## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # https://www.nginx.com/resources/wiki/start/ # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ # https://wiki.debian.org/Nginx/DirectoryStructure # # In most cases, administrators will remove this file from sites-enabled/ and # leave it as reference inside of sites-available where it will continue to be # updated by the nginx packaging team. # # This file will automatically load configuration files provided by other # applications, such as Drupal or Wordpress. These applications will be made # available underneath a path with that package name, such as /drupal8. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## # Default server configuration # server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/html/robeing; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name _; # Admin dashboard -> 정적 파일 직접 서빙 (표준 방식) # 참고: frontend-customer와 동일한 패턴 (alias 사용) # /admin은 /보다 먼저 매칭되어야 함 location /admin { alias /home/admin/admin-dashboard/frontend/; try_files $uri $uri/ /admin/index.html; index index.html; } # Admin API -> Gateway로 프록시 (JWT 검증 필요) location /admin/api/ { proxy_pass http://localhost:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri /index.html; } # GooseFarm API - must come before /goosefarm for priority location /goosefarm/api/ { proxy_buffering on; proxy_buffer_size 128k; proxy_buffers 8 256k; proxy_busy_buffers_size 512k; proxy_read_timeout 120s; proxy_pass http://localhost:8200/api/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # GooseFarm index.html 캐시 방지 (Vite 해시 파일명 변경 시 즉시 반영) location = /goosefarm/index.html { alias /var/www/html/goosefarm/index.html; add_header Cache-Control "no-store, no-cache, must-revalidate"; } # GooseFarm Frontend location /goosefarm { alias /var/www/html/goosefarm/; try_files $uri /goosefarm/index.html; } # IR Valuation Frontend location /ir-valuation { alias /home/admin/frontend-ir-valuation/dist/; try_files $uri $uri/ /ir-valuation/index.html; } # API endpoints -> route to gateway (host 8100 -> container 8000) location /api/ { proxy_pass http://localhost:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # RB8001 API endpoints - 51124 서버로 프록시 location ^~ /rb8001/ { proxy_pass http://192.168.0.106:8001/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Increase timeout for AI evaluation proxy_read_timeout 300s; proxy_connect_timeout 75s; proxy_send_timeout 300s; } # Robeing Gateway - API Gateway for routing to robeings location ^~ /gateway/ { proxy_pass http://localhost:8100/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Bayesian Presentation - FastAPI Backend (WebSocket 지원) location ^~ /bayesian-api/ { proxy_pass http://localhost:3001/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 지원 proxy_read_timeout 86400; proxy_send_timeout 86400; proxy_buffering off; } # Bayesian Presentation - Frontend (Vite Dev Server) location ^~ /bayesian/ { proxy_pass http://localhost:5174/bayesian/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # HTTP/2 프로토콜 에러 방지 (Vite HMR 스트리밍 지원) proxy_buffering off; proxy_request_buffering off; proxy_cache off; chunked_transfer_encoding on; # 버퍼 크기 증가 proxy_buffer_size 128k; proxy_buffers 8 256k; proxy_busy_buffers_size 512k; } location /.well-known/acme-challenge/ { alias /var/www/html/.well-known/acme-challenge/; } # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # Virtual Host configuration for example.com # # You can move that to a different file under sites-available/ and symlink that # to sites-enabled/ to enable it. # #server { # listen 80; # listen [::]:80; # # server_name example.com; # # root /var/www/example.com; # index index.html; # # location / { # try_files $uri $uri/ =404; # } #} server { # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/html/robeing; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name ro-being.com; # managed by Certbot # Admin dashboard -> 정적 파일 직접 서빙 (표준 방식) # 참고: frontend-customer와 동일한 패턴 (alias 사용) # /admin은 /보다 먼저 매칭되어야 함 location /admin { alias /home/admin/admin-dashboard/frontend/; try_files $uri $uri/ /admin/index.html; index index.html; } # Admin API -> Gateway로 프록시 (JWT 검증 필요) location /admin/api/ { proxy_pass http://localhost:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # IR Valuation Frontend - must come before / for priority location ^~ /ir-valuation { alias /home/admin/frontend-ir-valuation/dist/; try_files $uri $uri/ /ir-valuation/index.html; index index.html; } # Legacy Starsandi paths on ro-being.com -> starsandi.com location ~ ^/(startsandi|zari)(/.*)?$ { return 301 https://starsandi.com$2$is_args$args; } location = /starsandi { return 301 https://starsandi.com/; } location ~ ^/starsandi/(.