juan.zapata/repuve-backend-v1
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix: nginx

Browse Source
This commit is contained in:
Edgar Méndez Mendoza 2026-02-20 17:17:35 -06:00
parent feb240698f
commit 0f9aefa131
4 changed files with 235 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
Docker/nginx/default.conf Normal file
View File

@ -0,0 +1,69 @@
server {
listen 80;
server_name _;
root /var/www/repuve-backend-v1/public;
index index.php index.html;
# Logging con formatos forenses (definidos en nginx.conf principal)
error_log /var/log/nginx/error.log debug;
access_log /var/log/nginx/access.log forensic_main;
# Handle Laravel routes (Front Controller)
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# Handle PHP files
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass repuve-backend:9000;
fastcgi_index index.php;
# Timeouts importantes para evitar errores 500
fastcgi_read_timeout 300;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
# Carga los parámetros por defecto
include fastcgi_params;
# Parámetros críticos para Laravel
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param HTTP_HOST $http_host;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param HTTP_PROXY "";
# Añadir Request ID al backend para tracking
fastcgi_param HTTP_X_REQUEST_ID $request_id;
}
client_max_body_size 20M;
# Handle storage files (Laravel storage link)
location /storage {
alias /var/www/repuve-backend-v1/storage/app/public;
try_files $uri =404;
}
location /profile {
alias /var/www/repuve-backend-v1/storage/app/profile;
try_files $uri =404;
}
location /images {
alias /var/www/repuve-backend-v1/storage/app/images;
try_files $uri =404;
}
# Denegar acceso a archivos ocultos como .htaccess
location ~ /\.ht {
deny all;
}
}

76
Docker/nginx/nginx-main.conf Normal file
View File

@ -0,0 +1,76 @@
user nginx;
worker_processes auto;
# Log de errores con máximo nivel de detalle
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# ─── FORMATO DE LOG FORENSE EXTENDIDO ───────────────────────────────────────
log_format forensic_main
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_x_forwarded_for" "$http_x_real_ip" '
'rt=$request_time ' # Tiempo total de la petición
'uct="$upstream_connect_time" ' # Tiempo de conexión upstream
'uht="$upstream_header_time" ' # Tiempo de cabeceras upstream
'urt="$upstream_response_time" ' # Tiempo de respuesta upstream
'cs=$upstream_cache_status ' # Estado de caché
'ssl_protocol="$ssl_protocol" ' # Protocolo SSL usado
'ssl_cipher="$ssl_cipher" ' # Cifrado SSL
'ssl_session_id="$ssl_session_id" ' # ID sesión TLS (rastreo)
'conn=$connection ' # ID de conexión
'conn_reqs=$connection_requests ' # Peticiones por conexión
'pipe=$pipe ' # Pipelining (y/n)
'host="$host" ' # Host solicitado
'server_name="$server_name" '
'scheme="$scheme" '
'request_method="$request_method" '
'request_uri="$request_uri" '
'server_port="$server_port" '
'http_version="$server_protocol" '
'bytes_sent=$bytes_sent ' # Total bytes enviados
'request_length=$request_length ' # Tamaño de la petición
'req_id="$request_id"'; # ID único por petición
# Formato adicional para headers sensibles / seguridad
log_format forensic_headers
'$remote_addr [$time_local] req_id="$request_id" '
'Authorization="$http_authorization" '
'Cookie="$http_cookie" '
'Content-Type="$content_type" '
'Content-Length="$content_length" '
'Accept="$http_accept" '
'Accept-Language="$http_accept_language" '
'Accept-Encoding="$http_accept_encoding" '
'Origin="$http_origin" '
'Sec-Fetch-Site="$http_sec_fetch_site" '
'Sec-Fetch-Mode="$http_sec_fetch_mode" '
'Sec-Fetch-Dest="$http_sec_fetch_dest" '
'X-Custom-Header="$http_x_custom_header"';
# ─── ARCHIVOS DE LOG ────────────────────────────────────────────────────────
access_log /var/log/nginx/access.log forensic_main buffer=16k flush=1s;
access_log /var/log/nginx/headers.log forensic_headers buffer=16k flush=1s;
error_log /var/log/nginx/error.log debug;
# ─── OPCIONES GENERALES ─────────────────────────────────────────────────────
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
server_tokens off; # No revelar versión en respuestas (buena práctica)
# Añadir request_id único a cada petición
add_header X-Request-ID $request_id always;
include /etc/nginx/conf.d/*.conf;
}

87
Docker/nginx/nginx.conf
View File

@ -1,12 +1,87 @@
server { user nginx;
worker_processes auto;
# Log de errores con máximo nivel de detalle
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# ─── FORMATO DE LOG FORENSE EXTENDIDO ───────────────────────────────────────
log_format forensic_main
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_x_forwarded_for" "$http_x_real_ip" '
'rt=$request_time ' # Tiempo total de la petición
'uct="$upstream_connect_time" ' # Tiempo de conexión upstream
'uht="$upstream_header_time" ' # Tiempo de cabeceras upstream
'urt="$upstream_response_time" ' # Tiempo de respuesta upstream
'cs=$upstream_cache_status ' # Estado de caché
'ssl_protocol="$ssl_protocol" ' # Protocolo SSL usado
'ssl_cipher="$ssl_cipher" ' # Cifrado SSL
'ssl_session_id="$ssl_session_id" ' # ID sesión TLS (rastreo)
'conn=$connection ' # ID de conexión
'conn_reqs=$connection_requests ' # Peticiones por conexión
'pipe=$pipe ' # Pipelining (y/n)
'host="$host" ' # Host solicitado
'server_name="$server_name" '
'scheme="$scheme" '
'request_method="$request_method" '
'request_uri="$request_uri" '
'server_port="$server_port" '
'http_version="$server_protocol" '
'bytes_sent=$bytes_sent ' # Total bytes enviados
'request_length=$request_length ' # Tamaño de la petición
'req_id="$request_id"'; # ID único por petición
# Formato adicional para headers sensibles / seguridad
log_format forensic_headers
'$remote_addr [$time_local] req_id="$request_id" '
'Authorization="$http_authorization" '
'Cookie="$http_cookie" '
'Content-Type="$content_type" '
'Content-Length="$content_length" '
'Accept="$http_accept" '
'Accept-Language="$http_accept_language" '
'Accept-Encoding="$http_accept_encoding" '
'Origin="$http_origin" '
'Sec-Fetch-Site="$http_sec_fetch_site" '
'Sec-Fetch-Mode="$http_sec_fetch_mode" '
'Sec-Fetch-Dest="$http_sec_fetch_dest" '
'X-Custom-Header="$http_x_custom_header"';
# ─── ARCHIVOS DE LOG ────────────────────────────────────────────────────────
access_log /var/log/nginx/access.log forensic_main buffer=16k flush=1s;
access_log /var/log/nginx/headers.log forensic_headers buffer=16k flush=1s;
error_log /var/log/nginx/error.log debug;
# ─── OPCIONES GENERALES ─────────────────────────────────────────────────────
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
server_tokens off; # No revelar versión en respuestas (buena práctica)
# Añadir request_id único a cada petición
add_header X-Request-ID $request_id always;
# ─── SERVER BLOCK LARAVEL ───────────────────────────────────────────────────
server {
listen 80; listen 80;
server_name _; server_name _;
root /var/www/repuve-backend-v1/public; root /var/www/repuve-backend-v1/public;
index index.php index.html; index index.php index.html;
# Logging # Logging con formatos forenses (definidos en nginx.conf principal)
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log debug;
access_log /var/log/nginx/access.log; access_log /var/log/nginx/access.log forensic_main;
# Handle Laravel routes (Front Controller) # Handle Laravel routes (Front Controller)
location / { location / {
@ -39,6 +114,9 @@ server {
fastcgi_param HTTP_HOST $http_host; fastcgi_param HTTP_HOST $http_host;
fastcgi_param HTTPS $https if_not_empty; fastcgi_param HTTPS $https if_not_empty;
fastcgi_param HTTP_PROXY ""; fastcgi_param HTTP_PROXY "";
# Añadir Request ID al backend para tracking
fastcgi_param HTTP_X_REQUEST_ID $request_id;
} }
client_max_body_size 20M; client_max_body_size 20M;
@ -64,3 +142,4 @@ server {
deny all; deny all;
} }
} }
}

8
docker-compose.yml
View File

@ -27,7 +27,13 @@ services:
volumes: volumes:
- ./public:/var/www/repuve-backend-v1/public - ./public:/var/www/repuve-backend-v1/public
- ./storage:/var/www/repuve-backend-v1/storage - ./storage:/var/www/repuve-backend-v1/storage
- ./Docker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf - ./Docker/nginx/nginx.conf:/etc/nginx/nginx.conf
- /var/log/nginx:/var/log/nginx
logging:
driver: "local"
options:
max-size: "50m"
max-file: "10"
networks: networks:
- repuve-network - repuve-network
mem_limit: 400m mem_limit: 400m