Update SelfSigned.md

2026-01-02 09:49:38 +07:00 · 2025-11-23 20:12:49 +01:00
parent f611070d7d
commit a60d8f800c
1 changed files with 39 additions and 0 deletions
--- a/docs/tutorials/tab-nginx/SelfSigned.md
+++ b/docs/tutorials/tab-nginx/SelfSigned.md
@@ -23,6 +23,42 @@ Using self-signed certificates is suitable for development or internal use where
        ssl_certificate_key /etc/nginx/ssl/nginx.key;
        ssl_protocols TLSv1.2 TLSv1.3;

+        # Auth/API endpoints: NO caching (critical for login/sessions)
+        location ~* ^/(auth|api|oauth|admin|signin|signup|signout|login|logout|sso)/ {
+            proxy_pass http://host.docker.internal:3000;
+
+            # Add WebSocket support (Necessary for version 0.5.0 and up)
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            proxy_buffering off;
+            client_max_body_size 20M;
+            proxy_read_timeout 10m;
+
+            # Disable caching for auth endpoints
+            proxy_no_cache 1;
+            proxy_cache_bypass 1;
+            add_header Cache-Control "no-store, no-cache, must-revalidate" always;
+            expires -1;
+        }
+
+        # Static assets: Enable caching for performance
+        location ~* \.(css|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot)$ {
+            proxy_pass http://host.docker.internal:3000;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+
+            expires 7d;
+            add_header Cache-Control "public, immutable";
+        }
+
+        # Default location
        location / {
            proxy_pass http://host.docker.internal:3000;

@@ -42,6 +78,9 @@ Using self-signed certificates is suitable for development or internal use where
            # (Optional) Increase max request size for large attachments and long audio messages
            client_max_body_size 20M;
            proxy_read_timeout 10m;
+
+            # Light caching with revalidation
+            add_header Cache-Control "public, max-age=300, must-revalidate";
        }
    }
    ```