feat: V1.0.1 - Setup page, Docker, README

Add password-protected setup page (/api/setup) for DB initialization, admin creation, and demo data seeding. Dockerize the full stack with server, client, nginx reverse proxy, and MySQL services. Add project README with architecture overview, quick start, and VPS deployment guide. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 18:00:29 +01:00
parent dd2ebf863a
commit c9d9c0f9dd
12 changed files with 1489 additions and 9 deletions
@@ -0,0 +1,66 @@
+upstream server_backend {
+    server server:8000;
+}
+
+upstream client_frontend {
+    server client:5000;
+}
+
+server {
+    listen 80;
+    server_name _;
+
+    # Gzip compression
+    gzip on;
+    gzip_types text/plain text/css application/json application/javascript text/xml;
+    gzip_min_length 256;
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+
+    # Max upload size
+    client_max_body_size 50M;
+
+    # API requests → FastAPI server
+    location /api/ {
+        proxy_pass http://server_backend;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 120s;
+    }
+
+    # Upload files served by server
+    location /uploads/ {
+        proxy_pass http://server_backend;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # All other requests → Flask client
+    location / {
+        proxy_pass http://client_frontend;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Static file caching
+    location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf)$ {
+        proxy_pass http://client_frontend;
+        proxy_set_header Host $host;
+        expires 7d;
+        add_header Cache-Control "public, immutable";
+    }
+
+    # SSL configuration (uncomment when using Let's Encrypt)
+    # listen 443 ssl;
+    # ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
+    # ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
+    # ssl_protocols TLSv1.2 TLSv1.3;
+}