# Nginx reverse proxy config for api.seocheckerpro.com # Place in: /etc/nginx/conf.d/api.seocheckerpro.com.conf # Then: sudo nginx -t && sudo systemctl reload nginx # # This assumes Cloudflare is in front — real IPs come via CF-Connecting-IP header. # The Go app reads this header in middleware.ClientIP(). server { listen 80; listen [::]:80; server_name api.seocheckerpro.com; # Redirect HTTP to HTTPS (Cloudflare handles the actual HTTPS termination) return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name api.seocheckerpro.com; # SSL — use your actual cert paths (Let's Encrypt or cPanel-issued) ssl_certificate /etc/letsencrypt/live/api.seocheckerpro.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/api.seocheckerpro.com/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # Security headers add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header Referrer-Policy strict-origin-when-cross-origin; # Proxy all requests to Go location / { proxy_pass http://127.0.0.1:8080; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header CF-Connecting-IP $http_cf_connecting_ip; # SSE (Server-Sent Events) — broken link checker uses streaming proxy_buffering off; proxy_cache off; proxy_read_timeout 180s; proxy_send_timeout 180s; # Keep-alive proxy_set_header Connection ""; chunked_transfer_encoding on; } # Larger body for future bulk endpoints client_max_body_size 1m; # Rate limiting at Nginx level (belt-and-braces, Go also rate-limits) limit_req_zone $binary_remote_addr zone=api_limit:10m rate=30r/m; limit_req zone=api_limit burst=10 nodelay; }