feat(deploy): serve backend from api subdomain

2026-04-29 20:16:18 +03:30
parent 64be80da12
commit a91606cc32
4 changed files with 73 additions and 19 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -5,6 +5,13 @@ server {
    return 301 https://qlockify.ir$request_uri;
 }

+server {
+    listen 80;
+    server_name api.qlockify.ir;
+
+    return 301 https://api.qlockify.ir$request_uri;
+}
+
 server {
    listen 443 ssl;
    http2 on;
@@ -35,7 +42,58 @@ server {
    client_max_body_size 100M;
    sendfile on;

-    # Static and Media files
+    location /api/ {
+        return 301 https://api.qlockify.ir$request_uri;
+    }
+
+    location /admin/ {
+        return 301 https://api.qlockify.ir$request_uri;
+    }
+
+    location /docs {
+        return 301 https://api.qlockify.ir$request_uri;
+    }
+
+    location /redoc {
+        return 301 https://api.qlockify.ir$request_uri;
+    }
+
+    location /openapi.json {
+        return 301 https://api.qlockify.ir$request_uri;
+    }
+
+    location /static/ {
+        return 301 https://api.qlockify.ir$request_uri;
+    }
+
+    location /media/ {
+        return 301 https://api.qlockify.ir$request_uri;
+    }
+
+    location / {
+        proxy_pass http://frontend:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
+server {
+    listen 443 ssl;
+    http2 on;
+    server_name api.qlockify.ir;
+
+    ssl_certificate /etc/nginx/certs/fullchain.pem;
+    ssl_certificate_key /etc/nginx/certs/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:10m;
+
+    client_max_body_size 100M;
+    sendfile on;
+
    location /static/ {
        alias /usr/share/nginx/html/static/;
        expires 30d;
@@ -48,7 +106,6 @@ server {
        access_log off;
    }

-    # Protect API Documentation with Basic Auth
    location ~ ^/(docs|redoc|openapi.json|api/docs|api/redoc|api/openapi.json|api/v1/docs) {
        auth_basic "Restricted API Documentation";
        auth_basic_user_file /etc/nginx/.htpasswd;
@@ -90,12 +147,4 @@ server {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
-
-    location / {
-        proxy_pass http://frontend:80;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
 }