JoeBot/HOA_Financial_Platform
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
be3a5191c5eb61242ba45cf2e13190fcaccd5a92
HOA_Financial_Platform/nginx/host-production.conf
olsch01 9146118df1 feat: async AI calls, 10-min timeout, and failure messaging 
- Make all AI endpoints (health scores + investment recommendations)
  fire-and-forget: POST returns immediately, frontend polls for results
- Extend AI API timeout from 2-5 min to 10 min for both services
- Add "last analysis failed — showing cached data" message to the
  Investment Recommendations panel (matches health score widgets)
- Add status/error_message columns to ai_recommendations table
- Remove nginx AI timeout overrides (no longer needed)
- Users can now navigate away during AI processing without interruption

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 14:42:53 -05:00

88 lines
2.8 KiB
Plaintext
Raw Blame History

# HOA LedgerIQ — Host-level nginx config (production)
#
# Copy this file to /etc/nginx/sites-available/app.yourdomain.com
# and symlink to /etc/nginx/sites-enabled/:
#
# sudo cp nginx/host-production.conf /etc/nginx/sites-available/app.yourdomain.com
# sudo ln -s /etc/nginx/sites-available/app.yourdomain.com /etc/nginx/sites-enabled/
# sudo nginx -t && sudo systemctl reload nginx
#
# Then obtain an SSL certificate:
# sudo certbot --nginx -d app.yourdomain.com
#
# Replace "app.yourdomain.com" with your actual hostname throughout this file.
# --- Rate limiting ---
# 10 requests/sec per IP for API routes (shared memory zone: 10 MB ≈ 160k IPs)
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
# --- HTTP → HTTPS redirect ---
server {
listen 80;
server_name app.yourdomain.com;
# Let certbot answer ACME challenges
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# Everything else → HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# --- Main HTTPS server ---
server {
listen 443 ssl;
server_name app.yourdomain.com;
# SSL certificates (managed by certbot)
ssl_certificate /etc/letsencrypt/live/app.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.yourdomain.com/privkey.pem;
# Modern TLS settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# --- Proxy defaults ---
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Buffer settings — prevent 502s when backend is slow to respond
proxy_buffering on;
proxy_buffer_size 16k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 32k;
# --- API routes → NestJS backend (port 3000) ---
location /api/ {
limit_req zone=api_limit burst=30 nodelay;
proxy_pass http://127.0.0.1:3000;
proxy_read_timeout 30s;
proxy_connect_timeout 5s;
proxy_send_timeout 15s;
}
# AI endpoints now return immediately (async processing in background)
# No special timeout overrides needed
# --- Frontend → React SPA served by nginx (port 3001) ---
location / {
proxy_pass http://127.0.0.1:3001;
proxy_read_timeout 10s;
proxy_connect_timeout 5s;
proxy_cache_bypass $http_upgrade;
}
}
Reference in New Issue View Git Blame Copy Permalink