93
nginx.conf
Archivo normal
93
nginx.conf
Archivo normal
@@ -0,0 +1,93 @@
|
||||
# Configuración de nginx para p2p.manalejandro.com
|
||||
|
||||
upstream nextjs_backend {
|
||||
server localhost:3000;
|
||||
keepalive 64;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name p2p.manalejandro.com;
|
||||
|
||||
# Redirigir HTTP a HTTPS
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name p2p.manalejandro.com;
|
||||
|
||||
# Certificados SSL (ajusta las rutas según tu instalación de certbot)
|
||||
ssl_certificate /etc/letsencrypt/live/manalejandro.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/manalejandro.com/privkey.pem;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
# Configuración SSL moderna
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
# HSTS
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
|
||||
# Logs
|
||||
access_log /var/log/nginx/p2p.manalejandro.com.access.log;
|
||||
error_log /var/log/nginx/p2p.manalejandro.com.error.log;
|
||||
|
||||
# Configuración de proxy
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection 'upgrade';
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_read_timeout 86400;
|
||||
|
||||
# Desactivar buffering para streaming
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
|
||||
# Aumentar límites para streams
|
||||
client_max_body_size 100M;
|
||||
proxy_max_temp_file_size 0;
|
||||
|
||||
# Rutas de API (proxy endpoints)
|
||||
location /api/ {
|
||||
proxy_pass http://nextjs_backend;
|
||||
|
||||
# Headers adicionales para streaming
|
||||
proxy_set_header Range $http_range;
|
||||
proxy_set_header If-Range $http_if_range;
|
||||
|
||||
# No hacer cache de las peticiones de API
|
||||
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
||||
add_header Pragma "no-cache";
|
||||
add_header Expires "0";
|
||||
}
|
||||
|
||||
# Socket.IO
|
||||
location /socket.io/ {
|
||||
proxy_pass http://nextjs_backend;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
|
||||
# Next.js static files
|
||||
location /_next/static/ {
|
||||
proxy_pass http://nextjs_backend;
|
||||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||||
}
|
||||
|
||||
# Todas las demás rutas
|
||||
location / {
|
||||
proxy_pass http://nextjs_backend;
|
||||
}
|
||||
}
|
||||
Referencia en una nueva incidencia
Block a user