JoeBot/HOA_Financial_Platform
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
2b83defbc30ea5d72841616d8c6332abed6de84a
HOA_Financial_Platform/nginx/host-production.conf
olsch01 337b6061b2 feat: reliability enhancements for AI services and capital planning 
1. Health Scores — separate operating/reserve refresh
   - Added POST /health-scores/calculate/operating and /calculate/reserve
   - Each health card now has its own Refresh button
   - On failure, shows cached (last good) data with "last analysis failed"
     watermark instead of blank "Error calculating score"
   - Backend getLatestScores returns latest complete score + failure flag

2. Investment Planning — increased AI timeout to 5 minutes
   - Backend callAI timeout: 180s → 300s
   - Frontend axios timeout: set explicitly to 300s (was browser default)
   - Host nginx proxy_read_timeout: 180s → 300s
   - Loading message updated to reflect longer wait times

3. Capital Planning — Unscheduled column moved to rightmost position
   - Kanban column order: current year → future → unscheduled (was leftmost)
   - Puts immediate/near-term projects front and center

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 12:02:30 -05:00

100 lines
3.2 KiB
Plaintext
Raw Blame History

# HOA LedgerIQ — Host-level nginx config (production)
#
# Copy this file to /etc/nginx/sites-available/app.yourdomain.com
# and symlink to /etc/nginx/sites-enabled/:
#
# sudo cp nginx/host-production.conf /etc/nginx/sites-available/app.yourdomain.com
# sudo ln -s /etc/nginx/sites-available/app.yourdomain.com /etc/nginx/sites-enabled/
# sudo nginx -t && sudo systemctl reload nginx
#
# Then obtain an SSL certificate:
# sudo certbot --nginx -d app.yourdomain.com
#
# Replace "app.yourdomain.com" with your actual hostname throughout this file.
# --- Rate limiting ---
# 10 requests/sec per IP for API routes (shared memory zone: 10 MB ≈ 160k IPs)
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
# --- HTTP → HTTPS redirect ---
server {
listen 80;
server_name app.yourdomain.com;
# Let certbot answer ACME challenges
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# Everything else → HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# --- Main HTTPS server ---
server {
listen 443 ssl;
server_name app.yourdomain.com;
# SSL certificates (managed by certbot)
ssl_certificate /etc/letsencrypt/live/app.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.yourdomain.com/privkey.pem;
# Modern TLS settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# --- Proxy defaults ---
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Buffer settings — prevent 502s when backend is slow to respond
proxy_buffering on;
proxy_buffer_size 16k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 32k;
# --- API routes → NestJS backend (port 3000) ---
location /api/ {
limit_req zone=api_limit burst=30 nodelay;
proxy_pass http://127.0.0.1:3000;
proxy_read_timeout 30s;
proxy_connect_timeout 5s;
proxy_send_timeout 15s;
}
# AI endpoints — longer timeouts (LLM calls can take minutes)
location /api/investment-planning/recommendations {
proxy_pass http://127.0.0.1:3000;
proxy_read_timeout 300s;
proxy_connect_timeout 10s;
proxy_send_timeout 30s;
}
location /api/health-scores/calculate {
proxy_pass http://127.0.0.1:3000;
proxy_read_timeout 180s;
proxy_connect_timeout 10s;
proxy_send_timeout 30s;
}
# --- Frontend → React SPA served by nginx (port 3001) ---
location / {
proxy_pass http://127.0.0.1:3001;
proxy_read_timeout 10s;
proxy_connect_timeout 5s;
proxy_cache_bypass $http_upgrade;
}
}
Reference in New Issue View Git Blame Copy Permalink