web-projects/nginx/longde.cloud-ssl.conf

server {
    listen 443 ssl http2;
    server_name longde.cloud www.longde.cloud;

    ssl_certificate /etc/letsencrypt/live/longde.cloud/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/longde.cloud/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/longde.cloud/chain.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1d;

    root /var/www/longde.cloud;
    index index.html;

    # Gzip
    gzip on;
    gzip_vary on;
    gzip_comp_level 5;
    gzip_min_length 256;
    gzip_types application/json text/plain text/css application/javascript image/svg+xml;

    # API proxy to NestJS backend (Docker container on port 3001)
    location /api/ {
        proxy_pass http://localhost:3001/api/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 90s;
        proxy_connect_timeout 10s;
        client_max_body_size 10m;
    }

    # Swagger docs
    location /api-docs {
        proxy_pass http://localhost:3001/api-docs;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /api-docs-json {
        proxy_pass http://localhost:3001/api-docs-json;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Frontend — SPA fallback
    location / {
        try_files $uri $uri/ /index.html;
    }
}
fix: add backend health check + HTTPS nginx config with SSL support Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-05-18 14:46:16 +08:00			`server {`
			`listen 443 ssl http2;`
			`server_name longde.cloud www.longde.cloud;`

			`ssl_certificate /etc/letsencrypt/live/longde.cloud/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/longde.cloud/privkey.pem;`
			`ssl_trusted_certificate /etc/letsencrypt/live/longde.cloud/chain.pem;`

			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;`
			`ssl_prefer_server_ciphers off;`
			`ssl_session_cache shared:SSL:10m;`
			`ssl_session_timeout 1d;`

			`root /var/www/longde.cloud;`
			`index index.html;`

			`# Gzip`
			`gzip on;`
			`gzip_vary on;`
			`gzip_comp_level 5;`
			`gzip_min_length 256;`
			`gzip_types application/json text/plain text/css application/javascript image/svg+xml;`

			`# API proxy to NestJS backend (Docker container on port 3001)`
			`location /api/ {`
			`proxy_pass http://localhost:3001/api/;`
			`proxy_http_version 1.1;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_read_timeout 90s;`
			`proxy_connect_timeout 10s;`
			`client_max_body_size 10m;`
			`}`

			`# Swagger docs`
			`location /api-docs {`
			`proxy_pass http://localhost:3001/api-docs;`
			`proxy_http_version 1.1;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`}`

			`location /api-docs-json {`
			`proxy_pass http://localhost:3001/api-docs-json;`
			`proxy_http_version 1.1;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`}`

			`# Frontend — SPA fallback`
			`location / {`
			`try_files $uri $uri/ /index.html;`
			`}`
			`}`