diff --git a/backend/Dockerfile b/backend/Dockerfile index d7f2183..d9de1a8 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -31,4 +31,4 @@ HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \ # Явно выводим логи в stdout/stderr без буферизации # Используем unbuffered mode для Python-style вывода (если доступно) -CMD sh -c "echo '========================================' 1>&2 && echo '=== DOCKER CMD STARTED ===' 1>&2 && echo '========================================' 1>&2 && echo 'Running migrations...' 1>&2 && npx prisma migrate deploy 2>&1 && echo '=== MIGRATIONS COMPLETED ===' 1>&2 && echo 'Starting Node.js application...' 1>&2 && exec node --no-warnings dist/src/main.js 2>&1" +CMD sh -c "echo '========================================' 1>&2 && echo '=== DOCKER CMD STARTED ===' 1>&2 && echo '========================================' 1>&2 && echo 'Pushing database schema...' 1>&2 && npx prisma db push --accept-data-loss 2>&1 && echo '=== DATABASE SCHEMA APPLIED ===' 1>&2 && echo 'Starting Node.js application...' 1>&2 && exec node --no-warnings dist/src/main.js 2>&1" diff --git a/nginx.conf b/nginx.conf index 130a2c3..b68af8b 100644 --- a/nginx.conf +++ b/nginx.conf @@ -4,16 +4,22 @@ server { root /usr/share/nginx/html; index index.html; + # Настройки для работы за reverse proxy (Coolify/Traefik) + real_ip_header X-Forwarded-For; + real_ip_recursive on; + set_real_ip_from 0.0.0.0/0; + # Gzip compression gzip on; gzip_vary on; gzip_min_length 1024; gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml+rss application/json application/javascript; - # Security headers + # Security headers для HTTPS add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; # SPA routing support - все запросы направляются на index.html location / {