opnform-host-nginx/nginx-host-example.conf

# Example nginx configuration for forms.portnimara.dev
# Place this in /etc/nginx/sites-available/forms.portnimara.dev
# Then create a symlink: ln -s /etc/nginx/sites-available/forms.portnimara.dev /etc/nginx/sites-enabled/

server {
    listen 80;
    server_name forms.portnimara.dev;
    
    # Redirect HTTP to HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name forms.portnimara.dev;
    
    # SSL certificates - adjust paths as needed
    ssl_certificate /etc/letsencrypt/live/forms.portnimara.dev/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/forms.portnimara.dev/privkey.pem;
    
    # SSL configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    
    # Client upload size
    client_max_body_size 64M;
    
    # Logging
    access_log /var/log/nginx/forms.portnimara.dev.access.log;
    error_log /var/log/nginx/forms.portnimara.dev.error.log;
    
    # API routes - proxy to the api-nginx container
    location ~ ^/(api|open|local/temp|forms/assets)/ {
        proxy_pass http://127.0.0.1:7654;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
    }
    
    # Everything else goes to the UI container
    location / {
        proxy_pass http://127.0.0.1:7655;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        
        # WebSocket support for hot reload and real-time features
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_cache_bypass $http_upgrade;
    }
    
    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
}
Refactor nginx setup to use host-level configuration - Remove main nginx ingress container from docker-compose - Add minimal api-nginx container for FastCGI to HTTP conversion - Expose services directly on ports 7654 (API) and 7655 (UI) - Add comprehensive NGINX_SETUP.md documentation - Include example host nginx configuration - Update docker setup script for new architecture This change allows OpnForm to integrate better with existing host nginx setups by removing the containerized ingress and exposing services directly to the host for reverse proxy configuration. 2025-06-05 17:42:01 +02:00			`# Example nginx configuration for forms.portnimara.dev`
			`# Place this in /etc/nginx/sites-available/forms.portnimara.dev`
			`# Then create a symlink: ln -s /etc/nginx/sites-available/forms.portnimara.dev /etc/nginx/sites-enabled/`

			`server {`
			`listen 80;`
			`server_name forms.portnimara.dev;`

			`# Redirect HTTP to HTTPS`
			`return 301 https://$server_name$request_uri;`
			`}`

			`server {`
			`listen 443 ssl http2;`
			`server_name forms.portnimara.dev;`

			`# SSL certificates - adjust paths as needed`
			`ssl_certificate /etc/letsencrypt/live/forms.portnimara.dev/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/forms.portnimara.dev/privkey.pem;`

			`# SSL configuration`
			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_ciphers HIGH:!aNULL:!MD5;`
			`ssl_prefer_server_ciphers on;`

			`# Client upload size`
			`client_max_body_size 64M;`

			`# Logging`
			`access_log /var/log/nginx/forms.portnimara.dev.access.log;`
			`error_log /var/log/nginx/forms.portnimara.dev.error.log;`

			`# API routes - proxy to the api-nginx container`
			`location ~ ^/(api\|open\|local/temp\|forms/assets)/ {`
			`proxy_pass http://127.0.0.1:7654;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Host $host;`
			`proxy_set_header X-Forwarded-Port $server_port;`
			`proxy_read_timeout 300s;`
			`proxy_connect_timeout 75s;`
			`}`

			`# Everything else goes to the UI container`
			`location / {`
			`proxy_pass http://127.0.0.1:7655;`
			`proxy_http_version 1.1;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Host $host;`
			`proxy_set_header X-Forwarded-Port $server_port;`

			`# WebSocket support for hot reload and real-time features`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "upgrade";`
			`proxy_cache_bypass $http_upgrade;`
			`}`

			`# Security headers`
			`add_header X-Frame-Options "SAMEORIGIN" always;`
			`add_header X-Content-Type-Options "nosniff" always;`
			`add_header X-XSS-Protection "1; mode=block" always;`
			`}`