From 854e1601f80017a06ff9df7b482a167348fa1f1d Mon Sep 17 00:00:00 2001
From: iqbalpa <iqbalpahlevi07@gmail.com>
Date: Wed, 9 Jul 2025 09:08:53 +0700
Subject: [PATCH 1/5] feat: init nginx

---
 docker-compose.yml | 18 ++++++++++++++++++
 nginx/default.conf | 12 ++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 nginx/default.conf

diff --git a/docker-compose.yml b/docker-compose.yml
index bc282ea..bea2492 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -68,6 +68,24 @@ services:
       test: ["CMD", "wget", "--spider", "-q", "http://localhost:3001"]
       interval: 10s
       retries: 5
+  
+  nginx:
+    image: nginx:alpine
+    container_name: nginx
+    ports:
+      - "80:80"
+    volumes:
+      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
+    depends_on:
+      - devtasker
+      - prometheus
+      - grafana
+    networks:
+      - monitor
+    # healthcheck:
+    #   test: ["CMD", "wget", "--spider", "-q", "http://localhost"]
+    #   interval: 10s
+    #   retries: 5
 
 volumes:
   db_data:
diff --git a/nginx/default.conf b/nginx/default.conf
new file mode 100644
index 0000000..5c9710d
--- /dev/null
+++ b/nginx/default.conf
@@ -0,0 +1,12 @@
+server {
+    listen 80;
+
+    # Reverse proxy for devtasker, from localhost:3000/ to localhost/
+    location / {
+        proxy_pass http://devtasker:3000;
+        proxy_set_header Host $host; 
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_redirect off;
+    }
+}
\ No newline at end of file

From af8fda6190e8e50fc16593c542f72c56bc02fe13 Mon Sep 17 00:00:00 2001
From: iqbalpa <iqbalpahlevi07@gmail.com>
Date: Wed, 9 Jul 2025 09:22:16 +0700
Subject: [PATCH 2/5] feat: add healthcheck for nginx

---
 docker-compose.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index bea2492..a14f5ed 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -82,10 +82,10 @@ services:
       - grafana
     networks:
       - monitor
-    # healthcheck:
-    #   test: ["CMD", "wget", "--spider", "-q", "http://localhost"]
-    #   interval: 10s
-    #   retries: 5
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://devtasker:3000/health"] # check if nginx can reach devtasker
+      interval: 10s
+      retries: 5
 
 volumes:
   db_data:

From 341dc29e1defc4f900447f61a51c1f3ab7c90aaf Mon Sep 17 00:00:00 2001
From: iqbalpa <iqbalpahlevi07@gmail.com>
Date: Wed, 9 Jul 2025 09:51:17 +0700
Subject: [PATCH 3/5] feat: add rate limit for /api/task

---
 nginx/default.conf | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/nginx/default.conf b/nginx/default.conf
index 5c9710d..54f7639 100644
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -1,3 +1,6 @@
+# Limit each IP address can make 10 request/s
+limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
+
 server {
     listen 80;
 
@@ -9,4 +12,15 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_redirect off;
     }
-}
\ No newline at end of file
+
+    # Apply the rate limiter for these endpoint and methods
+    location /api/task {
+        limit_req zone=mylimit burst=20;
+        proxy_pass http://devtasker:3000;
+        proxy_set_header Host $host; 
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_redirect off;
+        
+    }
+}

From b28f9b2900c4dc7ea94e6680c64b362e1dfda738 Mon Sep 17 00:00:00 2001
From: iqbalpa <iqbalpahlevi07@gmail.com>
Date: Wed, 9 Jul 2025 09:51:33 +0700
Subject: [PATCH 4/5] feat: disable log for /health

---
 nginx/default.conf | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/nginx/default.conf b/nginx/default.conf
index 54f7639..1ec315f 100644
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -23,4 +23,14 @@ server {
         proxy_redirect off;
         
     }
+
+    # Disable logging for /health
+    location = /health {
+        proxy_pass http://devtasker:3000;
+        proxy_set_header Host $host; 
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_redirect off;
+        access_log off;
+    }
 }

From 0e6514d0e91167121efc905b22753472c25d537d Mon Sep 17 00:00:00 2001
From: iqbalpa <iqbalpahlevi07@gmail.com>
Date: Wed, 9 Jul 2025 09:52:00 +0700
Subject: [PATCH 5/5] docs: update readme

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 7023015..e45ecce 100644
--- a/README.md
+++ b/README.md
@@ -17,5 +17,6 @@ These are things that I want to implement here.
 - [x] Monitoring (prometheus)
 - [x] Docker
 - [x] CI/CD
+- [x] Reverse Proxy (nginx)
 - [ ] GraphQL API
 - [ ] gRPC Layer