feat: Introduce new Rust backend service and Nginx reverse proxy configuration.

Author: zerox80

backend/Cargo.toml

@@ -36,6 +36,7 @@ unicode-normalization = "0.1"
 sha2 = "0.10"
 hmac = "0.12"
 subtle = "2.5"
+reqwest = { version = "0.11", features = ["json"] }
 
 [dependencies.home]
 version = "=0.5.9"

backend/src/handlers/frontend_proxy.rs

@@ -0,0 +1,92 @@
+use axum::{
+    extract::State,
+    response::{Html, IntoResponse},
+};
+use reqwest::Client;
+use std::env;
+use crate::{db, models::SiteContent};
+
+// Default frontend URL (internal Docker network)
+const DEFAULT_FRONTEND_URL: &str = "http://frontend";
+
+pub async fn serve_index(State(pool): State<db::DbPool>) -> impl IntoResponse {
+    let frontend_url = env::var("FRONTEND_URL").unwrap_or_else(|_| DEFAULT_FRONTEND_URL.to_string());
+    let index_url = format!("{}/index.html", frontend_url);
+
+    // Fetch index.html from frontend container
+    let client = Client::new();
+    let html_content = match client.get(&index_url).send().await {
+        Ok(resp) => match resp.text().await {
+            Ok(text) => text,
+            Err(e) => {
+                tracing::error!("Failed to read index.html body: {}", e);
+                return Html("<h1>Internal Server Error</h1><p>Failed to load application.</p>".to_string()).into_response();
+            }
+        },
+        Err(e) => {
+            tracing::error!("Failed to fetch index.html from {}: {}", index_url, e);
+            return Html("<h1>Internal Server Error</h1><p>Failed to connect to frontend service.</p>".to_string()).into_response();
+        }
+    };
+
+    // Fetch site meta from DB
+    let site_meta = match db::fetch_site_content_by_section(&pool, "site_meta").await {
+        Ok(Some(record)) => {
+            match serde_json::from_str::<serde_json::Value>(&record.content_json) {
+                Ok(json) => json,
+                Err(_) => serde_json::json!({}),
+            }
+        },
+        _ => serde_json::json!({}),
+    };
+
+    let title = site_meta.get("title")
+        .and_then(|v| v.as_str())
+        .unwrap_or("Linux Tutorial - Lerne Linux Schritt für Schritt");
+    
+    let description = site_meta.get("description")
+        .and_then(|v| v.as_str())
+        .unwrap_or("Lerne Linux von Grund auf - Interaktiv, modern und praxisnah.");
+
+    // Inject meta tags using simple string replacement
+    // We target the specific default tags to replace them
+    let mut injected_html = html_content;
+
+    // Replace Title
+    injected_html = injected_html.replace(
+        "<title>Linux Tutorial - Lerne Linux Schritt für Schritt</title>",
+        &format!("<title>{}</title>", title)
+    );
+
+    // Replace Meta Description
+    // Note: This regex-like replacement is brittle if the HTML formatting changes. 
+    // For now, we assume the exact string from index.html or use a more robust regex if needed.
+    // Since we don't have regex crate here yet, we'll try to replace the known default description.
+    // If it's dynamic, we might need a more robust approach, but for now let's try replacing the known default.
+    let default_desc = "Lerne Linux von Grund auf - Interaktiv, modern und praxisnah. Umfassende Tutorials für Einsteiger und Fortgeschrittene.";
+    injected_html = injected_html.replace(
+        &format!("content=\"{}\"", default_desc),
+        &format!("content=\"{}\"", description)
+    );
+
+    // Also replace OG tags if possible. 
+    // A better approach for robust replacement without full HTML parsing:
+    // We can replace the whole <head> block or specific known lines if we are sure about the structure.
+    // Given the index.html structure, we can try to replace specific lines.
+    
+    // Replace OG Title
+    injected_html = injected_html.replace(
+        "content=\"Linux Tutorial - Lerne Linux Schritt für Schritt\"",
+        &format!("content=\"{}\"", title)
+    );
+
+    // Replace OG Description (reusing the description replacement above might handle this if content matches)
+    // The default OG description in index.html is shorter: "Lerne Linux von Grund auf - Interaktiv, modern und praxisnah."
+    let default_og_desc = "Lerne Linux von Grund auf - Interaktiv, modern und praxisnah.";
+    injected_html = injected_html.replace(
+        &format!("content=\"{}\"", default_og_desc),
+        &format!("content=\"{}\"", description)
+    );
+
+    Html(injected_html).into_response()
+}

backend/src/handlers/mod.rs

@@ -157,3 +157,4 @@ pub mod comments;     // Comment system management
 pub mod site_content; // Dynamic site content sections
 pub mod site_pages;   // Static page management
 pub mod site_posts;   // Blog post management
+pub mod frontend_proxy; // Frontend proxy for server-side injection

backend/src/main.rs

@@ -519,11 +519,17 @@ async fn main() {
 
         .route("/api/health", get(|| async { "OK" }))
 
-        .with_state(pool)
+        .with_state(pool.clone())
         .layer(middleware::from_fn(security_headers))
         .layer(cors)
         .layer(RequestBodyLimitLayer::new(PUBLIC_BODY_LIMIT));
 
+    // Serve index.html with server-side injection for root and fallback
+    // This must be added AFTER API routes to ensure they take precedence
+    app = app.route("/", get(handlers::frontend_proxy::serve_index))
+             .route("/*path", get(handlers::frontend_proxy::serve_index))
+             .with_state(pool);
+
     if !trust_proxy_ip_headers {
         app = app.layer(middleware::from_fn(strip_untrusted_forwarded_headers));
     }

nginx/nginx.conf

@@ -189,35 +189,37 @@ server {
     # FRONTEND ROUTING CONFIGURATION
     # ========================================================================
 
-    # Route all other requests to the frontend service
+    # Route root and page requests to the backend for server-side injection
+    # This allows the backend to inject dynamic meta tags into index.html
     location / {
-        # Proxy to frontend upstream server
-        proxy_pass http://frontend;
+        # Proxy to backend upstream server
+        proxy_pass http://backend;
 
         # Use HTTP/1.1 for consistent behavior
         proxy_http_version 1.1;
 
-        # ====================================================================
-        # PROXY HEADERS - FRONTEND REQUESTS
-        # ====================================================================
-
-        # Standard proxy headers for frontend requests
+        # Standard proxy headers
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+    }
 
-        # ====================================================================
-        # FRONTEND-SPECIFIC CONFIGURATION
-        # ====================================================================
-
-        # Consider adding caching headers for static assets:
-        # proxy_cache_valid 200 1h;    # Cache successful responses
-        # proxy_cache_key $scheme$proxy_host$request_uri;
+    # Route static assets to the frontend service directly
+    # This bypasses the backend for better performance on static files
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|json|xml|txt|map)$ {
+        proxy_pass http://frontend;
+        proxy_http_version 1.1;
+        
+        # Standard proxy headers
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
 
-        # Compression support (if not handled by frontend):
-        # gzip_proxied any;
-        # gzip_vary on;
+        # Caching headers for static assets
+        expires 1y;
+        add_header Cache-Control "public, immutable";
     }
 
     # ========================================================================