# ============================================================================= # ERP-SUITE - Nginx Configuration Completa # ============================================================================= # Copiar a: /etc/nginx/conf.d/erp-suite.conf # Servidor: 72.60.226.4 # ============================================================================= # ============================================================================= # UPSTREAMS - Todos los verticales # ============================================================================= # ERP-CORE (Base) upstream erp_core_frontend { server 127.0.0.1:3010; keepalive 32; } upstream erp_core_backend { server 127.0.0.1:3011; keepalive 32; } # CONSTRUCCION upstream erp_construccion_frontend { server 127.0.0.1:3020; keepalive 32; } upstream erp_construccion_backend { server 127.0.0.1:3021; keepalive 32; } # VIDRIO-TEMPLADO upstream erp_vidrio_frontend { server 127.0.0.1:3030; keepalive 32; } upstream erp_vidrio_backend { server 127.0.0.1:3031; keepalive 32; } # MECANICAS-DIESEL upstream erp_mecanicas_frontend { server 127.0.0.1:3040; keepalive 32; } upstream erp_mecanicas_backend { server 127.0.0.1:3041; keepalive 32; } # RETAIL upstream erp_retail_frontend { server 127.0.0.1:3050; keepalive 32; } upstream erp_retail_backend { server 127.0.0.1:3051; keepalive 32; } # CLINICAS upstream erp_clinicas_frontend { server 127.0.0.1:3060; keepalive 32; } upstream erp_clinicas_backend { server 127.0.0.1:3061; keepalive 32; } # POS-MICRO upstream erp_pos_frontend { server 127.0.0.1:3070; keepalive 32; } upstream erp_pos_backend { server 127.0.0.1:3071; keepalive 32; } # ============================================================================= # HTTP -> HTTPS REDIRECT (todos los subdominios) # ============================================================================= server { listen 80; server_name erp.isem.dev api.erp.isem.dev construccion.erp.isem.dev api.construccion.erp.isem.dev vidrio.erp.isem.dev api.vidrio.erp.isem.dev mecanicas.erp.isem.dev api.mecanicas.erp.isem.dev retail.erp.isem.dev api.retail.erp.isem.dev clinicas.erp.isem.dev api.clinicas.erp.isem.dev pos.erp.isem.dev api.pos.erp.isem.dev; return 301 https://$server_name$request_uri; } # ============================================================================= # ERP-CORE - Base del sistema # ============================================================================= server { listen 443 ssl http2; server_name erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=31536000" always; access_log /var/log/nginx/erp-core-frontend.log; error_log /var/log/nginx/erp-core-frontend.error.log; gzip on; gzip_types text/plain text/css application/json application/javascript; location / { proxy_pass http://erp_core_frontend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ { proxy_pass http://erp_core_frontend; expires 1y; add_header Cache-Control "public, immutable"; } } server { listen 443 ssl http2; server_name api.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; access_log /var/log/nginx/erp-core-api.log; error_log /var/log/nginx/erp-core-api.error.log; client_max_body_size 50M; location / { proxy_pass http://erp_core_backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 60s; proxy_read_timeout 60s; } location /health { proxy_pass http://erp_core_backend/health; access_log off; } location /ws { proxy_pass http://erp_core_backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 86400; } } # ============================================================================= # CONSTRUCCION # ============================================================================= server { listen 443 ssl http2; server_name construccion.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; access_log /var/log/nginx/erp-construccion-frontend.log; location / { proxy_pass http://erp_construccion_frontend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443 ssl http2; server_name api.construccion.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; access_log /var/log/nginx/erp-construccion-api.log; client_max_body_size 100M; location / { proxy_pass http://erp_construccion_backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /health { proxy_pass http://erp_construccion_backend/health; access_log off; } } # ============================================================================= # MECANICAS-DIESEL # ============================================================================= server { listen 443 ssl http2; server_name mecanicas.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; location / { proxy_pass http://erp_mecanicas_frontend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443 ssl http2; server_name api.mecanicas.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; location / { proxy_pass http://erp_mecanicas_backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /health { proxy_pass http://erp_mecanicas_backend/health; access_log off; } } # ============================================================================= # VIDRIO-TEMPLADO (Reservado) # ============================================================================= server { listen 443 ssl http2; server_name vidrio.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; location / { proxy_pass http://erp_vidrio_frontend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443 ssl http2; server_name api.vidrio.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; location / { proxy_pass http://erp_vidrio_backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # ============================================================================= # RETAIL (Reservado) # ============================================================================= server { listen 443 ssl http2; server_name retail.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; location / { proxy_pass http://erp_retail_frontend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443 ssl http2; server_name api.retail.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; location / { proxy_pass http://erp_retail_backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # ============================================================================= # CLINICAS (Reservado) # ============================================================================= server { listen 443 ssl http2; server_name clinicas.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; location / { proxy_pass http://erp_clinicas_frontend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443 ssl http2; server_name api.clinicas.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; location / { proxy_pass http://erp_clinicas_backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # ============================================================================= # POS-MICRO (Reservado) # ============================================================================= server { listen 443 ssl http2; server_name pos.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; location / { proxy_pass http://erp_pos_frontend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443 ssl http2; server_name api.pos.erp.isem.dev; ssl_certificate /etc/letsencrypt/live/isem.dev/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/isem.dev/privkey.pem; location / { proxy_pass http://erp_pos_backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }