# ---- nginx: Plain HTTP (no TLS, no mTLS) ----
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
# ---- Frontend static files ----
root /usr/share/nginx/html;
index index.html;
# ---- Logging ----
access_log /var/log/nginx/insight-access.log;
error_log /var/log/nginx/insight-error.log warn;
# ---- Frontend + WebSocket proxy ----
location / {
if ($request_uri = "/") {
return 302 $scheme://$http_host/?proxy=true;
}
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400s;
# When WebSocket upgrade detected, proxy to backend
if ($is_websocket) {
proxy_pass http://127.0.0.1:9000;
break;
}
# Otherwise serve static files with SPA fallback
try_files $uri $uri/ /index.html;
}
# ---- Health check ----
location /health {
access_log off;
default_type text/plain;
return 200 'OK';
}
# ---- Deny hidden files ----
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
}