diff --git a/birdnet-pipy/rootfs/etc/nginx/servers/ingress.conf b/birdnet-pipy/rootfs/etc/nginx/servers/ingress.conf deleted file mode 100644 index 391d50f7f..000000000 --- a/birdnet-pipy/rootfs/etc/nginx/servers/ingress.conf +++ /dev/null @@ -1,74 +0,0 @@ -server { - listen %%interface%%:%%port%% default_server; - - root /usr/share/nginx/html; - index index.html; - - include /etc/nginx/includes/server_params.conf; - include /etc/nginx/includes/proxy_params.conf; - - client_max_body_size 0; - - gzip on; - gzip_vary on; - gzip_min_length 1024; - gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json; - - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - - sub_filter_once off; - sub_filter_types text/html; - sub_filter '' ''; - sub_filter 'href="/' 'href="%%ingress_entry%%/'; - sub_filter 'src="/' 'src="%%ingress_entry%%/'; - - location ^~ /api/ { - proxy_pass http://127.0.0.1:5002; - } - - location = /internal/auth { - internal; - proxy_pass http://127.0.0.1:5002/api/auth/verify; - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - proxy_set_header X-Original-URI $request_uri; - proxy_set_header Cookie $http_cookie; - } - - location @stream_unauthorized { - default_type application/json; - return 401 '{"error": "Authentication required"}'; - } - - location ^~ /stream/ { - auth_request /internal/auth; - error_page 401 = @stream_unauthorized; - - proxy_pass http://127.0.0.1:8888/; - proxy_buffering off; - proxy_read_timeout 3600s; - proxy_send_timeout 3600s; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { - expires 1y; - add_header Cache-Control "public, immutable"; - try_files $uri =404; - } - - location /socket.io/ { - proxy_pass http://127.0.0.1:5002/socket.io/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_cache_bypass $http_upgrade; - } - - location / { - try_files $uri $uri/ /index.html; - } - - error_page 404 /index.html; - error_page 500 502 503 504 /index.html; -} diff --git a/birdnet-pipy/rootfs/etc/nginx/servers/nginx.conf b/birdnet-pipy/rootfs/etc/nginx/servers/nginx.conf deleted file mode 100644 index 019995942..000000000 --- a/birdnet-pipy/rootfs/etc/nginx/servers/nginx.conf +++ /dev/null @@ -1,99 +0,0 @@ -server { - listen 80; - server_name localhost; - root /usr/share/nginx/html; - index index.html; - - # Gzip compression - gzip on; - gzip_vary on; - gzip_min_length 1024; - gzip_proxied expired no-cache no-store private auth; - gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json; - - # Security headers - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - - # Allow large file uploads (for database migration) - client_max_body_size 500M; - - # API proxy - forward /api/ requests to API server - # IMPORTANT: ^~ modifier prevents regex matches (like .png) from taking precedence - location ^~ /api/ { - proxy_pass http://127.0.0.1:5002; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - - # Longer timeouts for migration imports - proxy_read_timeout 300s; - proxy_send_timeout 300s; - } - - # Internal auth verification endpoint (for nginx auth_request) - location = /internal/auth { - internal; - proxy_pass http://127.0.0.1:5002/api/auth/verify; - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - proxy_set_header X-Original-URI $request_uri; - proxy_set_header Cookie $http_cookie; - } - - # Auth error handler - returns JSON for API clients - location @stream_unauthorized { - default_type application/json; - return 401 '{"error": "Authentication required"}'; - } - - # Icecast audio stream proxy - forward /stream/ requests to Icecast server - # Protected by authentication when enabled - location ^~ /stream/ { - auth_request /internal/auth; - error_page 401 = @stream_unauthorized; - - proxy_pass http://127.0.0.1:8888/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Streaming-specific settings - proxy_buffering off; - proxy_read_timeout 3600s; - proxy_send_timeout 3600s; - } - - # Handle static assets with long cache times - # Note: /api/ routes are handled above, so this only affects local static files - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { - expires 1y; - add_header Cache-Control "public, immutable"; - try_files $uri =404; - } - - # Handle Vue.js SPA routing - serve index.html for all routes that don't match static files - location / { - try_files $uri $uri/ /index.html; - } - - # Socket.IO WebSocket proxy - forward /socket.io/ requests to API server - location /socket.io/ { - proxy_pass http://127.0.0.1:5002/socket.io/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_cache_bypass $http_upgrade; - } - - # Error pages - error_page 404 /index.html; - error_page 500 502 503 504 /index.html; -}