Align Sinbad2 HTTPS deployment with orcid2sword reverse-proxy pattern.

This adds nginx dual-path routing, forwarded proxy headers, Uvicorn proxy-headers, production security settings, and deployment docs for https://sinbad2.ujaen.es/generadorexamenesllm/.
2026-06-03 10:12:05 +02:00
parent ca6d370585
commit 7dcc7dc0e1
13 changed files with 230 additions and 31 deletions
@@ -1,6 +1,15 @@
 # --- Aplicación ---
 APP_NAME=GenExamenes IA
-ENVIRONMENT=local
+ENVIRONMENT=production
+
+# URL pública HTTPS (Apache termina TLS; contenedores en HTTP interno)
+PUBLIC_BASE_URL=https://sinbad2.ujaen.es/generadorexamenesllm
+
+# Hosts aceptados por TrustedHostMiddleware (sin esquema ni puerto)
+TRUSTED_HOSTS=sinbad2.ujaen.es,localhost,127.0.0.1
+
+# HSTS (segundos; 1 año por defecto)
+SECURITY_HSTS_SECONDS=31536000

 # Clave legacy (reservada; las rutas /exam usan JWT de usuario).
 API_KEY=change-me-in-production-min-16-chars
@@ -8,7 +17,7 @@ API_KEY=change-me-in-production-min-16-chars
 # --- Base de datos (Docker: host "db") ---
 DATABASE_URL=postgresql+psycopg://genexamenes:genexamenes@db:5432/genexamenes

-# --- CORS (orígenes del frontend, separados por coma) ---
+# --- CORS (orígenes HTTPS del frontend; separados por coma) ---
 ALLOWED_ORIGINS=https://sinbad2.ujaen.es,http://sinbad2.ujaen.es,http://sinbad2.ujaen.es:8075

 # --- Rate limiting y tamaño de petición ---