Nurfog/openccb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Nginx proxy configuration for CMS API routes

Browse Source 
- Add location blocks for API endpoints to redirect to CMS (port 3001)
- Keep frontend pages on Next.js (port 3000)
- Handle /auth/login specially: GET->frontend, POST->CMS API
- Add maps for detecting API routes

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Juan Enrique Allende Cifuentes
2026-03-27 14:04:11 -03:00
parent ff0850b87e
commit 422a143685
2 changed files with 220 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nginx/proxy.conf
+28 -7
View File
@@ -4,11 +4,32 @@ map $http_x_forwarded_proto $origin_proto {
"" $scheme;
}
# Location for CMS API routes - redirect to CMS service (port 3001)
location ~ ^/(auth|courses|modules|lessons|assets|organization|branding|users|admin|question-bank|test-templates|knowledge-base|api|webhooks|grading|libraries|rubrics|learning-sequences|audit-logs|analytics|webhooks|cohorts|announcements|submissions|peer-reviews|instructors|token-usage|sam|embeddings) {
proxy_pass http://openccb-cms:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Map to detect API routes that should go to CMS (port 3001)
map $request_uri $cms_api {
default 0;
~^/auth/(register|me|profile|password|reset|verify|logout) 1;
~^/auth/login$ 2; # Special case - handled with if
~^/branding/?$ 1;
~^/courses/?$ 1;
~^/admin/?$ 1;
~^/organization/?$ 1;
~^/users/ 1;
~^/question-bank/ 1;
~^/test-templates/ 1;
~^/knowledge-base/ 1;
~^/api/ 1;
~^/assets/ 1;
~^/modules/ 1;
~^/lessons/ 1;
~^/grading/ 1;
~^/token-usage/ 1;
~^/sam/ 1;
~^/embeddings/ 1;
=/health 1;
}
# For /auth/login, only POST should go to CMS
map "$request_uri:$request_method" $login_post {
default 0;
"~^/auth/login$:POST" 1;
}
nginx/studio.norteamericano.com
+192
View File
@@ -0,0 +1,192 @@
# CMS API routes - redirect to CMS service (port 3001)
# Frontend pages stay on port 3000
# Auth login - POST goes to CMS, GET stays on frontend
location = /auth/login {
proxy_pass http://172.18.0.6:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# All other auth API endpoints
location ^~ /auth/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Branding API
location = /branding {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Courses API
location = /courses {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Admin API
location = /admin {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Organization API
location = /organization {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Assets
location ^~ /assets/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Health check
location = /health {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Users API
location ^~ /users/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Question bank
location ^~ /question-bank/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Test templates
location ^~ /test-templates/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Knowledge base
location ^~ /knowledge-base/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# API routes
location ^~ /api/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Modules
location ^~ /modules/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Lessons
location ^~ /lessons/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Grading
location ^~ /grading/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Token usage
location ^~ /token-usage/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# SAM
location ^~ /sam/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}
# Embeddings
location ^~ /embeddings/ {
proxy_pass http://172.18.0.6:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $origin_proto;
proxy_set_header X-Forwarded-Ssl on;
}