soleprint/mainroom/ctrl/server/nginx/core_nest.conf

# Core Nest - All Services Nginx Config
# Single config for entire nest deployment
#
# Docker Services (primary):
#   - amar.nest.mcrn.ar     (frontend:3000 + backend:8000)
#   - pawprint.mcrn.ar      (port 13000)
#   - artery.mcrn.ar        (port 13001)
#   - album.mcrn.ar         (port 13002)
#   - ward.mcrn.ar          (port 13003)
#
# Bare Metal Services (fallback):
#   - pawprint.bare.mcrn.ar (port 12000)
#   - artery.bare.mcrn.ar   (port 12001)
#   - album.bare.mcrn.ar    (port 12002)
#   - ward.bare.mcrn.ar     (port 12003)

# =============================================================================
# AMAR - Frontend + Backend
# =============================================================================
server {
    listen 80;
    server_name amar.nest.mcrn.ar;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name amar.nest.mcrn.ar;

    ssl_certificate /etc/letsencrypt/live/nest.mcrn.ar/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/nest.mcrn.ar/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # Backend API
    location /api/ {
        proxy_pass http://127.0.0.1:8000/api/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300;
    }

    # Django admin
    location /admin/ {
        proxy_pass http://127.0.0.1:8000/admin/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Django static files
    location /static/ {
        proxy_pass http://127.0.0.1:8000/static/;
    }

    # Frontend (default)
    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300;
    }
}

# =============================================================================
# PAWPRINT - Main Service
# =============================================================================
server {
    listen 80;
    server_name pawprint.mcrn.ar;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name pawprint.mcrn.ar;

    ssl_certificate /etc/letsencrypt/live/pawprint.mcrn.ar/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/pawprint.mcrn.ar/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://127.0.0.1:13000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# =============================================================================
# ARTERY - API Gateway
# =============================================================================
server {
    listen 80;
    server_name artery.mcrn.ar;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name artery.mcrn.ar;

    ssl_certificate /etc/letsencrypt/live/artery.mcrn.ar/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/artery.mcrn.ar/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://127.0.0.1:13001;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# =============================================================================
# ALBUM - Media Service
# =============================================================================
server {
    listen 80;
    server_name album.mcrn.ar;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name album.mcrn.ar;

    ssl_certificate /etc/letsencrypt/live/album.mcrn.ar/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/album.mcrn.ar/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://127.0.0.1:13002;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# =============================================================================
# WARD - Admin Interface
# =============================================================================
server {
    listen 80;
    server_name ward.mcrn.ar;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name ward.mcrn.ar;

    ssl_certificate /etc/letsencrypt/live/ward.mcrn.ar/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ward.mcrn.ar/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://127.0.0.1:13003;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# =============================================================================
# BARE METAL SERVICES (FALLBACK)
# =============================================================================

# =============================================================================
# PAWPRINT BARE - Main Service (Bare Metal)
# =============================================================================
server {
    listen 80;
    server_name pawprint.bare.mcrn.ar;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name pawprint.bare.mcrn.ar;

    ssl_certificate /etc/letsencrypt/live/bare.mcrn.ar/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/bare.mcrn.ar/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://127.0.0.1:12000;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# =============================================================================
# ARTERY BARE - API Gateway (Bare Metal)
# =============================================================================
server {
    listen 80;
    server_name artery.bare.mcrn.ar;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name artery.bare.mcrn.ar;

    ssl_certificate /etc/letsencrypt/live/bare.mcrn.ar/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/bare.mcrn.ar/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://127.0.0.1:12001;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# =============================================================================
# ALBUM BARE - Media Service (Bare Metal)
# =============================================================================
server {
    listen 80;
    server_name album.bare.mcrn.ar;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name album.bare.mcrn.ar;

    ssl_certificate /etc/letsencrypt/live/bare.mcrn.ar/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/bare.mcrn.ar/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://127.0.0.1:12002;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# =============================================================================
# WARD BARE - Admin Interface (Bare Metal)
# =============================================================================
server {
    listen 80;
    server_name ward.bare.mcrn.ar;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name ward.bare.mcrn.ar;

    ssl_certificate /etc/letsencrypt/live/bare.mcrn.ar/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/bare.mcrn.ar/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://127.0.0.1:12003;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}