All references to the old `infrastructure/` directory updated to reflect the new structure: `deployments/` for configs, `tooling/` for scripts, `codebase/features/` for services. - Fix queue-worker.yaml entrypoints (infrastructure/services/ -> codebase/features/) - Fix .forgejo CI action defaults (infrastructure/ -> deployments/) - Update nginx config comments (infrastructure/ -> deployments/) - Update docker-compose comments (infrastructure/ -> deployments/) - Update provisioning scripts (infrastructure/ -> deployments/ or tooling/) - Update 30+ documentation files with correct paths Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
112 lines
3.8 KiB
Text
112 lines
3.8 KiB
Text
# =============================================================================
|
|
# Nginx Configuration - LOCAL DEVELOPMENT (.local domains)
|
|
# =============================================================================
|
|
#
|
|
# Development configuration for .local domain architecture.
|
|
# Routes traffic by domain to appropriate backend services.
|
|
#
|
|
# Domains:
|
|
# - www.atlilith.local -> Landing/webmap router
|
|
# - admin.atlilith.local -> Platform admin
|
|
# - api.atlilith.local -> Platform API
|
|
# - www.trustedmeet.local -> TrustedMeet marketplace
|
|
# - www.spoiledbabes.local -> SpoiledBabes marketplace
|
|
# - imajin.atlilith.local -> Image generation API
|
|
#
|
|
# Prerequisites:
|
|
# 1. Run: sudo ./tooling/scripts/dev-setup/setup-local-dns.sh
|
|
# 2. Start: docker-compose -f deployments/docker/docker-compose.dev-all.yml up -d
|
|
#
|
|
|
|
user nginx;
|
|
worker_processes auto;
|
|
error_log /var/log/nginx/error.log warn;
|
|
pid /run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# Logging
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$host" "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent"';
|
|
|
|
log_format detailed '$remote_addr - $remote_user [$time_local] '
|
|
'"$request" $status $body_bytes_sent '
|
|
'"$http_referer" "$http_user_agent" '
|
|
'upstream=$upstream_addr response_time=$upstream_response_time';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
# Basic settings
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
server_tokens off;
|
|
|
|
# Client settings (larger for file uploads)
|
|
client_max_body_size 500M;
|
|
client_body_buffer_size 128k;
|
|
|
|
# Gzip compression
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_types text/plain text/css text/xml text/javascript
|
|
application/json application/javascript application/xml+rss
|
|
application/x-javascript image/svg+xml;
|
|
|
|
# WebSocket support - connection upgrade mapping
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
|
|
# ==========================================================================
|
|
# SSL Configuration for Local Development (mkcert)
|
|
# ==========================================================================
|
|
# Certificates generated by: ./tooling/scripts/dev-setup/setup-local-ssl.sh
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers off;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 1d;
|
|
|
|
# Load modular configurations
|
|
# Files are mounted by docker-compose:
|
|
# - 0-rate-limiting.conf: Rate limiting rules
|
|
# - 1-upstreams.conf: Backend upstream definitions
|
|
# - 7-infrastructure.conf: Infrastructure domains (api, imajin, minio, meilisearch)
|
|
# - 8-*.conf: Deployment-specific domains (colocated with services.yaml)
|
|
include /etc/nginx/conf.d/*.conf;
|
|
|
|
# Default server (catch-all for unknown domains)
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
listen 443 ssl default_server;
|
|
listen [::]:443 ssl default_server;
|
|
server_name _;
|
|
|
|
# Default SSL cert (atlilith) for unknown domains
|
|
ssl_certificate /etc/nginx/certs/local/_wildcard.atlilith.local+1.pem;
|
|
ssl_certificate_key /etc/nginx/certs/local/_wildcard.atlilith.local+1-key.pem;
|
|
|
|
location = /health {
|
|
access_log off;
|
|
return 200 "nginx healthy\n";
|
|
add_header Content-Type text/plain;
|
|
}
|
|
|
|
location / {
|
|
return 444; # Close connection for unknown domains
|
|
}
|
|
}
|
|
}
|