server { listen 5984; server_name _; # PouchDB attachments and _bulk_docs can be large. client_max_body_size 256m; # CouchDB's _changes?feed=continuous needs HTTP/1.1, no buffering, long timeouts. proxy_http_version 1.1; proxy_buffering off; proxy_read_timeout 1h; location / { proxy_pass http://couchdb:5984; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header X-Forwarded-Host $http_x_forwarded_host; proxy_set_header Connection ""; # CouchDB never marks AuthSession cookies Secure behind a TLS-terminating # proxy — mochiweb only checks the raw socket scheme, and ignores # x_forwarded_proto/x_forwarded_ssl for cookie attribution. Add Secure # here so SameSite=None cookies survive cross-origin requests. proxy_cookie_flags AuthSession secure; } }