opnform-host-nginx/nginx-host-example.conf

# Example nginx configuration for forms.portnimara.dev
# Place this in /etc/nginx/sites-available/forms.portnimara.dev
# Then create a symlink: ln -s /etc/nginx/sites-available/forms.portnimara.dev /etc/nginx/sites-enabled/

server {
    listen 80;
    server_name forms.portnimara.dev;
    
    # Redirect HTTP to HTTPS
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name forms.portnimara.dev;
    
    # SSL certificates - adjust paths as needed
    ssl_certificate /etc/letsencrypt/live/forms.portnimara.dev/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/forms.portnimara.dev/privkey.pem;
    
    # SSL configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    
    # Client upload size
    client_max_body_size 64M;
    
    # Logging
    access_log /var/log/nginx/forms.portnimara.dev.access.log;
    error_log /var/log/nginx/forms.portnimara.dev.error.log;
    
    # API routes - proxy to the api-nginx container
    location ~ ^/(api|open|local/temp|forms/assets)/ {
        proxy_pass http://127.0.0.1:7654;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
    }
    
    # Everything else goes to the UI container
    location / {
        proxy_pass http://127.0.0.1:7655;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        
        # WebSocket support for hot reload and real-time features
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_cache_bypass $http_upgrade;
    }
    
    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
}