error_log /var/log/nginx/error.log warn; # tylko warningi i błęd # Limitowanie requestów (pozostawiamy bez zmian) limit_req_zone $binary_remote_addr zone=ip_limit:10m rate=30r/s; proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=COMBINED_CACHE:320m # 256m + 64m inactive=7d max_size=2500m # Zostawiamy margines use_temp_path=off manager_files=0 loader_files=0 loader_threshold=300 loader_sleep=50; server { listen 443 ssl; server_name www.bodypainter.eu; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem; ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem; return 301 https://bodypainter.eu$request_uri; } server { listen 443 ssl; server_name bodypainter.eu; server_tokens off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem; ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem; location / { limit_req zone=ip_limit burst=20 nodelay; proxy_pass http://arti24-container:3000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; } location ~* \.(jpg|jpeg|png|gif|ico|webp|svg)$ { access_log off; proxy_pass http://arti24-container:3000; proxy_cache COMBINED_CACHE; proxy_cache_valid 200 30d; proxy_cache_min_uses 2; proxy_cache_lock on; proxy_cache_lock_timeout 3s; proxy_cache_key "$scheme$host$request_uri"; add_header X-Cache-Status $upstream_cache_status; # Lepsza obsługa nagłówków proxy_ignore_headers "Set-Cookie"; proxy_cache_bypass $http_cache_purge; # Optymalizacja buforowania open_file_cache max=1000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; expires 1y; access_log off; proxy_cache_revalidate on; # Dodaj dla świeżości danych proxy_cache_background_update on; # Lepsza wydajność } }