migrated core_nest to mainroom
This commit is contained in:
buenosairesam
292
mainroom/ctrl/server/nginx/core_nest.conf
Normal file
292
mainroom/ctrl/server/nginx/core_nest.conf
Normal file
@@ -0,0 +1,292 @@
|
||||
# Core Nest - All Services Nginx Config
|
||||
# Single config for entire nest deployment
|
||||
#
|
||||
# Docker Services (primary):
|
||||
# - amar.nest.mcrn.ar (frontend:3000 + backend:8000)
|
||||
# - pawprint.mcrn.ar (port 13000)
|
||||
# - artery.mcrn.ar (port 13001)
|
||||
# - album.mcrn.ar (port 13002)
|
||||
# - ward.mcrn.ar (port 13003)
|
||||
#
|
||||
# Bare Metal Services (fallback):
|
||||
# - pawprint.bare.mcrn.ar (port 12000)
|
||||
# - artery.bare.mcrn.ar (port 12001)
|
||||
# - album.bare.mcrn.ar (port 12002)
|
||||
# - ward.bare.mcrn.ar (port 12003)
|
||||
|
||||
# =============================================================================
|
||||
# AMAR - Frontend + Backend
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name amar.nest.mcrn.ar;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name amar.nest.mcrn.ar;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/nest.mcrn.ar/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/nest.mcrn.ar/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
# Backend API
|
||||
location /api/ {
|
||||
proxy_pass http://127.0.0.1:8000/api/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_read_timeout 300;
|
||||
}
|
||||
|
||||
# Django admin
|
||||
location /admin/ {
|
||||
proxy_pass http://127.0.0.1:8000/admin/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Django static files
|
||||
location /static/ {
|
||||
proxy_pass http://127.0.0.1:8000/static/;
|
||||
}
|
||||
|
||||
# Frontend (default)
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_read_timeout 300;
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# PAWPRINT - Main Service
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name pawprint.mcrn.ar;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name pawprint.mcrn.ar;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/pawprint.mcrn.ar/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/pawprint.mcrn.ar/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:13000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# ARTERY - API Gateway
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name artery.mcrn.ar;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name artery.mcrn.ar;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/artery.mcrn.ar/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/artery.mcrn.ar/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:13001;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# ALBUM - Media Service
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name album.mcrn.ar;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name album.mcrn.ar;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/album.mcrn.ar/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/album.mcrn.ar/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:13002;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# WARD - Admin Interface
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name ward.mcrn.ar;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name ward.mcrn.ar;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/ward.mcrn.ar/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/ward.mcrn.ar/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:13003;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# BARE METAL SERVICES (FALLBACK)
|
||||
# =============================================================================
|
||||
|
||||
# =============================================================================
|
||||
# PAWPRINT BARE - Main Service (Bare Metal)
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name pawprint.bare.mcrn.ar;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name pawprint.bare.mcrn.ar;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/bare.mcrn.ar/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/bare.mcrn.ar/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:12000;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# ARTERY BARE - API Gateway (Bare Metal)
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name artery.bare.mcrn.ar;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name artery.bare.mcrn.ar;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/bare.mcrn.ar/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/bare.mcrn.ar/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:12001;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# ALBUM BARE - Media Service (Bare Metal)
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name album.bare.mcrn.ar;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name album.bare.mcrn.ar;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/bare.mcrn.ar/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/bare.mcrn.ar/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:12002;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# WARD BARE - Admin Interface (Bare Metal)
