admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bb379b5c1b818bcbcfdffe1bb885ade73d9492cd
goodgo-platform/infra/nginx/redirect.conf
Ho Ngoc Hai e5f7acf7da
Some checks failed
CI / Lint → Typecheck → Test → Build (22) (push) Failing after 58s
Details
Deploy / Build Web Image (push) Failing after 14s
Details
Deploy / Rollback Production (push) Has been skipped
Details
CI / E2E Tests (push) Has been skipped
Details
Deploy / Build API Image (push) Failing after 3m8s
Details
Deploy / Build AI Services Image (push) Failing after 10s
Details
E2E Tests / Playwright E2E (push) Failing after 1m21s
Details
Deploy / Deploy to Staging (push) Has been skipped
Details
Deploy / Smoke Test Staging (push) Has been skipped
Details
Deploy / Deploy to Production (push) Has been skipped
Details
Deploy / Smoke Test Production (push) Has been skipped
Details
Deploy / Rollback Staging (push) Has been skipped
Details
feat: production infra — nginx configs, deploy script, security hardening 
- Add Nginx reverse-proxy configs for api.goodgo.vn and platform.goodgo.vn
  with SSL, gzip, rate limiting, security headers, and WebSocket support
- Add Cloudflare DNS setup script for A/AAAA/CNAME records
- Add server-setup.sh for Ubuntu provisioning (Docker, fail2ban, UFW,
  swap, unattended-upgrades)
- Add deploy-production.sh for manual production deployments
- Add env.production.example with all required environment variables
- Bind container ports to 127.0.0.1 in docker-compose.prod.yml
  (security: prevent direct access bypassing Nginx)
- Fix deploy workflow: add -T flag to exec, sync Nginx configs,
  copy pgbouncer and backup configs to server

Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
2026-04-13 14:11:25 +07:00

29 lines
871 B
Plaintext
Raw Blame History

# ==============================================================================
# HTTP → HTTPS redirect for all GoodGo domains
# Cloudflare also enforces this, but this catches direct-IP access.
# ==============================================================================
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name platform.goodgo.vn api.goodgo.vn grafana.goodgo.vn;
# Redirect all HTTP to HTTPS
return 301 https://$host$request_uri;
}
# Catch-all for direct IP access — return 444 (drop connection)
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _;
ssl_certificate /etc/ssl/goodgo/origin.pem;
ssl_certificate_key /etc/ssl/goodgo/origin-key.pem;
# Drop connections that don't match any server_name
return 444;
}
Reference in New Issue View Git Blame Copy Permalink