studd

backend/Dockerfile

@@ -31,4 +31,4 @@ HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \
 
 # Явно выводим логи в stdout/stderr без буферизации
 # Используем unbuffered mode для Python-style вывода (если доступно)
-CMD sh -c "echo '========================================' 1>&2 && echo '=== DOCKER CMD STARTED ===' 1>&2 && echo '========================================' 1>&2 && echo 'Running migrations...' 1>&2 && npx prisma migrate deploy 2>&1 && echo '=== MIGRATIONS COMPLETED ===' 1>&2 && echo 'Starting Node.js application...' 1>&2 && exec node --no-warnings dist/src/main.js 2>&1"
+CMD sh -c "echo '========================================' 1>&2 && echo '=== DOCKER CMD STARTED ===' 1>&2 && echo '========================================' 1>&2 && echo 'Pushing database schema...' 1>&2 && npx prisma db push --accept-data-loss 2>&1 && echo '=== DATABASE SCHEMA APPLIED ===' 1>&2 && echo 'Starting Node.js application...' 1>&2 && exec node --no-warnings dist/src/main.js 2>&1"

nginx.conf

@@ -4,16 +4,22 @@ server {
     root /usr/share/nginx/html;
     index index.html;
 
+    # Настройки для работы за reverse proxy (Coolify/Traefik)
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from 0.0.0.0/0;
+
     # Gzip compression
     gzip on;
     gzip_vary on;
     gzip_min_length 1024;
     gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml+rss application/json application/javascript;
 
-    # Security headers
+    # Security headers для HTTPS
     add_header X-Frame-Options "SAMEORIGIN" always;
     add_header X-Content-Type-Options "nosniff" always;
     add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
 
     # SPA routing support - все запросы направляются на index.html
     location / {