1ed86e37ad
- Move ERPNext API token from JS bundle to nginx proxy_set_header (token only lives on server, never in client code) - Switch ops + field apps from auth.targo.ca to id.gigafibre.ca SSO - Fix "Aucun contenu" showing on tickets that have comments but no description (check comments.length in v-if condition) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
39 lines
1.2 KiB
Nginx Configuration File
39 lines
1.2 KiB
Nginx Configuration File
server {
|
|
listen 80;
|
|
server_name _;
|
|
root /usr/share/nginx/html;
|
|
index index.html;
|
|
|
|
# ERPNext API proxy — token injected server-side (never in JS bundle)
|
|
# To rotate: edit this file + docker restart ops-frontend
|
|
location /api/ {
|
|
proxy_pass https://erp.gigafibre.ca;
|
|
proxy_ssl_verify off;
|
|
proxy_set_header Host erp.gigafibre.ca;
|
|
proxy_set_header Authorization "token b273a666c86d2d0:06120709db5e414";
|
|
proxy_set_header X-Authentik-Email $http_x_authentik_email;
|
|
proxy_set_header X-Authentik-Username $http_x_authentik_username;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
}
|
|
|
|
# SPA fallback — all routes serve index.html
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
|
|
# No cache for index.html and service worker
|
|
location = /index.html {
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
|
}
|
|
location = /sw.js {
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
|
}
|
|
|
|
# Cache static assets (30 days, immutable)
|
|
location /assets/ {
|
|
expires 30d;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
}
|