# Nginx Configuration for Aldudu Academy # Place this in /etc/nginx/sites-available/aldudu-academy # Then: sudo ln -s /etc/nginx/sites-available/aldudu-academy /etc/nginx/sites-enabled/ # And: sudo nginx -t && sudo systemctl reload nginx server { listen 80; server_name aldudu.academy www.aldudu.academy; # Change to your domain # Redirect HTTP to HTTPS return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name aldudu.academy www.aldudu.academy; # SSL Configuration (use Let's Encrypt or your certificate) ssl_certificate /etc/letsencrypt/live/aldudu.academy/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/aldudu.academy/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # Security Headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; # Document root - serve static files directly root /var/www/aldudu-academy; index index.html; # Static files with aggressive caching location /static { alias /var/www/aldudu-academy/app/static; # Enable gzip compression gzip on; gzip_vary on; gzip_min_length 1024; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/javascript application/json; # Cache static assets for 1 year location ~* \.(css|scss|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; } } # Media uploads - no caching location /instance/uploads { alias /var/www/aldudu-academy/instance/uploads; expires -1; add_header Cache-Control "no-store, no-cache, must-revalidate"; # Prevent direct execution of uploaded files location ~ \.(php|py|sh|exe|bat)$ { deny all; } } # Proxy all other requests to Gunicorn location / { proxy_pass http://127.0.0.1:8000; # Gunicorn socket proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Timeouts proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; # Buffering proxy_buffering on; proxy_buffer_size 4k; proxy_buffers 8 4k; } # Health check endpoint (no logging) location /healthz { proxy_pass http://127.0.0.1:8000; proxy_set_header Host $host; access_log off; } # Logs access_log /var/log/nginx/aldudu-academy-access.log; error_log /var/log/nginx/aldudu-academy-error.log; } # ============================================================================ # DEPLOYMENT NOTES: # ============================================================================ # 1. Install nginx: sudo apt-get install nginx # 2. Copy this file: sudo cp nginx.conf /etc/nginx/sites-available/aldudu-academy # 3. Enable site: sudo ln -s /etc/nginx/sites-available/aldudu-academy /etc/nginx/sites-enabled/ # 4. Test config: sudo nginx -t # 5. Reload nginx: sudo systemctl reload nginx # 6. Install SSL: sudo apt-get install certbot python3-certbot-nginx # 7. Get certificate: sudo certbot --nginx -d aldudu.academy -d www.aldudu.academy # # For static file deployment: # 1. Run minification: python scripts/minify_assets.py # 2. Copy static files: rsync -av app/static/ /var/www/aldudu-academy/app/static/ # 3. Ensure proper permissions: chown -R www-data:www-data /var/www/aldudu-academy # ============================================================================