m17hr1l/nibiru-framework.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
develop
nibiru-framework.com/docs/nginx
History
stephan 9b7fd15ca1 Drop nested location blocks from nginx vhost overrides — they 404 assets 
The first version of vhost.d/<host>_location nested four `location { … }`
blocks (for /_astro/, images, /sw.js, /llms.txt) inside the proxy's
generated `location / { … }` to set Cache-Control. nginx accepts the
syntax, but a nested location with no `proxy_pass` directive falls through
to filesystem root and 404s the asset — which is why CSS / JS / images
were missing on the live site even though the HTML loaded fine.

Astro already emits sensible Cache-Control on hashed _astro bundles, so
we don't need the proxy to set them. Removed all four nested blocks; the
vhost.d files now only carry proxy headers, gzip, and security headers,
all of which are valid inside a location {} block without proxy_pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-08 16:23:11 +02:00
..
vhost.d
Drop nested location blocks from nginx vhost overrides — they 404 assets
2026-05-08 16:23:11 +02:00
README.md
Split docs into apex + www containers, add nginx vhost overrides
2026-05-08 15:45:02 +02:00

README.md

nginx vhost overrides for nibiru-framework.com

These files are picked up by jwilder/nginx-proxy when mounted into the proxy container at /etc/nginx/vhost.d/. They hold per-vhost hardening and cache rules for the docs site (apex + www).

What's here

  • vhost.d/nibiru-framework.com_location — apex domain rules
  • vhost.d/www.nibiru-framework.com_location — www variant (identical rules)

Both files contain the same hardening (security headers, gzip, caching for hashed Astro assets, no-cache for the service worker, …). They are kept separate so adding a www → apex redirect later is a one-file change.

Wiring into an existing nginx-proxy

The proxy container needs to read /etc/nginx/vhost.d/. Two common patterns:

1. Bind-mount a directory on the host

If your nginx-proxy is started with something like:

volumes:
  - /srv/nginx-proxy/vhost.d:/etc/nginx/vhost.d:ro

then copy these files into that directory on the host:

sudo install -d /srv/nginx-proxy/vhost.d
sudo cp docs/nginx/vhost.d/* /srv/nginx-proxy/vhost.d/
sudo docker exec nginx-proxy nginx -s reload

Repeat the cp + reload after every change.

2. Bake them into the proxy image

If you build your own nginx-proxy image, COPY docs/nginx/vhost.d/* /etc/nginx/vhost.d/ in its Dockerfile. Then docker compose up -d --build on the proxy.

Verifying

Once mounted and reloaded:

docker exec nginx-proxy nginx -T \
  | grep -A5 "server_name nibiru-framework.com"

You should see the proxy_buffering off, gzip, and security-header lines from this directory inlined into the generated server block.

Why two containers (and not one with a comma-separated VIRTUAL_HOST)

The acme-companion on this host does not handle comma-separated values in VIRTUAL_HOST / LETSENCRYPT_HOST reliably — cert issuance fails. The fix is to run one docs container per hostname (see docker-compose.yml).

Reference in New Issue View Git Blame Copy Permalink