feat: subdomain routing por tenant — refac-xxx.nexusautoparts.com

- Nginx wildcard config: *.nexusautoparts.com routes to POS app with X-Tenant-Subdomain header - middleware_tenant.py: resolves subdomain -> tenant_id via nexus_master.tenants.subdomain - auth_bp: login and employee list endpoints accept tenant from subdomain, URL param, or body - login.html: auto-detects tenant from subdomain, shows business name, falls back to ?tenant=ID - tenant_manager: generates subdomain slug from business name on provision_tenant() - Migration v1.2: adds subdomain column + unique index to tenants table - setup-nginx.sh: one-command install script for the nginx config Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 07:16:49 +00:00
parent bdbbc78a15
commit 6628f2deef
8 changed files with 360 additions and 20 deletions
--- a/nginx/nexus-pos.conf
+++ b/nginx/nexus-pos.conf
@@ -0,0 +1,58 @@
+# Wildcard subdomain routing for Nexus POS
+# DNS: *.nexusautoparts.com -> server IP (Cloudflare wildcard)
+
+# Rate limiting zone
+limit_req_zone $binary_remote_addr zone=pos_login:10m rate=10r/s;
+
+# Upstream backends
+upstream nexus_main {
+    server 127.0.0.1:5000;
+}
+
+upstream nexus_pos {
+    server 127.0.0.1:5001;
+}
+
+# Main site (no subdomain)
+server {
+    listen 80;
+    server_name nexusautoparts.com www.nexusautoparts.com;
+
+    location / {
+        proxy_pass http://nexus_main;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
+# POS subdomains (wildcard)
+server {
+    listen 80;
+    server_name ~^(?<tenant>.+)\.nexusautoparts\.com$;
+
+    # Security headers
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-Frame-Options SAMEORIGIN always;
+
+    location / {
+        proxy_pass http://nexus_pos;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Tenant-Subdomain $tenant;
+    }
+
+    # Rate limit login endpoint
+    location /pos/api/auth/login {
+        limit_req zone=pos_login burst=5 nodelay;
+        proxy_pass http://nexus_pos;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Tenant-Subdomain $tenant;
+    }
+}