# 1. TaxBaik 홈페이지 (taxbaik.com, www.taxbaik.com) server { server_name taxbaik.com www.taxbaik.com; client_max_body_size 512M; # /admin 은 관리자 진입용 경로로만 사용하고, 실제 앱은 /taxbaik/admin 에서 서빙한다. # 공개 루트(/)는 공용 SSR 홈페이지를 반환해야 하므로, 관리 UI와 절대 섞지 않는다. location /admin { return 301 $scheme://$host/taxbaik$request_uri; } # 루트 경로는 공용 SSR 홈페이지. location / { proxy_pass http://127.0.0.1:5001/taxbaik/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # /taxbaik/ 하위는 공개 사이트의 정식 base path. location /taxbaik { proxy_pass http://127.0.0.1:5001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 120s; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/taxbaik.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/taxbaik.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } # 2. Gitea (gitea.taxbaik.com) server { server_name gitea.taxbaik.com; client_max_body_size 512M; location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 300; proxy_connect_timeout 300; proxy_send_timeout 300; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/taxbaik.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/taxbaik.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } # 3. QuantEngine (quant.taxbaik.com) server { server_name quant.taxbaik.com; location / { proxy_pass http://127.0.0.1:5000/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/taxbaik.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/taxbaik.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = www.taxbaik.com) { return 301 https://$host$request_uri; } # managed by Certbot if ($host = taxbaik.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name taxbaik.com www.taxbaik.com; return 404; # managed by Certbot } server { if ($host = gitea.taxbaik.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name gitea.taxbaik.com; return 404; # managed by Certbot } server { if ($host = quant.taxbaik.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name quant.taxbaik.com; return 404; # managed by Certbot }