server { listen 80; server_name _; charset utf-8; resolver 127.0.0.11 valid=10s ipv6=off; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; root /usr/share/nginx/html; index index.html; # gzip 압축 gzip on; gzip_types text/plain text/css application/javascript application/json; gzip_min_length 1024; # HTML 캐시 비활성화 location ~* \.html$ { expires -1; add_header Cache-Control "no-store, no-cache, must-revalidate"; } # JS/CSS 캐시 활성화 (버전 쿼리 스트링으로 무효화) location ~* \.(js|css)$ { expires 1h; add_header Cache-Control "public, no-transform"; } # 정적 파일 (이미지 등) location ~* \.(png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf)$ { expires 1h; add_header Cache-Control "public, no-transform"; } # 정적 파일 location / { try_files $uri $uri/ /index.html; } # 업로드 파일 프록시 (^~ 로 regex location보다 우선 매칭) location ^~ /uploads/ { set $upstream http://tkuser-api:3000; proxy_pass $upstream$request_uri; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } # work-issues API 프록시 → system2-api location /api/work-issues/ { set $upstream http://system2-api:3005; proxy_pass $upstream$request_uri; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # API 프록시 → tkuser-api location /api/ { set $upstream http://tkuser-api:3000; proxy_pass $upstream$request_uri; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; } # Health check location /health { access_log off; return 200 'ok'; add_header Content-Type text/plain; } }