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name ward.bare.mcrn.ar;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name ward.bare.mcrn.ar;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/bare.mcrn.ar/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/bare.mcrn.ar/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:12003;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
107
mainroom/ctrl/server/nginx/core_nest.conf.template
Normal file
107
mainroom/ctrl/server/nginx/core_nest.conf.template
Normal file
@@ -0,0 +1,107 @@
|
||||
# Core Nest - Nginx Config Template
|
||||
# Generated from environment variables
|
||||
#
|
||||
# Environment variables:
|
||||
# DOMAIN_AMAR - Amar domain (e.g., amarmascotas.local.com or amar.nest.mcrn.ar)
|
||||
# DOMAIN_PAWPRINT - Pawprint domain (e.g., pawprint.local.com or pawprint.mcrn.ar)
|
||||
# USE_SSL - true/false - whether to use SSL
|
||||
# SSL_CERT_PATH - Path to SSL certificate (if USE_SSL=true)
|
||||
# SSL_KEY_PATH - Path to SSL key (if USE_SSL=true)
|
||||
# BACKEND_PORT - Backend port (default: 8000)
|
||||
# FRONTEND_PORT - Frontend port (default: 3000)
|
||||
# PAWPRINT_PORT - Pawprint port (default: 13000)
|
||||
|
||||
# =============================================================================
|
||||
# AMAR - Frontend + Backend
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name ${DOMAIN_AMAR};
|
||||
${SSL_REDIRECT}
|
||||
# Backend API
|
||||
location /api/ {
|
||||
proxy_pass http://127.0.0.1:${BACKEND_PORT}/api/;
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
proxy_read_timeout 300;
|
||||
}
|
||||
|
||||
# Django admin
|
||||
location /admin/ {
|
||||
proxy_pass http://127.0.0.1:${BACKEND_PORT}/admin/;
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
}
|
||||
|
||||
# Django static files
|
||||
location /static/ {
|
||||
proxy_pass http://127.0.0.1:${BACKEND_PORT}/static/;
|
||||
}
|
||||
|
||||
# Frontend (default)
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:${FRONTEND_PORT};
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
proxy_read_timeout 300;
|
||||
|
||||
# WebSocket support for Next.js hot reload
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade \$http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
}
|
||||
|
||||
${SSL_SERVER_BLOCK}
|
||||
|
||||
# =============================================================================
|
||||
# PAWPRINT - Main Service + Ecosystem
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name ${DOMAIN_PAWPRINT};
|
||||
${PAWPRINT_SSL_REDIRECT}
|
||||
# Artery - API Gateway
|
||||
location /artery/ {
|
||||
proxy_pass http://127.0.0.1:${ARTERY_PORT}/;
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
}
|
||||
|
||||
# Album - Media Service
|
||||
location /album/ {
|
||||
proxy_pass http://127.0.0.1:${ALBUM_PORT}/;
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
}
|
||||
|
||||
# Ward - Admin Interface
|
||||
location /ward/ {
|
||||
proxy_pass http://127.0.0.1:${WARD_PORT}/;
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
}
|
||||
|
||||
# Pawprint - Main Service (default)
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:${PAWPRINT_PORT};
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
}
|
||||
}
|
||||
|
||||
${PAWPRINT_SSL_SERVER_BLOCK}
|
||||
152
mainroom/ctrl/server/nginx/docker-local.conf
Normal file
152
mainroom/ctrl/server/nginx/docker-local.conf
Normal file
@@ -0,0 +1,152 @@
|
||||
# Nginx Config Template for Docker Local Development
|
||||
# Uses environment variables from .env files
|
||||
# Variables: DEPLOYMENT_NAME, NEST_NAME, MANAGED_DOMAIN, PAWPRINT_DOMAIN
|
||||
|
||||
# =============================================================================
|
||||
# MANAGED APP WITH WRAPPER - amar.nest.local.com
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name ${MANAGED_DOMAIN};
|
||||
|
||||
# Wrapper static files
|
||||
location /wrapper/ {
|
||||
alias /app/wrapper/;
|
||||
add_header Cache-Control "no-cache";
|
||||
}
|
||||
|
||||
# Backend API
|
||||
location /api/ {
|
||||
proxy_pass http://${DEPLOYMENT_NAME}_backend:8000/api/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_read_timeout 300;
|
||||
}
|
||||
|
||||
# Django admin
|
||||
location /admin/ {
|
||||
proxy_pass http://${DEPLOYMENT_NAME}_backend:8000/admin/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Django static files
|
||||
location /static/ {
|
||||
proxy_pass http://${DEPLOYMENT_NAME}_backend:8000/static/;
|
||||
}
|
||||
|
||||
# Frontend with wrapper injection
|
||||
location / {
|
||||
proxy_pass http://${DEPLOYMENT_NAME}_frontend:3000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_read_timeout 300;
|
||||
|
||||
# WebSocket support for Next.js hot reload
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
# Inject wrapper scripts into HTML
|
||||
sub_filter '</head>' '<link rel="stylesheet" href="/wrapper/sidebar.css"><script src="/wrapper/sidebar.js"></script></head>';
|
||||
sub_filter_once on;
