167 lines
5.9 KiB
Plaintext
167 lines
5.9 KiB
Plaintext
# HTTP → HTTPS redirect
|
|
server {
|
|
listen 80;
|
|
server_name weval-consulting.com www.weval-consulting.com;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
# Main HTTPS server
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name weval-consulting.com www.weval-consulting.com;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/weval-consulting.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/weval-consulting.com/privkey.pem;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# Security headers
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
|
|
|
|
# === SECURITY: Block .git access (P0 fix 2026-03-03) ===
|
|
location ~ /\.git {
|
|
deny all;
|
|
return 404;
|
|
}
|
|
|
|
# === WIDGET: Serve wevia-widget-embed.js (P1 fix 2026-03-03) ===
|
|
location = /wevia-widget-embed.js {
|
|
alias /var/www/weval/wevia-widget-embed.js;
|
|
add_header Cache-Control "public, max-age=3600";
|
|
}
|
|
|
|
root /var/www/html;
|
|
index index.html;
|
|
error_page 404 /404.html;
|
|
location = /404.html { internal; }
|
|
|
|
# === WEVIA IA (fullscreen chatbot page) ===
|
|
location = /wevia {
|
|
alias /var/www/weval/wevia-ia/wevia.html;
|
|
default_type text/html;
|
|
add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0";
|
|
}
|
|
|
|
# === WEVIA PHP API (via php-fpm - NO MORE APACHE!) ===
|
|
location ~ ^/wevia-ia/.*\.php$ {
|
|
root /var/www/weval;
|
|
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
include fastcgi_params;
|
|
fastcgi_read_timeout 120s;
|
|
fastcgi_buffering off;
|
|
}
|
|
|
|
# === API ROUTES (proxy to php-fpm via internal location) ===
|
|
location /api/weval-ia-think {
|
|
include fastcgi_params;
|
|
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
|
|
fastcgi_param SCRIPT_FILENAME /var/www/weval/wevia-ia/weval-think-api.php;
|
|
fastcgi_read_timeout 120s;
|
|
add_header Access-Control-Allow-Origin * always;
|
|
add_header Access-Control-Allow-Headers Content-Type always;
|
|
}
|
|
|
|
location /api/weval-ia-full {
|
|
include fastcgi_params;
|
|
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
|
|
fastcgi_param SCRIPT_FILENAME /var/www/weval/wevia-ia/weval-chatbot-api.php;
|
|
fastcgi_read_timeout 120s;
|
|
fastcgi_buffering off;
|
|
add_header Access-Control-Allow-Origin * always;
|
|
add_header Access-Control-Allow-Headers Content-Type always;
|
|
}
|
|
|
|
location /api/weval-ia {
|
|
include fastcgi_params;
|
|
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
|
|
fastcgi_param SCRIPT_FILENAME /var/www/weval/wevia-ia/weval-chatbot-api.php;
|
|
fastcgi_read_timeout 120s;
|
|
fastcgi_buffering off;
|
|
}
|
|
|
|
# === SSE Streaming for Ollama (LOCAL now!) ===
|
|
location = /wevia-ia/wevia-ollama-stream.php {
|
|
root /var/www/weval;
|
|
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
|
|
fastcgi_param SCRIPT_FILENAME /var/www/weval/wevia-ia/wevia-ollama-stream.php;
|
|
include fastcgi_params;
|
|
fastcgi_buffering off;
|
|
fastcgi_cache off;
|
|
fastcgi_read_timeout 120s;
|
|
}
|
|
|
|
# === WEVIA static assets ===
|
|
location ~ ^/wevia-ia/(.+\.(svg|png|jpg|gif|ico|css|woff2|ttf|js|html))$ {
|
|
alias /var/www/weval/wevia-ia/$1;
|
|
add_header Cache-Control "public, max-age=86400";
|
|
}
|
|
|
|
# Visual Intelligence artifacts
|
|
location ^~ /wevia-ia/downloads/ {
|
|
alias /var/www/weval/wevia-ia/downloads/;
|
|
types { application/pdf pdf; image/png png; text/html html; }
|
|
add_header Cache-Control "public, max-age=3600";
|
|
}
|
|
|
|
# === Node.js backend API ===
|
|
location /api/ {
|
|
proxy_pass http://127.0.0.1:3001;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
# === PRERENDER for SEO bots ===
|
|
set $prerender 0;
|
|
if ($http_user_agent ~* "googlebot|bingbot|yandexbot|baiduspider|facebookexternalhit|twitterbot|linkedinbot|slackbot|GPTBot|Claude-Web|PerplexityBot") {
|
|
set $prerender 1;
|
|
}
|
|
if ($uri ~* "\.(js|css|xml|png|jpg|jpeg|gif|pdf|ico|svg|woff|woff2|ttf)") {
|
|
set $prerender 0;
|
|
}
|
|
if ($uri ~* "^/(api|wevia-ia|wevia-kb|blog)") {
|
|
set $prerender 0;
|
|
}
|
|
|
|
# === Static service pages ===
|
|
location = /service/intelligence-artificielle { try_files /service/intelligence-artificielle.html =404; }
|
|
location = /service/cybersecurite { try_files /service/cybersecurite.html =404; }
|
|
location = /service/cloud-sap { try_files /service/cloud-sap.html =404; }
|
|
location = /service/nearshore-it { try_files /service/nearshore-it.html =404; }
|
|
location = /service/e-marketing { try_files /service/e-marketing.html =404; }
|
|
location = /service/formation { try_files /service/formation.html =404; }
|
|
|
|
# === Case Studies static page ===
|
|
location = /case-studies { alias /var/www/html/prerender/case-studies/index.html; default_type text/html; }
|
|
|
|
# Uploads
|
|
location ^~ /uploads/ {
|
|
alias /var/www/weval/backend/uploads/;
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
|
|
}
|
|
|
|
# === React Router SPA fallback ===
|
|
location / {
|
|
if ($prerender = 1) {
|
|
rewrite ^/$ /prerender/index.html break;
|
|
rewrite ^/(.+)$ /prerender/$1/index.html break;
|
|
}
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
|
|
# Assets cache
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf|eot)$ {
|
|
root /var/www/html;
|
|
expires 7d;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
}
|