Fix: nginx

2026-02-20 17:17:35 -06:00 · 2026-02-20 17:17:35 -06:00 · 0f9aefa131
commit 0f9aefa131
parent feb240698f
4 changed files with 235 additions and 5 deletions
--- a/Docker/nginx/default.conf
+++ b/Docker/nginx/default.conf
@ -0,0 +1,69 @@
+server {
+    listen 80;
+    server_name _;
+    root /var/www/repuve-backend-v1/public;
+    index index.php index.html;
+
+    # Logging con formatos forenses (definidos en nginx.conf principal)
+    error_log  /var/log/nginx/error.log debug;
+    access_log /var/log/nginx/access.log forensic_main;
+
+    # Handle Laravel routes (Front Controller)
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    # Handle PHP files
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass repuve-backend:9000;
+        fastcgi_index index.php;
+
+        # Timeouts importantes para evitar errores 500
+        fastcgi_read_timeout 300;
+        fastcgi_connect_timeout 300;
+        fastcgi_send_timeout 300;
+
+        # Carga los parámetros por defecto
+        include fastcgi_params;
+
+        # Parámetros críticos para Laravel
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+        fastcgi_param REQUEST_URI $request_uri;
+        fastcgi_param QUERY_STRING $query_string;
+        fastcgi_param REQUEST_METHOD $request_method;
+        fastcgi_param CONTENT_TYPE $content_type;
+        fastcgi_param CONTENT_LENGTH $content_length;
+        fastcgi_param HTTP_HOST $http_host;
+        fastcgi_param HTTPS $https if_not_empty;
+        fastcgi_param HTTP_PROXY "";
+        
+        # Añadir Request ID al backend para tracking
+        fastcgi_param HTTP_X_REQUEST_ID $request_id;
+    }
+
+    client_max_body_size 20M;
+
+    # Handle storage files (Laravel storage link)
+    location /storage {
+        alias /var/www/repuve-backend-v1/storage/app/public;
+        try_files $uri =404;
+    }
+
+    location /profile {
+        alias /var/www/repuve-backend-v1/storage/app/profile;
+        try_files $uri =404;
+    }
+
+    location /images {
+        alias /var/www/repuve-backend-v1/storage/app/images;
+        try_files $uri =404;
+    }
+
+    # Denegar acceso a archivos ocultos como .htaccess
+    location ~ /\.ht {
+        deny all;
+    }
+}
--- a/Docker/nginx/nginx-main.conf
+++ b/Docker/nginx/nginx-main.conf
@ -0,0 +1,76 @@
+user  nginx;
+worker_processes  auto;
+
+# Log de errores con máximo nivel de detalle
+error_log  /var/log/nginx/error.log debug;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    # ─── FORMATO DE LOG FORENSE EXTENDIDO ───────────────────────────────────────
+    log_format forensic_main
+        '$remote_addr - $remote_user [$time_local] '
+        '"$request" $status $body_bytes_sent '
+        '"$http_referer" "$http_user_agent" '
+        '"$http_x_forwarded_for" "$http_x_real_ip" '
+        'rt=$request_time '                        # Tiempo total de la petición
+        'uct="$upstream_connect_time" '            # Tiempo de conexión upstream
+        'uht="$upstream_header_time" '             # Tiempo de cabeceras upstream
+        'urt="$upstream_response_time" '           # Tiempo de respuesta upstream
+        'cs=$upstream_cache_status '               # Estado de caché
+        'ssl_protocol="$ssl_protocol" '            # Protocolo SSL usado
+        'ssl_cipher="$ssl_cipher" '                # Cifrado SSL
+        'ssl_session_id="$ssl_session_id" '        # ID sesión TLS (rastreo)
+        'conn=$connection '                        # ID de conexión
+        'conn_reqs=$connection_requests '          # Peticiones por conexión
+        'pipe=$pipe '                              # Pipelining (y/n)
+        'host="$host" '                            # Host solicitado
+        'server_name="$server_name" '
+        'scheme="$scheme" '
+        'request_method="$request_method" '
+        'request_uri="$request_uri" '
+        'server_port="$server_port" '
+        'http_version="$server_protocol" '
+        'bytes_sent=$bytes_sent '                  # Total bytes enviados
+        'request_length=$request_length '          # Tamaño de la petición
+        'req_id="$request_id"';                    # ID único por petición
+
+    # Formato adicional para headers sensibles / seguridad
+    log_format forensic_headers
+        '$remote_addr [$time_local] req_id="$request_id" '
+        'Authorization="$http_authorization" '
+        'Cookie="$http_cookie" '
+        'Content-Type="$content_type" '
+        'Content-Length="$content_length" '
+        'Accept="$http_accept" '
+        'Accept-Language="$http_accept_language" '
+        'Accept-Encoding="$http_accept_encoding" '
+        'Origin="$http_origin" '
+        'Sec-Fetch-Site="$http_sec_fetch_site" '
+        'Sec-Fetch-Mode="$http_sec_fetch_mode" '
+        'Sec-Fetch-Dest="$http_sec_fetch_dest" '
+        'X-Custom-Header="$http_x_custom_header"';
+
+    # ─── ARCHIVOS DE LOG ────────────────────────────────────────────────────────
+    access_log  /var/log/nginx/access.log         forensic_main   buffer=16k flush=1s;
+    access_log  /var/log/nginx/headers.log        forensic_headers buffer=16k flush=1s;
+    error_log   /var/log/nginx/error.log          debug;
+
+    # ─── OPCIONES GENERALES ─────────────────────────────────────────────────────
+    sendfile        on;
+    tcp_nopush      on;
+    tcp_nodelay     on;
+    keepalive_timeout  65;
+    server_tokens   off;  # No revelar versión en respuestas (buena práctica)
+
+    # Añadir request_id único a cada petición
+    add_header X-Request-ID $request_id always;
+
+    include /etc/nginx/conf.d/*.conf;
+}
--- a/Docker/nginx/nginx.conf
+++ b/Docker/nginx/nginx.conf
@ -1,12 +1,87 @@
+user  nginx;
+worker_processes  auto;
+
+# Log de errores con máximo nivel de detalle
+error_log  /var/log/nginx/error.log debug;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    # ─── FORMATO DE LOG FORENSE EXTENDIDO ───────────────────────────────────────
+    log_format forensic_main
+        '$remote_addr - $remote_user [$time_local] '
+        '"$request" $status $body_bytes_sent '
+        '"$http_referer" "$http_user_agent" '
+        '"$http_x_forwarded_for" "$http_x_real_ip" '
+        'rt=$request_time '                        # Tiempo total de la petición
+        'uct="$upstream_connect_time" '            # Tiempo de conexión upstream
+        'uht="$upstream_header_time" '             # Tiempo de cabeceras upstream
+        'urt="$upstream_response_time" '           # Tiempo de respuesta upstream
+        'cs=$upstream_cache_status '               # Estado de caché
+        'ssl_protocol="$ssl_protocol" '            # Protocolo SSL usado
+        'ssl_cipher="$ssl_cipher" '                # Cifrado SSL
+        'ssl_session_id="$ssl_session_id" '        # ID sesión TLS (rastreo)
+        'conn=$connection '                        # ID de conexión
+        'conn_reqs=$connection_requests '          # Peticiones por conexión
+        'pipe=$pipe '                              # Pipelining (y/n)
+        'host="$host" '                            # Host solicitado
+        'server_name="$server_name" '
+        'scheme="$scheme" '
+        'request_method="$request_method" '
+        'request_uri="$request_uri" '
+        'server_port="$server_port" '
+        'http_version="$server_protocol" '
+        'bytes_sent=$bytes_sent '                  # Total bytes enviados
+        'request_length=$request_length '          # Tamaño de la petición
+        'req_id="$request_id"';                    # ID único por petición
+
+    # Formato adicional para headers sensibles / seguridad
+    log_format forensic_headers
+        '$remote_addr [$time_local] req_id="$request_id" '
+        'Authorization="$http_authorization" '
+        'Cookie="$http_cookie" '
+        'Content-Type="$content_type" '
+        'Content-Length="$content_length" '
+        'Accept="$http_accept" '
+        'Accept-Language="$http_accept_language" '
+        'Accept-Encoding="$http_accept_encoding" '
+        'Origin="$http_origin" '
+        'Sec-Fetch-Site="$http_sec_fetch_site" '
+        'Sec-Fetch-Mode="$http_sec_fetch_mode" '
+        'Sec-Fetch-Dest="$http_sec_fetch_dest" '
+        'X-Custom-Header="$http_x_custom_header"';
+
+    # ─── ARCHIVOS DE LOG ────────────────────────────────────────────────────────
+    access_log  /var/log/nginx/access.log         forensic_main   buffer=16k flush=1s;
+    access_log  /var/log/nginx/headers.log        forensic_headers buffer=16k flush=1s;
+    error_log   /var/log/nginx/error.log          debug;
+
+    # ─── OPCIONES GENERALES ─────────────────────────────────────────────────────
+    sendfile        on;
+    tcp_nopush      on;
+    tcp_nodelay     on;
+    keepalive_timeout  65;
+    server_tokens   off;  # No revelar versión en respuestas (buena práctica)
+
+    # Añadir request_id único a cada petición
+    add_header X-Request-ID $request_id always;
+
+    # ─── SERVER BLOCK LARAVEL ───────────────────────────────────────────────────
    server {
    listen 80;
    server_name _;
    root /var/www/repuve-backend-v1/public;
    index index.php index.html;

-    # Logging
-    error_log  /var/log/nginx/error.log;
-    access_log /var/log/nginx/access.log;
+    # Logging con formatos forenses (definidos en nginx.conf principal)
+    error_log  /var/log/nginx/error.log debug;
+    access_log /var/log/nginx/access.log forensic_main;

    # Handle Laravel routes (Front Controller)
    location / {
@ -39,6 +114,9 @@ server {
        fastcgi_param HTTP_HOST $http_host;
        fastcgi_param HTTPS $https if_not_empty;
        fastcgi_param HTTP_PROXY "";
+        
+        # Añadir Request ID al backend para tracking
+        fastcgi_param HTTP_X_REQUEST_ID $request_id;
    }

    client_max_body_size 20M;
@ -64,3 +142,4 @@ server {
        deny all;
    }
 }
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -27,7 +27,13 @@ services:
    volumes:
      - ./public:/var/www/repuve-backend-v1/public
      - ./storage:/var/www/repuve-backend-v1/storage
-      - ./Docker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
+      - ./Docker/nginx/nginx.conf:/etc/nginx/nginx.conf
+      - /var/log/nginx:/var/log/nginx
+    logging:
+      driver: "local"
+      options:
+        max-size: "50m"
+        max-file: "10"
    networks:
      - repuve-network
    mem_limit: 400m