Nginx Reverse Proxy
Genel Ayarlar
worker_processes auto;
client_max_body_size 100M; # OTA firmware (~16MB)
keepalive_timeout 65s;
gzip on; # Level 6, min 1KB
Rate Limiting
| Zone | Rate | Açıklama |
|---|---|---|
api_limit | 30 req/s | API endpoint'leri |
login_limit | 5 req/m | Brute-force koruması |
HTTPS (Port 443)
ssl_certificate /etc/letsencrypt/live/enerji.kepmark.com/fullchain.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_stapling on;
# Security Headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
Location Kuralları
| Path | Backend | Timeout | Rate Limit | Not |
|---|---|---|---|---|
/api/ | backend:8000 | 120s | 30r/s | API |
/api/auth/login | backend:8000 | — | 5r/m | Brute-force koruması |
/docs, /redoc | backend:8000 | — | localhost only | Swagger UI |
/ws | backend:8000 | 4 saat | — | WebSocket |
/health | backend:8000 | — | — | Health check |
/_next/static/ | frontend:3000 | — | Cache 1 yıl | Statik dosyalar |
/ | frontend:3000 | 60s | — | React uygulaması |