*)$ { return 301 https://starsandi.com/$1$is_args$args; } # Main application static files location / { try_files $uri /index.html; } # GooseFarm API - must come before /goosefarm for priority location /goosefarm/api/ { proxy_buffering on; proxy_buffer_size 128k; proxy_buffers 8 256k; proxy_busy_buffers_size 512k; proxy_read_timeout 120s; proxy_pass http://localhost:8200/api/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # GooseFarm index.html 캐시 방지 (Vite 해시 파일명 변경 시 즉시 반영) location = /goosefarm/index.html { alias /var/www/html/goosefarm/index.html; add_header Cache-Control "no-store, no-cache, must-revalidate"; } # GooseFarm Frontend location /goosefarm { alias /var/www/html/goosefarm/; try_files $uri /goosefarm/index.html; } # API endpoints -> route to gateway (host 8100 -> container 8000) location /api/ { proxy_pass http://localhost:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # RB8001 API endpoints - 51124 서버로 프록시 location ^~ /rb8001/ { proxy_pass http://192.168.0.106:8001/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Increase timeout for AI evaluation proxy_read_timeout 300s; proxy_connect_timeout 75s; proxy_send_timeout 300s; } # Robeing Gateway - API Gateway for routing to robeings location ^~ /gateway/ { proxy_pass http://localhost:8100/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Bayesian Presentation - FastAPI Backend (WebSocket 지원) location ^~ /bayesian-api/ { proxy_pass http://localhost:3001/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 지원 proxy_read_timeout 86400; proxy_send_timeout 86400; proxy_buffering off; } # Bayesian Presentation - Frontend (Vite Dev Server) location ^~ /bayesian/ { proxy_pass http://localhost:5174/bayesian/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # HTTP/2 프로토콜 에러 방지 (Vite HMR 스트리밍 지원) proxy_buffering off; proxy_request_buffering off; proxy_cache off; chunked_transfer_encoding on; # 버퍼 크기 증가 proxy_buffer_size 128k; proxy_buffers 8 256k; proxy_busy_buffers_size 512k; } location /.well-known/acme-challenge/ { alias /var/www/html/.well-known/acme-challenge/; } location = /basic_status/ { satisfy any; auth_basic "metric admin"; auth_basic_user_file .htpasswd; stub_status; } # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/ro-being.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/ro-being.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = ro-being.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80 ; listen [::]:80 ; server_name ro-being.com; return 404; # managed by Certbot } server { listen 80; listen [::]:80; server_name goosefarminvesting.com; location /.well-known/acme-challenge/ { alias /var/www/html/.well-known/acme-challenge/; } location = / { return 301 https://$host/goosefarm/; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name goosefarminvesting.com; ssl_certificate /etc/letsencrypt/live/goosefarminvesting.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/goosefarminvesting.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location = / { return 301 https://$host/goosefarm/; } location /goosefarm/api/ { proxy_buffering on; proxy_buffer_size 128k; proxy_buffers 8 256k; proxy_busy_buffers_size 512k; proxy_read_timeout 120s; proxy_pass http://localhost:8200/api/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location = /goosefarm/index.html { alias /var/www/html/goosefarm/index.html; add_header Cache-Control "no-store, no-cache, must-revalidate"; } location /goosefarm { alias /var/www/html/goosefarm/; try_files $uri /goosefarm/index.html; } location /.well-known/acme-challenge/ { alias /var/www/html/.well-known/acme-challenge/; } } # Gitea server configuration server { listen 80; server_name git.ro-being.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name git.ro-being.com; ssl_certificate /etc/letsencrypt/live/ro-being.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ro-being.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://localhost:3000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 버퍼 설정 추가 proxy_buffering off; proxy_request_buffering off; proxy_buffer_size 128k; proxy_buffers 8 256k; proxy_busy_buffers_size 512k; proxy_temp_file_write_size 512k; client_body_buffer_size 512m; } } # Auth server configuration server { listen 80; server_name auth.ro-being.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name auth.ro-being.com; ssl_certificate /etc/letsencrypt/live/auth.ro-being.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/auth.ro-being.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://localhost:9000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # OAuth 콜백 타임아웃 늘리기 proxy_read_timeout 300s; proxy_connect_timeout 75s; } location /.well-known/acme-challenge/ { alias /var/www/html/.well-known/acme-challenge/; } }