# CertsNexus — nginx reverse proxy (in front of the two PM2 processes) # # Install: # sudo cp deploy/nginx-certsnexus.conf /etc/nginx/sites-available/certsnexus # sudo ln -s /etc/nginx/sites-available/certsnexus /etc/nginx/sites-enabled/ # sudo nginx -t && sudo systemctl reload nginx # # Upstreams (started by PM2 via ecosystem.config.cjs): # frontend SPA -> 127.0.0.1:4173 (certsnexus-web) # backend API -> 127.0.0.1:5050 (certsnexus-api) # # For HTTPS, run: sudo certbot --nginx -d certsnexus.com -d www.certsnexus.com # (certbot rewrites this file to add the :443 server block automatically). server { listen 80; listen [::]:80; server_name certsnexus.com www.certsnexus.com; # <-- change to your domain or server IP # Allow CSV/XLSX question imports (multipart uploads) client_max_body_size 12m; gzip on; gzip_proxied any; gzip_types text/css application/javascript application/json image/svg+xml; gzip_min_length 1024; # ---- API -> Node backend ---- location /api/ { proxy_pass http://127.0.0.1:5050; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ---- Everything else -> frontend SPA (PM2 static server) ---- location / { proxy_pass http://127.0.0.1:4173; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ---- Alternative: let nginx serve the static build directly (faster) ---- # If you prefer this over the PM2 web process, remove the `location /` block # above, drop the `certsnexus-web` app from ecosystem.config.cjs, and use: # # root /var/www/certsnexus/Frontend/dist; # index index.html; # location / { # try_files $uri $uri/ /index.html; # } # location /assets/ { # expires 1y; # add_header Cache-Control "public, immutable"; # } }