# nginx config for Snipe — bare-metal self-hosted (no Docker). # # Usage: # sudo cp docs/nginx-self-hosted.conf /etc/nginx/sites-available/snipe # # Edit: update `root` to your actual web/dist path and `server_name` to your hostname # sudo ln -s /etc/nginx/sites-available/snipe /etc/nginx/sites-enabled/snipe # sudo nginx -t && sudo systemctl reload nginx # # Assumes: # - The Snipe FastAPI API is running on 127.0.0.1:8510 (./start-local.sh) # - The Vue frontend was built by install.sh into web/dist/ # - TLS termination is handled separately (Caddy, certbot, or upstream proxy) # # For TLS with Let's Encrypt, run: # sudo certbot --nginx -d your.domain.com # Certbot will add the ssl_certificate lines automatically. server { listen 80; server_name your.domain.com; # replace or use _ for catch-all # Path to the Vue production build — update to match your install directory root /home/youruser/snipe/snipe/web/dist; index index.html; # Proxy all /api/ requests to the FastAPI backend location /api/ { proxy_pass http://127.0.0.1:8510; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # SSE (Server-Sent Events) — live trust score updates # These are long-lived streaming responses; disable buffering. proxy_buffering off; proxy_cache off; proxy_read_timeout 120s; } # index.html — never cache; ensures clients always get the latest entry point # after a deployment (JS/CSS chunks are content-hashed so they cache forever) location = /index.html { add_header Cache-Control "no-cache, no-store, must-revalidate"; try_files $uri /index.html; } # SPA fallback — all unknown paths serve index.html so Vue Router handles routing location / { try_files $uri $uri/ /index.html; } # Long-term cache for content-hashed static assets location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff2?)$ { expires 1y; add_header Cache-Control "public, immutable"; } }