content-Length 0;
|
|
add_header Content-Type text/plain;
|
|
add_header Access-Control-Allow-Origin $cors_allow_origin always;
|
|
add_header Access-Control-Allow-Credentials "true" always;
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
|
|
add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, Origin, Referer, User-Agent, X-Requested-With, Cache-Control, Pragma" always;
|
|
return 204;
|
|
}
|
|
|
|
# ============================================================
|
|
# ============================================================
|
|
# ===== ขนาดไฟล์/timeout ระดับ Host =====
|
|
client_max_body_size 200m;
|
|
client_body_timeout 60s;
|
|
send_timeout 60s;
|
|
|
|
# ===== Proxy headers พื้นฐาน (ส่งให้ backend ทุกตัว) =====
|
|
# ที่นี่จะเป็นที่กำหนด header หลักเพียงแห่งเดียว
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# ===== WebSocket/SSE header ระดับ Host =====
|
|
# พร้อมสำหรับทุก location ที่อาจต้องใช้ WebSocket
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade"; # ใช้ "upgrade" โดยตรงจะเสถียรกว่า
|
|
|
|
# ===== สำคัญสำหรับคุกกี้ HttpOnly (ให้ทุก backend) =====
|
|
proxy_pass_header Set-Cookie;
|
|
|
|
# ===== Security headers ระดับ Host (ยอดเยี่ยมมากครับ) =====
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
|
|
docker exec -it dms_npm sh -lc '
|
|
apk add --no-cache curl 2>/dev/null || true
|
|
set -e
|
|
echo "# upstream checks"
|
|
curl -sS -I http://frontend:3000/health || true
|
|
curl -sS -I http://backend:3081/health || true
|
|
curl -sS -I http://phpmyadmin || true
|
|
curl -sS -I http://n8n:5678 || true
|
|
curl -sS -I http://pgadmin || true
|
|
curl -sS -I http://gitea:3000 || true
|
|
echo "# nginx test"
|
|
nginx -t
|
|
' |