proxy-nginx/nginx-config/https/https-bodypainter-eu.conf

error_log /var/log/nginx/error.log warn;

# Globalne limity z uwzględnieniem botów
map $http_user_agent $limit_key {
    default           $binary_remote_addr;
    "~*Googlebot"     "";
    "~*Bingbot"       "";
    "~*Slurp"         "";
    "~*DuckDuckBot"   "";
    "~*Cloudflare"    "";
}

limit_req_zone $limit_key zone=ip_limit:10m rate=200r/s;
limit_req_status 429;

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=COMBINED_CACHE:320m inactive=7d max_size=2500m use_temp_path=off manager_files=0 loader_files=0 loader_threshold=300 loader_sleep=50;

server {
    listen 443 ssl;
    server_name www.bodypainter.eu;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem;
    ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem;
    return 301 https://bodypainter.eu$request_uri;
}

server {
    listen 443 ssl;
    server_name bodypainter.eu;
    server_tokens off;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem;
    ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem;

    # Główna lokalizacja
    location / {
        limit_req zone=ip_limit burst=100 delay=50;
        proxy_pass http://arti24-container:3000;
        
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
    }

    # Statyczne zasoby (obrazy, css, js, fonts)
    location ~* \.(jpg|jpeg|png|gif|ico|webp|svg|woff2)$ {
        proxy_cache COMBINED_CACHE;
        proxy_pass http://arti24-container:3000;
        proxy_cache_valid 200 30d;
        proxy_cache_min_uses 2;
        proxy_cache_lock on;
        proxy_cache_use_stale error timeout updating;
        add_header X-Cache-Status $upstream_cache_status;
        expires 1y;
   
    }

    # Wyjątek dla API
    location ~ ^/(api|auth|webhook) {
        limit_req off;
        proxy_pass http://arti24-container:3000;
    }
}