fix: Nginx proxy configuration for CMS API routes
- Add location blocks for API endpoints to redirect to CMS (port 3001) - Keep frontend pages on Next.js (port 3000) - Handle /auth/login specially: GET->frontend, POST->CMS API - Add maps for detecting API routes Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
+28
-7
@@ -4,11 +4,32 @@ map $http_x_forwarded_proto $origin_proto {
|
|||||||
"" $scheme;
|
"" $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Location for CMS API routes - redirect to CMS service (port 3001)
|
# Map to detect API routes that should go to CMS (port 3001)
|
||||||
location ~ ^/(auth|courses|modules|lessons|assets|organization|branding|users|admin|question-bank|test-templates|knowledge-base|api|webhooks|grading|libraries|rubrics|learning-sequences|audit-logs|analytics|webhooks|cohorts|announcements|submissions|peer-reviews|instructors|token-usage|sam|embeddings) {
|
map $request_uri $cms_api {
|
||||||
proxy_pass http://openccb-cms:3001;
|
default 0;
|
||||||
proxy_set_header Host $host;
|
~^/auth/(register|me|profile|password|reset|verify|logout) 1;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
~^/auth/login$ 2; # Special case - handled with if
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
~^/branding/?$ 1;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
~^/courses/?$ 1;
|
||||||
|
~^/admin/?$ 1;
|
||||||
|
~^/organization/?$ 1;
|
||||||
|
~^/users/ 1;
|
||||||
|
~^/question-bank/ 1;
|
||||||
|
~^/test-templates/ 1;
|
||||||
|
~^/knowledge-base/ 1;
|
||||||
|
~^/api/ 1;
|
||||||
|
~^/assets/ 1;
|
||||||
|
~^/modules/ 1;
|
||||||
|
~^/lessons/ 1;
|
||||||
|
~^/grading/ 1;
|
||||||
|
~^/token-usage/ 1;
|
||||||
|
~^/sam/ 1;
|
||||||
|
~^/embeddings/ 1;
|
||||||
|
=/health 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
# For /auth/login, only POST should go to CMS
|
||||||
|
map "$request_uri:$request_method" $login_post {
|
||||||
|
default 0;
|
||||||
|
"~^/auth/login$:POST" 1;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,192 @@
|
|||||||
|
# CMS API routes - redirect to CMS service (port 3001)
|
||||||
|
# Frontend pages stay on port 3000
|
||||||
|
|
||||||
|
# Auth login - POST goes to CMS, GET stays on frontend
|
||||||
|
location = /auth/login {
|
||||||
|
proxy_pass http://172.18.0.6:3000;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# All other auth API endpoints
|
||||||
|
location ^~ /auth/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Branding API
|
||||||
|
location = /branding {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Courses API
|
||||||
|
location = /courses {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Admin API
|
||||||
|
location = /admin {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Organization API
|
||||||
|
location = /organization {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Assets
|
||||||
|
location ^~ /assets/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Health check
|
||||||
|
location = /health {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Users API
|
||||||
|
location ^~ /users/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Question bank
|
||||||
|
location ^~ /question-bank/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Test templates
|
||||||
|
location ^~ /test-templates/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Knowledge base
|
||||||
|
location ^~ /knowledge-base/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# API routes
|
||||||
|
location ^~ /api/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Modules
|
||||||
|
location ^~ /modules/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Lessons
|
||||||
|
location ^~ /lessons/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Grading
|
||||||
|
location ^~ /grading/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Token usage
|
||||||
|
location ^~ /token-usage/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# SAM
|
||||||
|
location ^~ /sam/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Embeddings
|
||||||
|
location ^~ /embeddings/ {
|
||||||
|
proxy_pass http://172.18.0.6:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $origin_proto;
|
||||||
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user