|
||||
proxy_set_header Accept-Encoding "";
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# MANAGED APP WITHOUT WRAPPER - amar.local.com
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name amar.local.com;
|
||||
|
||||
# Backend API
|
||||
location /api/ {
|
||||
proxy_pass http://${DEPLOYMENT_NAME}_backend:8000/api/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_read_timeout 300;
|
||||
}
|
||||
|
||||
# Django admin
|
||||
location /admin/ {
|
||||
proxy_pass http://${DEPLOYMENT_NAME}_backend:8000/admin/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Django static files
|
||||
location /static/ {
|
||||
proxy_pass http://${DEPLOYMENT_NAME}_backend:8000/static/;
|
||||
}
|
||||
|
||||
# Frontend (clean, no wrapper)
|
||||
location / {
|
||||
proxy_pass http://${DEPLOYMENT_NAME}_frontend:3000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_read_timeout 300;
|
||||
|
||||
# WebSocket support for Next.js hot reload
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# PAWPRINT - Main Service + Ecosystem
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name ${PAWPRINT_DOMAIN};
|
||||
|
||||
# Artery - API Gateway
|
||||
location /artery/ {
|
||||
proxy_pass http://${NEST_NAME}_artery:8000/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Album - Media Service
|
||||
location /album/ {
|
||||
proxy_pass http://${NEST_NAME}_album:8000/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Ward - Admin Interface
|
||||
location /ward/ {
|
||||
proxy_pass http://${NEST_NAME}_ward:8000/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Pawprint - Main Service (default)
|
||||
location / {
|
||||
proxy_pass http://${NEST_NAME}_pawprint:8000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
6
mainroom/ctrl/server/nginx/docker-local.conf.template
Normal file
6
mainroom/ctrl/server/nginx/docker-local.conf.template
Normal file
@@ -0,0 +1,6 @@
|
||||
# Conditional wrapper injection based on ENABLE_WRAPPER env var
|
||||
{{if ENABLE_WRAPPER}}
|
||||
sub_filter '</head>' '<link rel="stylesheet" href="/wrapper/sidebar.css"><script src="/wrapper/sidebar.js"></script></head>';
|
||||
sub_filter_once on;
|
||||
proxy_set_header Accept-Encoding "";
|
||||
{{endif}}
|
||||
60
mainroom/ctrl/server/nginx/docker.conf
Normal file
60
mainroom/ctrl/server/nginx/docker.conf
Normal file
@@ -0,0 +1,60 @@
|
||||
# Nginx Config Template for Docker
|
||||
# Uses environment variables from .env files
|
||||
# Variables: DEPLOYMENT_NAME, MANAGED_DOMAIN, PAWPRINT_DOMAIN, MANAGED_*
|
||||
|
||||
# =============================================================================
|
||||
# MANAGED DOMAIN
|
||||
# =============================================================================
|
||||
# Completely defined by the parent deployment (e.g., core_nest)
|
||||
# Pawprint doesn't know or care about the managed app's structure
|
||||
server {
|
||||
listen 80;
|
||||
server_name ${MANAGED_DOMAIN};
|
||||
|
||||
# All location blocks defined in MANAGED_LOCATIONS env var
|
||||
${MANAGED_LOCATIONS}
|
||||
}
|
||||
|
||||
# =============================================================================
|
||||
# PAWPRINT - Main Service + Ecosystem
|
||||
# =============================================================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name ${PAWPRINT_DOMAIN};
|
||||
|
||||
# Artery - API Gateway
|
||||
location /artery/ {
|
||||
proxy_pass http://${DEPLOYMENT_NAME}_artery:8000/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Album - Media Service
|
||||
location /album/ {
|
||||
proxy_pass http://${DEPLOYMENT_NAME}_album:8000/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Ward - Admin Interface
|
||||
location /ward/ {
|
||||
proxy_pass http://${DEPLOYMENT_NAME}_ward:8000/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Pawprint - Main Service (default)
|
||||
location / {
|
||||
proxy_pass http://${DEPLOYMENT_NAME}_pawprint:8000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
23
mainroom/ctrl/server/nginx/generate-config.sh
Executable file
23
mainroom/ctrl/server/nginx/generate-config.sh
Executable file
@@ -0,0 +1,23 @@
|
||||
#!/bin/sh
|
||||
# Generate nginx config based on ENABLE_WRAPPER env var
|
||||
|
||||
TEMPLATE="/etc/nginx/templates/docker-local.conf.template"
|
||||
OUTPUT="/etc/nginx/conf.d/default.conf"
|
||||
|
||||
# Start with the template
|
||||
cp "$TEMPLATE" "$OUTPUT"
|
||||
|
||||
# If ENABLE_WRAPPER is not true, remove wrapper injection
|
||||
if [ "$ENABLE_WRAPPER" != "true" ]; then
|
||||
echo "Wrapper disabled - removing injection lines"
|
||||
sed -i '/wrapper/d' "$OUTPUT"
|
||||
sed -i '/sub_filter/d' "$OUTPUT"
|
||||
sed -i '/Accept-Encoding/d' "$OUTPUT"
|
||||
fi
|
||||
|
||||
# Replace env vars
|
||||
envsubst '${DEPLOYMENT_NAME} ${NEST_NAME} ${MANAGED_DOMAIN} ${PAWPRINT_DOMAIN}' < "$OUTPUT" > /tmp/nginx.conf
|
||||
mv /tmp/nginx.conf "$OUTPUT"
|
||||
|
||||
echo "Nginx config generated (ENABLE_WRAPPER=$ENABLE_WRAPPER)"
|
||||
cat "$OUTPUT"
|
||||
Reference in New Issue
Block a user