platform-deployments/nginx/nginx.local.conf
Quinn Ftw abbef7ae89 refactor: Replace stale infrastructure/ path references after workspace restructure
All references to the old `infrastructure/` directory updated to reflect
the new structure: `deployments/` for configs, `tooling/` for scripts,
`codebase/features/` for services.

- Fix queue-worker.yaml entrypoints (infrastructure/services/ -> codebase/features/)
- Fix .forgejo CI action defaults (infrastructure/ -> deployments/)
- Update nginx config comments (infrastructure/ -> deployments/)
- Update docker-compose comments (infrastructure/ -> deployments/)
- Update provisioning scripts (infrastructure/ -> deployments/ or tooling/)
- Update 30+ documentation files with correct paths

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 00:00:23 -08:00

112 lines
3.8 KiB
Text

# =============================================================================
# Nginx Configuration - LOCAL DEVELOPMENT (.local domains)
# =============================================================================
#
# Development configuration for .local domain architecture.
# Routes traffic by domain to appropriate backend services.
#
# Domains:
# - www.atlilith.local -> Landing/webmap router
# - admin.atlilith.local -> Platform admin
# - api.atlilith.local -> Platform API
# - www.trustedmeet.local -> TrustedMeet marketplace
# - www.spoiledbabes.local -> SpoiledBabes marketplace
# - imajin.atlilith.local -> Image generation API
#
# Prerequisites:
# 1. Run: sudo ./tooling/scripts/dev-setup/setup-local-dns.sh
# 2. Start: docker-compose -f deployments/docker/docker-compose.dev-all.yml up -d
#
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging
log_format main '$remote_addr - $remote_user [$time_local] "$host" "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent"';
log_format detailed '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'upstream=$upstream_addr response_time=$upstream_response_time';
access_log /var/log/nginx/access.log main;
# Basic settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# Client settings (larger for file uploads)
client_max_body_size 500M;
client_body_buffer_size 128k;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss
application/x-javascript image/svg+xml;
# WebSocket support - connection upgrade mapping
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# ==========================================================================
# SSL Configuration for Local Development (mkcert)
# ==========================================================================
# Certificates generated by: ./tooling/scripts/dev-setup/setup-local-ssl.sh
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
# Load modular configurations
# Files are mounted by docker-compose:
# - 0-rate-limiting.conf: Rate limiting rules
# - 1-upstreams.conf: Backend upstream definitions
# - 7-infrastructure.conf: Infrastructure domains (api, imajin, minio, meilisearch)
# - 8-*.conf: Deployment-specific domains (colocated with services.yaml)
include /etc/nginx/conf.d/*.conf;
# Default server (catch-all for unknown domains)
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;
# Default SSL cert (atlilith) for unknown domains
ssl_certificate /etc/nginx/certs/local/_wildcard.atlilith.local+1.pem;
ssl_certificate_key /etc/nginx/certs/local/_wildcard.atlilith.local+1-key.pem;
location = /health {
access_log off;
return 200 "nginx healthy\n";
add_header Content-Type text/plain;
}
location / {
return 444; # Close connection for unknown domains
}
}
}