From 441cb7a239d469524fa7329c347f2f8fa7ac6ec0 Mon Sep 17 00:00:00 2001
From: jc <46619361+juancwu@users.noreply.github.com>
Date: Mon, 9 Dec 2024 15:44:06 -0500
Subject: [PATCH] add nginx config for staging

---
 nginx.staging | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 nginx.staging

diff --git a/nginx.staging b/nginx.staging
new file mode 100644
index 00000000..b237e13e
--- /dev/null
+++ b/nginx.staging
@@ -0,0 +1,46 @@
+limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s;
+
+server {
+    listen 443 ssl;
+    server_name nk-preview.konfer.ca;
+
+    ssl_certificate /etc/ssl/nk-preview/cert.pem;
+    ssl_certificate_key /etc/ssl/nk-preview/key.pem;
+
+    root /home/spur/staging/frontend;
+    index index.html
+
+    gzip on;
+    gzip_vary on;
+    gzip_proxied expired no-cache no-store private auth;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript
+ application/x-javascript application/xml;
+    gzip_disable "MSIE [1-6]\.";
+
+
+    # frontend
+    location / {
+        try_files $uri $uri/ /index.html;
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Content-Type-Options "nosniff";
+    }
+
+
+    # backend
+    location /api/v1 {
+        limit_req zone=two burst=20 nodelay;
+        limit_req_status 444;
+        proxy_pass http://127.0.0.1:6969;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-App-Name nk-staging;
+    }
+
+    # deny access to hidden files
+    location ~ /\. {
+        deny all;
+    }
+}