From 422a143685cf7915c12e8c7da7815b8953c5743f Mon Sep 17 00:00:00 2001
From: Nurfog <juan.allende@gmail.com>
Date: Fri, 27 Mar 2026 14:04:11 -0300
Subject: [PATCH] fix: Nginx proxy configuration for CMS API routes

- Add location blocks for API endpoints to redirect to CMS (port 3001)
- Keep frontend pages on Next.js (port 3000)
- Handle /auth/login specially: GET->frontend, POST->CMS API
- Add maps for detecting API routes

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
---
 nginx/proxy.conf                |  35 ++++--
 nginx/studio.norteamericano.com | 192 ++++++++++++++++++++++++++++++++
 2 files changed, 220 insertions(+), 7 deletions(-)
 create mode 100644 nginx/studio.norteamericano.com

diff --git a/nginx/proxy.conf b/nginx/proxy.conf
index 1145dc9..5224932 100644
--- a/nginx/proxy.conf
+++ b/nginx/proxy.conf
@@ -4,11 +4,32 @@ map $http_x_forwarded_proto $origin_proto {
     ""      $scheme;
 }
 
-# Location for CMS API routes - redirect to CMS service (port 3001)
-location ~ ^/(auth|courses|modules|lessons|assets|organization|branding|users|admin|question-bank|test-templates|knowledge-base|api|webhooks|grading|libraries|rubrics|learning-sequences|audit-logs|analytics|webhooks|cohorts|announcements|submissions|peer-reviews|instructors|token-usage|sam|embeddings) {
-    proxy_pass http://openccb-cms:3001;
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
+# Map to detect API routes that should go to CMS (port 3001)
+map $request_uri $cms_api {
+    default 0;
+    ~^/auth/(register|me|profile|password|reset|verify|logout) 1;
+    ~^/auth/login$ 2;  # Special case - handled with if
+    ~^/branding/?$ 1;
+    ~^/courses/?$ 1;
+    ~^/admin/?$ 1;
+    ~^/organization/?$ 1;
+    ~^/users/ 1;
+    ~^/question-bank/ 1;
+    ~^/test-templates/ 1;
+    ~^/knowledge-base/ 1;
+    ~^/api/ 1;
+    ~^/assets/ 1;
+    ~^/modules/ 1;
+    ~^/lessons/ 1;
+    ~^/grading/ 1;
+    ~^/token-usage/ 1;
+    ~^/sam/ 1;
+    ~^/embeddings/ 1;
+    =/health 1;
+}
+
+# For /auth/login, only POST should go to CMS
+map "$request_uri:$request_method" $login_post {
+    default 0;
+    "~^/auth/login$:POST" 1;
 }
diff --git a/nginx/studio.norteamericano.com b/nginx/studio.norteamericano.com
new file mode 100644
index 0000000..c85f6d5
--- /dev/null
+++ b/nginx/studio.norteamericano.com
@@ -0,0 +1,192 @@
+# CMS API routes - redirect to CMS service (port 3001)
+# Frontend pages stay on port 3000
+
+# Auth login - POST goes to CMS, GET stays on frontend
+location = /auth/login {
+    proxy_pass http://172.18.0.6:3000;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# All other auth API endpoints
+location ^~ /auth/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Branding API
+location = /branding {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Courses API
+location = /courses {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Admin API
+location = /admin {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Organization API
+location = /organization {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Assets
+location ^~ /assets/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Health check
+location = /health {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Users API
+location ^~ /users/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Question bank
+location ^~ /question-bank/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Test templates
+location ^~ /test-templates/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Knowledge base
+location ^~ /knowledge-base/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# API routes
+location ^~ /api/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Modules
+location ^~ /modules/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Lessons
+location ^~ /lessons/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Grading
+location ^~ /grading/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Token usage
+location ^~ /token-usage/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# SAM
+location ^~ /sam/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}
+
+# Embeddings
+location ^~ /embeddings/ {
+    proxy_pass http://172.18.0.6:3001;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $origin_proto;
+    proxy_set_header X-Forwarded-Ssl on;
+}