# Same-Origin nginx Config for PocketBase Apps # Serves static files AND proxies /api/* to PocketBase from one port. # The app uses `new PocketBase(window.location.origin)` — zero CORS. # # Place in /etc/nginx/sites-available/ # Symlink: ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/ # Test: nginx -t && systemctl reload nginx server { listen ssl; server_name ; ssl_certificate /etc/letsencrypt/live//fullchain.pem; ssl_certificate_key /etc/letsencrypt/live//privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # Static app files root /path/to/your/app; index index.html; # PocketBase API (same origin = no CORS needed) location /api/ { proxy_pass http://127.0.0.1:; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket for PocketBase realtime proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 86400; } # PocketBase admin UI location /_/ { proxy_pass http://127.0.0.1:; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # SPA fallback: all paths → index.html location / { try_files $uri $uri/ /index.html; } # Static file caching (30 days for hashed assets) location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff2?)$ { expires 30d; add_header Cache-Control "public, immutable"; } client_max_body_size 50m; }