# ==================================== # Configuration Nginx - NationsGlory Web Admin # ==================================== # # Ce fichier fournit une configuration exemple pour utiliser nginx # comme reverse proxy devant l'application web admin. # # Avantages : # - Support HTTPS/SSL # - Cache des assets statiques # - Compression gzip # - Sécurité renforcée # # Installation : # 1. Copiez ce fichier dans /etc/nginx/sites-available/nationsglory # 2. Modifiez les domaines et chemins SSL # 3. Créez le lien symbolique : ln -s /etc/nginx/sites-available/nationsglory /etc/nginx/sites-enabled/ # 4. Testez : nginx -t # 5. Rechargez : systemctl reload nginx # Redirection HTTP vers HTTPS server { listen 80; listen [::]:80; server_name votre-domaine.com www.votre-domaine.com; # Redirection vers HTTPS return 301 https://$server_name$request_uri; } # Configuration HTTPS server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name votre-domaine.com www.votre-domaine.com; # Certificats SSL (Let's Encrypt ou autre) ssl_certificate /etc/letsencrypt/live/votre-domaine.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/votre-domaine.com/privkey.pem; # Configuration SSL moderne et sécurisée ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # HSTS (optionnel mais recommandé) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # Sécurité supplémentaire add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; # Logs access_log /var/log/nginx/nationsglory-access.log; error_log /var/log/nginx/nationsglory-error.log; # Taille maximale des uploads (pour les backups) client_max_body_size 500M; # Proxy vers l'application Node.js location / { proxy_pass http://localhost:4001; proxy_http_version 1.1; # Headers pour le proxy proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; # Support WebSocket (si nécessaire dans le futur) proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Timeouts proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # Cache des assets statiques location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ { proxy_pass http://localhost:4001; proxy_cache_valid 200 7d; expires 7d; add_header Cache-Control "public, immutable"; } # Compression gzip gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; } # Configuration alternative : Accès par sous-domaine # Décommentez si vous voulez utiliser admin.votre-domaine.com # # server { # listen 443 ssl http2; # listen [::]:443 ssl http2; # server_name admin.votre-domaine.com; # # ssl_certificate /etc/letsencrypt/live/votre-domaine.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/votre-domaine.com/privkey.pem; # # # Même configuration que ci-dessus # location / { # proxy_pass http://localhost:4001; # # ... (même configuration proxy) # } # }