server { listen 80; server_name _; # Docker's embedded DNS. Using a variable for the upstream below forces nginx # to re-resolve via this resolver instead of caching the container IP at # startup — so api/app can be recreated (new IPs on redeploy) without nginx # holding a stale IP and returning 502. resolver 127.0.0.11 valid=10s ipv6=off; # API -> api container. The SPA calls same-origin /api/... (environment.prod.ts). location /api/ { # nginx defaults to 1 MB, which 413s phone-camera receipt uploads before they # reach the API. Keep this >= the largest API [RequestSizeLimit] (offerings = 50 MB) # so the per-endpoint limits in the controllers stay the real authority. client_max_body_size 50m; set $upstream_api api; proxy_pass http://$upstream_api:8080$request_uri; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # SignalR hubs -> api container. Must be proxied to Kestrel like /api/; without # this block /hubs/* fell through to "location /" (the static app), whose nginx # 405s the negotiate POST so the connection never reaches the backend. The # Upgrade/Connection headers + http_version 1.1 let the WebSocket transport # establish instead of degrading to long-polling. location /hubs/ { set $upstream_api api; proxy_pass http://$upstream_api:8080$request_uri; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_read_timeout 100s; } # Everything else -> the Angular static app (its own nginx does SPA fallback). location / { set $upstream_app app; proxy_pass http://$upstream_app:80; } }