@@ -5,94 +5,100 @@ events {
55http {
66 include /etc/nginx/mime.types ;
77 default_type application/octet-stream ;
8-
8+
99 # Logging
1010 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
1111 '$status $body_bytes_sent "$http_referer" '
1212 '"$http_user_agent" "$http_x_forwarded_for"' ;
13-
13+
1414 access_log /var/log/nginx/access.log main;
1515 error_log /var/log/nginx/error.log warn;
16-
16+
1717 # Gzip compression
1818 gzip on;
1919 gzip_vary on;
2020 gzip_min_length 1024 ;
2121 gzip_types text/plain text/css text/xml text/javascript application/javascript application/json;
22-
22+
2323 # Security headers
2424 add_header X-Frame-Options "SAMEORIGIN" always;
2525 add_header X-Content-Type-Options "nosniff" always;
2626 add_header X-XSS-Protection "1; mode=block" always;
2727 add_header Referrer-Policy "strict-origin-when-cross-origin" always;
28-
28+
2929 # DNS resolver for dynamic upstream resolution
3030 resolver 8.8.8.8 8.8.4.4 valid=300s ;
3131 resolver_timeout 5s ;
32-
32+
3333 server {
3434 listen ${ PORT} ;
3535 server_name _;
36-
36+
3737 # Health check endpoint for this proxy
3838 location /health {
3939 access_log off;
4040 return 200 "nginx proxy healthy\n " ;
4141 add_header Content-Type text/plain;
4242 }
43-
43+
4444 # Collect service routes - redirect without trailing slash
4545 location = /collect/api {
4646 return 301 /collect/api/;
4747 }
48-
48+
4949 location /collect/api/ {
50- set $collect_upstream http ://${ COLLECT_SERVICE_NAME} : 10000 ;
50+ set $collect_upstream https ://${ COLLECT_SERVICE_NAME} .onrender.com ;
5151 rewrite ^/collect/api/( .*) $ /api/$1 break ;
5252 proxy_pass $collect_upstream ;
53- proxy_set_header Host ${ COLLECT_SERVICE_NAME} ;
53+ proxy_ssl_server_name on;
54+ proxy_ssl_verify off;
55+ proxy_set_header Host ${ COLLECT_SERVICE_NAME} .onrender.com;
5456 proxy_set_header X-Real-IP $remote_addr ;
5557 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
5658 proxy_set_header X-Forwarded-Proto $scheme ;
5759 proxy_set_header X-Forwarded-Host $host ;
58-
60+
5961 # Timeouts
6062 proxy_connect_timeout 30s ;
6163 proxy_send_timeout 30s ;
6264 proxy_read_timeout 30s ;
6365 }
64-
66+
6567 # Backend service routes - redirect without trailing slash
6668 location = /backend/api {
6769 return 301 /backend/api/;
6870 }
69-
71+
7072 location /backend/api/ {
71- set $backend_upstream http ://${ BACKEND_SERVICE_NAME} : 10000 ;
73+ set $backend_upstream https ://${ BACKEND_SERVICE_NAME} .onrender.com ;
7274 rewrite ^/backend/api/( .*) $ /api/$1 break ;
7375 proxy_pass $backend_upstream ;
74- proxy_set_header Host ${ BACKEND_SERVICE_NAME} ;
76+ proxy_ssl_server_name on;
77+ proxy_ssl_verify off;
78+ proxy_set_header Host ${ BACKEND_SERVICE_NAME} .onrender.com;
7579 proxy_set_header X-Real-IP $remote_addr ;
7680 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
7781 proxy_set_header X-Forwarded-Proto $scheme ;
7882 proxy_set_header X-Forwarded-Host $host ;
79-
83+
8084 # Timeouts
8185 proxy_connect_timeout 30s ;
8286 proxy_send_timeout 30s ;
8387 proxy_read_timeout 30s ;
8488 }
85-
89+
8690 # Frontend routes - everything else
8791 location / {
88- set $frontend_upstream http ://${ FRONTEND_SERVICE_NAME} : 10000 ;
92+ set $frontend_upstream https ://${ FRONTEND_SERVICE_NAME} .onrender.com ;
8993 proxy_pass $frontend_upstream ;
90- proxy_set_header Host ${ FRONTEND_SERVICE_NAME} ;
94+ proxy_ssl_server_name on;
95+ proxy_ssl_verify off;
96+ proxy_set_header Host ${ FRONTEND_SERVICE_NAME} .onrender.com;
9197 proxy_set_header X-Real-IP $remote_addr ;
9298 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
9399 proxy_set_header X-Forwarded-Proto $scheme ;
94100 proxy_set_header X-Forwarded-Host $host ;
95-
101+
96102 # Timeouts
97103 proxy_connect_timeout 30s ;
98104 proxy_send_timeout 30s ;
0 commit comments