# ============================================================================ # DAARION ALL-IN-ONE NGINX GATEWAY # Phase INFRA — Single entry point for all services # ============================================================================ upstream frontend { server frontend:80; } upstream auth_service { server auth-service:7011; } upstream pdp_service { server pdp-service:7012; } upstream usage_engine { server usage-engine:7013; } upstream agents_service { server agents-service:7014; } upstream microdao_service { server microdao-service:7015; } upstream dao_service { server dao-service:7016; } upstream living_map_service { server living-map-service:7017; } upstream messaging_service { server messaging-service:7004; } upstream city_service { server city-service:7001; } upstream space_service { server space-service:7002; } upstream matrix_synapse { server matrix-synapse:8008; } # ============================================================================ # Main Server Block # ============================================================================ server { listen 80; server_name localhost; # Increase buffer sizes for large requests client_max_body_size 100M; client_body_buffer_size 128k; # Timeouts proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; # ======================================================================== # FRONTEND (React SPA) # ======================================================================== location / { proxy_pass http://frontend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # SPA fallback try_files $uri $uri/ /index.html; } # ======================================================================== # CORE SERVICES API # ======================================================================== # Auth Service location /api/auth/ { proxy_pass http://auth_service/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # PDP Service (Authorization) location /api/pdp/ { proxy_pass http://pdp_service/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Usage Engine location /api/usage/ { proxy_pass http://usage_engine/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ======================================================================== # APPLICATION SERVICES API # ======================================================================== # Agents Service (Agent Hub) location /api/agents/ { proxy_pass http://agents_service/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # MicroDAO Service location /api/microdao/ { proxy_pass http://microdao_service/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # DAO Service (Governance) location /api/dao/ { proxy_pass http://dao_service/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Living Map Service location /api/living-map/ { proxy_pass http://living_map_service/living-map/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Messaging Service location /api/messaging/ { proxy_pass http://messaging_service/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # City Service location /api/city/ { proxy_pass http://city_service/api/city/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Space Service location /api/space/ { proxy_pass http://space_service/api/space/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ======================================================================== # WEBSOCKET ENDPOINTS # ======================================================================== # Living Map WebSocket location /ws/living-map/ { proxy_pass http://living_map_service/living-map/stream; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 86400; } # Agents Events WebSocket location /ws/agents/ { proxy_pass http://agents_service/ws/agents/stream; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 86400; } # Messaging WebSocket location /ws/messaging/ { proxy_pass http://messaging_service/ws; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 86400; } # ======================================================================== # MATRIX FEDERATION (Optional, for external federation) # ======================================================================== location /_matrix { proxy_pass http://matrix_synapse; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ======================================================================== # HEALTH CHECK # ======================================================================== location /health { access_log off; return 200 "healthy\n"; add_header Content-Type text/plain; } # ======================================================================== # ERROR PAGES # ======================================================================== error_page 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } # ============================================================================ # HTTPS Server Block (for production with SSL) # ============================================================================ # server { # listen 443 ssl http2; # server_name your-domain.com; # # ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # # # ... same locations as above ... # }