# ============================================================================= # RecreaHUB API — Nginx Reverse Proxy — CentOS 7 # # DIFERENÇA vs Ubuntu/Debian: # CentOS 7 usa /etc/nginx/conf.d/ (NÃO sites-available/sites-enabled) # # Instalação: # sudo cp setup-nginx-centos7.conf /etc/nginx/conf.d/recreahub-api.conf # sudo nginx -t # sudo systemctl reload nginx # # Para HTTPS (Let's Encrypt / Certbot via EPEL): # sudo yum install -y certbot python2-certbot-nginx # sudo certbot --nginx -d api.recreahub.com.br # # SELinux (obrigatório para proxy Nginx → Node.js no CentOS 7): # sudo setsebool -P httpd_can_network_connect 1 # ============================================================================= # ── Upstream: Node.js na porta 3000 (PM2 cluster) ──────────────────────────── upstream recreahub_api { server 127.0.0.1:3000; keepalive 64; } # ── Servidor HTTP (porta 80) ────────────────────────────────────────────────── server { listen 80; server_name api.recreahub.com.br; # Tamanho máximo de upload (ex.: imagens de perfil) client_max_body_size 10m; # ── Compressão Gzip ─────────────────────────────────────────────────────── gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types application/json text/plain text/css application/javascript application/x-javascript text/xml application/xml application/rss+xml image/svg+xml; gzip_min_length 1024; # ── Health check (sem autenticação, sem log) ────────────────────────────── location /health { proxy_pass http://recreahub_api; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; access_log off; } # ── Proxy principal para Node.js ────────────────────────────────────────── location / { proxy_pass http://recreahub_api; proxy_http_version 1.1; # Suporte WebSocket proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; # Headers de forwarding proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; # Timeouts proxy_connect_timeout 10s; proxy_send_timeout 60s; proxy_read_timeout 120s; } } # ============================================================================= # HTTPS — Descomentar após executar: # certbot --nginx -d api.recreahub.com.br # # O certbot preenche automaticamente os paths dos certificados abaixo. # Após SSL habilitado, o bloco HTTP acima deve fazer redirect 301. # ============================================================================= # server { # listen 443 ssl http2; # server_name api.recreahub.com.br; # # # Certificados gerenciados pelo Certbot (Let's Encrypt): # ssl_certificate /etc/letsencrypt/live/api.recreahub.com.br/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/api.recreahub.com.br/privkey.pem; # include /etc/letsencrypt/options-ssl-nginx.conf; # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # # client_max_body_size 10m; # # gzip on; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_types application/json text/plain text/css application/javascript; # gzip_min_length 1024; # # location /health { # proxy_pass http://recreahub_api; # proxy_http_version 1.1; # proxy_set_header Host $host; # access_log off; # } # # location / { # proxy_pass http://recreahub_api; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection 'upgrade'; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_cache_bypass $http_upgrade; # proxy_connect_timeout 10s; # proxy_send_timeout 60s; # proxy_read_timeout 120s; # } # } # # Redirecionar HTTP → HTTPS (habilitar após obter certificado): # server { # listen 80; # server_name api.recreahub.com.br; # return 301 https://$host$request_uri; # }