consultoria-as
6628f2deef
- Nginx wildcard config: *.nexusautoparts.com routes to POS app with X-Tenant-Subdomain header - middleware_tenant.py: resolves subdomain -> tenant_id via nexus_master.tenants.subdomain - auth_bp: login and employee list endpoints accept tenant from subdomain, URL param, or body - login.html: auto-detects tenant from subdomain, shows business name, falls back to ?tenant=ID - tenant_manager: generates subdomain slug from business name on provision_tenant() - Migration v1.2: adds subdomain column + unique index to tenants table - setup-nginx.sh: one-command install script for the nginx config Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
59 lines
1.6 KiB
Plaintext
59 lines
1.6 KiB
Plaintext
# Wildcard subdomain routing for Nexus POS
|
|
# DNS: *.nexusautoparts.com -> server IP (Cloudflare wildcard)
|
|
|
|
# Rate limiting zone
|
|
limit_req_zone $binary_remote_addr zone=pos_login:10m rate=10r/s;
|
|
|
|
# Upstream backends
|
|
upstream nexus_main {
|
|
server 127.0.0.1:5000;
|
|
}
|
|
|
|
upstream nexus_pos {
|
|
server 127.0.0.1:5001;
|
|
}
|
|
|
|
# Main site (no subdomain)
|
|
server {
|
|
listen 80;
|
|
server_name nexusautoparts.com www.nexusautoparts.com;
|
|
|
|
location / {
|
|
proxy_pass http://nexus_main;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|
|
|
|
# POS subdomains (wildcard)
|
|
server {
|
|
listen 80;
|
|
server_name ~^(?<tenant>.+)\.nexusautoparts\.com$;
|
|
|
|
# Security headers
|
|
add_header X-Content-Type-Options nosniff always;
|
|
add_header X-Frame-Options SAMEORIGIN always;
|
|
|
|
location / {
|
|
proxy_pass http://nexus_pos;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Tenant-Subdomain $tenant;
|
|
}
|
|
|
|
# Rate limit login endpoint
|
|
location /pos/api/auth/login {
|
|
limit_req zone=pos_login burst=5 nodelay;
|
|
proxy_pass http://nexus_pos;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Tenant-Subdomain $tenant;
|
|
}
|
|
}
|