# nginx.conf.template — libreshop white-label default. # # The image's docker-entrypoint.sh runs envsubst over this template and # writes the result to /etc/nginx/nginx.conf at startup. Adapters that # need a wholly different topology can still mount their own config via # compose `configs:` (see mp's compose.yml for an example) — the # template is then ignored entirely. # # Substituted at startup: # ${NGINX_UPSTREAM_SHOP} default shop:9999 # ${NGINX_UPSTREAM_CMS} default cms:5555 # ${NGINX_CACHE_LIFETIME} default 1h # # All other `$variable` tokens are nginx variables, left literal. worker_processes 1; events { worker_connections 1024; } http { log_format info '$time_iso8601 info: $request ($msec) $status $remote_addr - $remote_user $body_bytes_sent "$http_referer" "$http_user_agent"'; access_log /dev/stdout info; error_log /dev/stdout error; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # Cache zones live under /cache (the image creates these dirs at # startup). 2g caps each — adapters with heavier traffic can mount # their own config to enlarge. proxy_cache_path /cache/shop levels=1:2 keys_zone=shop_cache:5m max_size=2g inactive=30m; proxy_cache_path /cache/uploads levels=1:2 keys_zone=uploads_cache:5m max_size=2g inactive=30m; server { listen 80 default_server; server_name _; # Trust forwarded headers when fronted by another proxy # (e.g. caddy in the netcup edge network). real_ip_header X-Forwarded-For; set_real_ip_from 0.0.0.0/0; location /health { return 200 '{"status":"ok"}'; } # CMS admin + management surfaces. location ~ ^/(upload|content-manager|content-type-builder|admin|i18n|email|user-permissions|users-permissions|documentation|plugins) { proxy_pass http://${NGINX_UPSTREAM_CMS}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_cache off; proxy_buffering off; } # CMS uploads (images, files). location /uploads { proxy_pass http://${NGINX_UPSTREAM_CMS}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_cache uploads_cache; proxy_cache_valid 200 ${NGINX_CACHE_LIFETIME}; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; add_header X-Cache-Status $upstream_cache_status; } # Shop API (Nuxt server routes). location /api { proxy_pass http://${NGINX_UPSTREAM_SHOP}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_cache off; proxy_buffering off; } # Shop frontend (catch-all). location / { proxy_pass http://${NGINX_UPSTREAM_SHOP}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_cache shop_cache; proxy_cache_valid 200 10m; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; add_header X-Cache-Status $upstream_cache_status; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } } }