events { worker_connections 1024; } http { upstream orbital_backend { server orbital-simulator:3000; } # Rate limiting limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; server { listen 80; server_name _; # Redirect HTTP to HTTPS in production # return 301 https://$server_name$request_uri; # For development, serve directly location / { proxy_pass http://orbital_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket support (if needed in future) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # API rate limiting location /api/ { limit_req zone=api burst=20 nodelay; proxy_pass http://orbital_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Static file caching location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ { proxy_pass http://orbital_backend; proxy_set_header Host $host; expires 1y; add_header Cache-Control "public, immutable"; } } # HTTPS server (uncomment for production with SSL certificates) # server { # listen 443 ssl http2; # server_name your-domain.com; # # ssl_certificate /etc/nginx/ssl/cert.pem; # ssl_certificate_key /etc/nginx/ssl/key.pem; # ssl_protocols TLSv1.2 TLSv1.3; # ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512; # ssl_prefer_server_ciphers off; # # location / { # proxy_pass http://orbital_backend; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # } # } }