# Core Nest - All Services Nginx Config # Single config for entire nest deployment # # Docker Services (primary): # - amar.nest.mcrn.ar (frontend:3000 + backend:8000) # - pawprint.mcrn.ar (port 13000) # - artery.mcrn.ar (port 13001) # - album.mcrn.ar (port 13002) # - ward.mcrn.ar (port 13003) # # Bare Metal Services (fallback): # - pawprint.bare.mcrn.ar (port 12000) # - artery.bare.mcrn.ar (port 12001) # - album.bare.mcrn.ar (port 12002) # - ward.bare.mcrn.ar (port 12003) # ============================================================================= # AMAR - Frontend + Backend # ============================================================================= server { listen 80; server_name amar.nest.mcrn.ar; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name amar.nest.mcrn.ar; ssl_certificate /etc/letsencrypt/live/nest.mcrn.ar/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/nest.mcrn.ar/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # Backend API location /api/ { proxy_pass http://127.0.0.1:8000/api/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 300; } # Django admin location /admin/ { proxy_pass http://127.0.0.1:8000/admin/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Django static files location /static/ { proxy_pass http://127.0.0.1:8000/static/; } # Frontend (default) location / { proxy_pass http://127.0.0.1:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 300; } } # ============================================================================= # PAWPRINT - Main Service # ============================================================================= server { listen 80; server_name pawprint.mcrn.ar; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name pawprint.mcrn.ar; ssl_certificate /etc/letsencrypt/live/pawprint.mcrn.ar/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/pawprint.mcrn.ar/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://127.0.0.1:13000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # ============================================================================= # ARTERY - API Gateway # ============================================================================= server { listen 80; server_name artery.mcrn.ar; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name artery.mcrn.ar; ssl_certificate /etc/letsencrypt/live/artery.mcrn.ar/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/artery.mcrn.ar/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://127.0.0.1:13001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # ============================================================================= # ALBUM - Media Service # ============================================================================= server { listen 80; server_name album.mcrn.ar; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name album.mcrn.ar; ssl_certificate /etc/letsencrypt/live/album.mcrn.ar/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/album.mcrn.ar/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://127.0.0.1:13002; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # ============================================================================= # WARD - Admin Interface # ============================================================================= server { listen 80; server_name ward.mcrn.ar; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name ward.mcrn.ar; ssl_certificate /etc/letsencrypt/live/ward.mcrn.ar/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ward.mcrn.ar/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://127.0.0.1:13003; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # ============================================================================= # BARE METAL SERVICES (FALLBACK) # ============================================================================= # ============================================================================= # PAWPRINT BARE - Main Service (Bare Metal) # ============================================================================= server { listen 80; server_name pawprint.bare.mcrn.ar; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name pawprint.bare.mcrn.ar; ssl_certificate /etc/letsencrypt/live/bare.mcrn.ar/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bare.mcrn.ar/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://127.0.0.1:12000; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # ============================================================================= # ARTERY BARE - API Gateway (Bare Metal) # ============================================================================= server { listen 80; server_name artery.bare.mcrn.ar; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name artery.bare.mcrn.ar; ssl_certificate /etc/letsencrypt/live/bare.mcrn.ar/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bare.mcrn.ar/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://127.0.0.1:12001; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # ============================================================================= # ALBUM BARE - Media Service (Bare Metal) # ============================================================================= server { listen 80; server_name album.bare.mcrn.ar; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name album.bare.mcrn.ar; ssl_certificate /etc/letsencrypt/live/bare.mcrn.ar/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bare.mcrn.ar/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://127.0.0.1:12002; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # ============================================================================= # WARD BARE - Admin Interface (Bare Metal) # ============================================================================= server { listen 80; server_name ward.bare.mcrn.ar; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name ward.bare.mcrn.ar; ssl_certificate /etc/letsencrypt/live/bare.mcrn.ar/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bare.mcrn.ar/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://127.0.0.1:12003; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }