Boilerplate FastAPI & Dockerfile + NGINX

2025-09-22 17:58:16 +01:00
parent f3fbed5298
commit bf600b8e42
35 changed files with 650 additions and 0 deletions
--- a/nginx/certs/options-ssl-nginx.conf
+++ b/nginx/certs/options-ssl-nginx.conf
@@ -0,0 +1,14 @@
+# This file contains important security parameters. If you modify this file
+# manually, Certbot will be unable to automatically provide future security
+# updates. Instead, Certbot will print and log an error message with a path to
+# the up-to-date file that you will need to refer to when manually updating
+# this file.
+
+ssl_session_cache shared:le_nginx_SSL:10m;
+ssl_session_timeout 1440m;
+ssl_session_tickets off;
+
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_prefer_server_ciphers off;
+
+ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
--- a/nginx/configs/nginx.conf
+++ b/nginx/configs/nginx.conf
@@ -0,0 +1,42 @@
+# This file should be put under /etc/nginx/conf.d/
+# Or place as /etc/nginx/nginx.conf
+
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    real_ip_header X-Forwarded-For;
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    server_tokens       off;
+
+    sendfile            on;
+    tcp_nopush          on;
+
+    keepalive_timeout   60;
+    tcp_nodelay         on;
+    client_body_timeout 15;
+
+    gzip                on;
+    gzip_vary           on;
+    gzip_min_length             1k;
+    client_max_body_size 10G;
+    proxy_request_buffering off;
+    include /etc/nginx/conf.d/*.conf;
+
+    types_hash_bucket_size 128;
+}
--- a/nginx/configs/sites/default.conf
+++ b/nginx/configs/sites/default.conf
@@ -0,0 +1,39 @@
+# Default NGINX Config
+server {
+    listen 80;
+    listen [::]:80;
+    server_name _;
+
+    return 301 https://$host$request_uri;
+}
+
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+        http2 on;
+
+    server_name _;
+
+    ssl_certificate /certs/certificate.pem;
+    ssl_certificate_key /certs/key.pem;
+    include /certs/options-ssl-nginx.conf;
+
+    client_max_body_size 50M;
+
+    location / {
+
+    }
+
+    location /api/v1/ {
+        proxy_pass  http://api:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+    }
+    location /healthz {
+        proxy_pass  http://api:8000;
+    }
+}