fix(nginx): fix static assets 404 on new domain

Remove broken location blocks for static files that had no proxy_pass,
which caused all .js/.css files to return 404 or HTML.
Add explicit /pos/static/ location with proxy_pass + cache headers.
Update nexus-pos.conf in repo to match live config.

nginx/nexus-pos.conf

@@ -1,91 +1,39 @@
-# Wildcard subdomain routing for Nexus POS
-# DNS: *.nexusautoparts.com -> server IP (Cloudflare wildcard)
-
-# Rate limiting zone
-limit_req_zone $binary_remote_addr zone=pos_login:10m rate=10r/s;
-
-# Upstream backends
-upstream nexus_main {
-    server 127.0.0.1:5000;
-}
-
 upstream nexus_pos {
     server 127.0.0.1:5001;
 }
 
+upstream nexus_dashboard {
+    server 127.0.0.1:5000;
+}
+
 upstream nexus_quart {
     server 127.0.0.1:5002;
 }
 
-# Gzip compression
-gzip on;
-gzip_vary on;
-gzip_proxied any;
-gzip_comp_level 6;
-gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
-
-# Main site (no subdomain)
+# ─── POS (primary domain) ───
 server {
     listen 80;
-    server_name nexusautoparts.com www.nexusautoparts.com;
+    server_name nexusautoparts.com.mx www.nexusautoparts.com.mx;
 
-    # POS static assets — served directly by nginx (not proxied)
-    # ^~ prevents regex locations from intercepting these requests
-    location ^~ /pos/static/ {
-        alias /home/Autopartes/pos/static/;
-        expires 6M;
-        add_header Cache-Control "public, immutable";
-        add_header X-Content-Type-Options nosniff always;
-        access_log off;
-    }
+    client_max_body_size 10M;
 
-    location / {
-        proxy_pass http://nexus_main;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_connect_timeout 10s;
-        proxy_send_timeout 30s;
-        proxy_read_timeout 30s;
-        proxy_buffering on;
-        proxy_buffer_size 4k;
-        proxy_buffers 8 4k;
-    }
-}
+    # Gzip compression
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
 
-# POS subdomains (wildcard)
-server {
-    listen 80;
-    server_name ~^(?<tenant>.+)\.nexusautoparts\.com$;
-
-    # Security headers
-    add_header X-Content-Type-Options nosniff always;
-    add_header X-Frame-Options SAMEORIGIN always;
-
-    # POS static assets — served directly by nginx (not proxied)
-    # ^~ prevents regex locations from intercepting these requests
-    location ^~ /pos/static/ {
-        alias /home/Autopartes/pos/static/;
-        expires 6M;
-        add_header Cache-Control "public, immutable";
-        add_header X-Content-Type-Options nosniff always;
-        access_log off;
-    }
-
-    location / {
+    # Static assets with caching (proxy to Flask)
+    location /pos/static/ {
         proxy_pass http://nexus_pos;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Tenant-Subdomain $tenant;
-        proxy_connect_timeout 10s;
-        proxy_send_timeout 30s;
-        proxy_read_timeout 30s;
-        proxy_buffering on;
-        proxy_buffer_size 4k;
-        proxy_buffers 8 4k;
+        expires 6M;
+        add_header Cache-Control "public, immutable";
+        add_header X-Content-Type-Options nosniff always;
     }
 
     # Async catalog search via Quart+asyncpg (non-blocking I/O)
@@ -95,21 +43,68 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Tenant-Subdomain $tenant;
         proxy_connect_timeout 5s;
         proxy_send_timeout 30s;
         proxy_read_timeout 30s;
         proxy_buffering off;
     }
 
-    # Rate limit login endpoint
-    location /pos/api/auth/login {
-        limit_req zone=pos_login burst=5 nodelay;
+    location = / {
+        return 302 /pos/login;
+    }
+
+    location / {
         proxy_pass http://nexus_pos;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Tenant-Subdomain $tenant;
+        proxy_read_timeout 300s;
+    }
+}
+
+# ─── Dashboard (admin subdomain) ───
+server {
+    listen 80;
+    server_name admin.nexusautoparts.com.mx;
+
+    client_max_body_size 10M;
+
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
+    location / {
+        proxy_pass http://nexus_dashboard;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 300s;
+    }
+}
+
+# ─── Legacy domain (keep for migration period) ───
+server {
+    listen 80;
+    server_name nexus.consultoria-as.com;
+
+    client_max_body_size 10M;
+
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
+    location / {
+        proxy_pass http://nexus_dashboard;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 300s;
     }
 }