From 0f9aefa131738c8c153685e68ed5aa9f3879547c Mon Sep 17 00:00:00 2001 From: "edgar.mendez" Date: Fri, 20 Feb 2026 17:17:35 -0600 Subject: [PATCH] Fix: nginx --- Docker/nginx/default.conf | 69 ++++++++++++++++++++++++++++ Docker/nginx/nginx-main.conf | 76 +++++++++++++++++++++++++++++++ Docker/nginx/nginx.conf | 87 ++++++++++++++++++++++++++++++++++-- docker-compose.yml | 8 +++- 4 files changed, 235 insertions(+), 5 deletions(-) create mode 100644 Docker/nginx/default.conf create mode 100644 Docker/nginx/nginx-main.conf diff --git a/Docker/nginx/default.conf b/Docker/nginx/default.conf new file mode 100644 index 0000000..7d410fe --- /dev/null +++ b/Docker/nginx/default.conf @@ -0,0 +1,69 @@ +server { + listen 80; + server_name _; + root /var/www/repuve-backend-v1/public; + index index.php index.html; + + # Logging con formatos forenses (definidos en nginx.conf principal) + error_log /var/log/nginx/error.log debug; + access_log /var/log/nginx/access.log forensic_main; + + # Handle Laravel routes (Front Controller) + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + # Handle PHP files + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass repuve-backend:9000; + fastcgi_index index.php; + + # Timeouts importantes para evitar errores 500 + fastcgi_read_timeout 300; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + + # Carga los parámetros por defecto + include fastcgi_params; + + # Parámetros críticos para Laravel + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param HTTP_HOST $http_host; + fastcgi_param HTTPS $https if_not_empty; + fastcgi_param HTTP_PROXY ""; + + # Añadir Request ID al backend para tracking + fastcgi_param HTTP_X_REQUEST_ID $request_id; + } + + client_max_body_size 20M; + + # Handle storage files (Laravel storage link) + location /storage { + alias /var/www/repuve-backend-v1/storage/app/public; + try_files $uri =404; + } + + location /profile { + alias /var/www/repuve-backend-v1/storage/app/profile; + try_files $uri =404; + } + + location /images { + alias /var/www/repuve-backend-v1/storage/app/images; + try_files $uri =404; + } + + # Denegar acceso a archivos ocultos como .htaccess + location ~ /\.ht { + deny all; + } +} diff --git a/Docker/nginx/nginx-main.conf b/Docker/nginx/nginx-main.conf new file mode 100644 index 0000000..537d96b --- /dev/null +++ b/Docker/nginx/nginx-main.conf @@ -0,0 +1,76 @@ +user nginx; +worker_processes auto; + +# Log de errores con máximo nivel de detalle +error_log /var/log/nginx/error.log debug; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # ─── FORMATO DE LOG FORENSE EXTENDIDO ─────────────────────────────────────── + log_format forensic_main + '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '"$http_x_forwarded_for" "$http_x_real_ip" ' + 'rt=$request_time ' # Tiempo total de la petición + 'uct="$upstream_connect_time" ' # Tiempo de conexión upstream + 'uht="$upstream_header_time" ' # Tiempo de cabeceras upstream + 'urt="$upstream_response_time" ' # Tiempo de respuesta upstream + 'cs=$upstream_cache_status ' # Estado de caché + 'ssl_protocol="$ssl_protocol" ' # Protocolo SSL usado + 'ssl_cipher="$ssl_cipher" ' # Cifrado SSL + 'ssl_session_id="$ssl_session_id" ' # ID sesión TLS (rastreo) + 'conn=$connection ' # ID de conexión + 'conn_reqs=$connection_requests ' # Peticiones por conexión + 'pipe=$pipe ' # Pipelining (y/n) + 'host="$host" ' # Host solicitado + 'server_name="$server_name" ' + 'scheme="$scheme" ' + 'request_method="$request_method" ' + 'request_uri="$request_uri" ' + 'server_port="$server_port" ' + 'http_version="$server_protocol" ' + 'bytes_sent=$bytes_sent ' # Total bytes enviados + 'request_length=$request_length ' # Tamaño de la petición + 'req_id="$request_id"'; # ID único por petición + + # Formato adicional para headers sensibles / seguridad + log_format forensic_headers + '$remote_addr [$time_local] req_id="$request_id" ' + 'Authorization="$http_authorization" ' + 'Cookie="$http_cookie" ' + 'Content-Type="$content_type" ' + 'Content-Length="$content_length" ' + 'Accept="$http_accept" ' + 'Accept-Language="$http_accept_language" ' + 'Accept-Encoding="$http_accept_encoding" ' + 'Origin="$http_origin" ' + 'Sec-Fetch-Site="$http_sec_fetch_site" ' + 'Sec-Fetch-Mode="$http_sec_fetch_mode" ' + 'Sec-Fetch-Dest="$http_sec_fetch_dest" ' + 'X-Custom-Header="$http_x_custom_header"'; + + # ─── ARCHIVOS DE LOG ──────────────────────────────────────────────────────── + access_log /var/log/nginx/access.log forensic_main buffer=16k flush=1s; + access_log /var/log/nginx/headers.log forensic_headers buffer=16k flush=1s; + error_log /var/log/nginx/error.log debug; + + # ─── OPCIONES GENERALES ───────────────────────────────────────────────────── + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + server_tokens off; # No revelar versión en respuestas (buena práctica) + + # Añadir request_id único a cada petición + add_header X-Request-ID $request_id always; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/Docker/nginx/nginx.conf b/Docker/nginx/nginx.conf index 4fc73cc..e26743f 100644 --- a/Docker/nginx/nginx.conf +++ b/Docker/nginx/nginx.conf @@ -1,12 +1,87 @@ -server { +user nginx; +worker_processes auto; + +# Log de errores con máximo nivel de detalle +error_log /var/log/nginx/error.log debug; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # ─── FORMATO DE LOG FORENSE EXTENDIDO ─────────────────────────────────────── + log_format forensic_main + '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '"$http_x_forwarded_for" "$http_x_real_ip" ' + 'rt=$request_time ' # Tiempo total de la petición + 'uct="$upstream_connect_time" ' # Tiempo de conexión upstream + 'uht="$upstream_header_time" ' # Tiempo de cabeceras upstream + 'urt="$upstream_response_time" ' # Tiempo de respuesta upstream + 'cs=$upstream_cache_status ' # Estado de caché + 'ssl_protocol="$ssl_protocol" ' # Protocolo SSL usado + 'ssl_cipher="$ssl_cipher" ' # Cifrado SSL + 'ssl_session_id="$ssl_session_id" ' # ID sesión TLS (rastreo) + 'conn=$connection ' # ID de conexión + 'conn_reqs=$connection_requests ' # Peticiones por conexión + 'pipe=$pipe ' # Pipelining (y/n) + 'host="$host" ' # Host solicitado + 'server_name="$server_name" ' + 'scheme="$scheme" ' + 'request_method="$request_method" ' + 'request_uri="$request_uri" ' + 'server_port="$server_port" ' + 'http_version="$server_protocol" ' + 'bytes_sent=$bytes_sent ' # Total bytes enviados + 'request_length=$request_length ' # Tamaño de la petición + 'req_id="$request_id"'; # ID único por petición + + # Formato adicional para headers sensibles / seguridad + log_format forensic_headers + '$remote_addr [$time_local] req_id="$request_id" ' + 'Authorization="$http_authorization" ' + 'Cookie="$http_cookie" ' + 'Content-Type="$content_type" ' + 'Content-Length="$content_length" ' + 'Accept="$http_accept" ' + 'Accept-Language="$http_accept_language" ' + 'Accept-Encoding="$http_accept_encoding" ' + 'Origin="$http_origin" ' + 'Sec-Fetch-Site="$http_sec_fetch_site" ' + 'Sec-Fetch-Mode="$http_sec_fetch_mode" ' + 'Sec-Fetch-Dest="$http_sec_fetch_dest" ' + 'X-Custom-Header="$http_x_custom_header"'; + + # ─── ARCHIVOS DE LOG ──────────────────────────────────────────────────────── + access_log /var/log/nginx/access.log forensic_main buffer=16k flush=1s; + access_log /var/log/nginx/headers.log forensic_headers buffer=16k flush=1s; + error_log /var/log/nginx/error.log debug; + + # ─── OPCIONES GENERALES ───────────────────────────────────────────────────── + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + server_tokens off; # No revelar versión en respuestas (buena práctica) + + # Añadir request_id único a cada petición + add_header X-Request-ID $request_id always; + + # ─── SERVER BLOCK LARAVEL ─────────────────────────────────────────────────── + server { listen 80; server_name _; root /var/www/repuve-backend-v1/public; index index.php index.html; - # Logging - error_log /var/log/nginx/error.log; - access_log /var/log/nginx/access.log; + # Logging con formatos forenses (definidos en nginx.conf principal) + error_log /var/log/nginx/error.log debug; + access_log /var/log/nginx/access.log forensic_main; # Handle Laravel routes (Front Controller) location / { @@ -39,6 +114,9 @@ server { fastcgi_param HTTP_HOST $http_host; fastcgi_param HTTPS $https if_not_empty; fastcgi_param HTTP_PROXY ""; + + # Añadir Request ID al backend para tracking + fastcgi_param HTTP_X_REQUEST_ID $request_id; } client_max_body_size 20M; @@ -64,3 +142,4 @@ server { deny all; } } +} diff --git a/docker-compose.yml b/docker-compose.yml index f23b6f4..94a1dee 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,7 +27,13 @@ services: volumes: - ./public:/var/www/repuve-backend-v1/public - ./storage:/var/www/repuve-backend-v1/storage - - ./Docker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf + - ./Docker/nginx/nginx.conf:/etc/nginx/nginx.conf + - /var/log/nginx:/var/log/nginx + logging: + driver: "local" + options: + max-size: "50m" + max-file: "10" networks: - repuve-network mem_limit: 400m