diff --git a/.env.prod b/.env.prod index 4743dc7..e1bf9b7 100644 --- a/.env.prod +++ b/.env.prod @@ -1,4 +1,4 @@ -DJANGO_ALLOWED_HOSTS=127.0.0.1,imamjavad.nwhco.ir,www.imamjavad.nwhco.ir,*.nwhco.ir,188.40.92.124,88.99.212.243,dovodi.newhorizonco.uk,*.newhorizonco.uk,0.0.0.0,imamjavad.newhorizonco.uk +DJANGO_ALLOWED_HOSTS=127.0.0.1,imamjavad.nwhco.ir,www.imamjavad.nwhco.ir,*.nwhco.ir,188.40.92.124,88.99.212.243,dovodi.newhorizonco.uk,*.newhorizonco.uk,0.0.0.0,imamjavad.newhorizonco.uk,nwhco.ir DJANGO_SETTINGS_MODULE=config.settings.production DJANGO_TRUSTED_ORIGINS=http://127.0.0.1:8000,http://127.0.0.1:8001,https://127.0.0.1:8000,https://127.0.0.1:8001,http://imamjavad.nwhco.ir,https://imamjavad.nwhco.ir,http://www.imamjavad.nwhco.ir,https://www.imamjavad.nwhco.ir,http://*.nwhco.ir,https://*.nwhco.ir,http://188.40.92.124,https://188.40.92.124,http://88.99.212.243,https://88.99.212.243,http://dovodi.newhorizonco.uk,https://dovodi.newhorizonco.uk,http://*.newhorizonco.uk,https://*.newhorizonco.uk,http://0.0.0.0,https://0.0.0.0,http://imamjavad.newhorizonco.uk,https://imamjavad.newhorizonco.uk diff --git a/nginx/dovodi.conf b/nginx/dovodi.conf new file mode 100644 index 0000000..8723321 --- /dev/null +++ b/nginx/dovodi.conf @@ -0,0 +1,143 @@ +server { + listen 80; + # listen 443 ssl; + server_name dovodi.newhorizonco.uk dovoodi.newhorizonco.uk; + # ssl_certificate /etc/nginx/certs/nwhco.pem; + # ssl_certificate_key /etc/nginx/certs/nwhco.key; + # include /etc/nginx/options-ssl-nginx.conf; + + client_max_body_size 500M; + client_body_timeout 600s; + client_header_timeout 60s; + proxy_connect_timeout 600s; + proxy_send_timeout 600s; + proxy_read_timeout 600s; + + # ========== Django Admin Paths (باید قبل از location / باشند) ========== + + # با prefix زبانی + location /en/dovoodi/ { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 1200M; + } + + location /fa/dovoodi/ { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 1200M; + } + + # بدون prefix زبانی (fallback) + location /dovoodi/ { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 1200M; + } + + # ========== Admin Entry Points ========== + + location = /admin { + return 301 /admin/; + } + + location /admin/ { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 1200M; + } + + location = /admin/logout { + return 301 /en/dovoodi/admin/logout/; + } + + # مسیر عمومی admin (سازگاری با config قدیمی) + location /en/admin { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + client_max_body_size 1200M; + } + + # ========== Django Services ========== + + location /api { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_method $request_method; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + + # 🔥 CRITICAL: Forward Authorization header for Token authentication + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + + client_max_body_size 1200M; + } + + location /en/swagger { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + } + + location /en/redoc { + proxy_pass http://88.99.212.243:8010; + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + } + + location /i18n/ { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + } + + # ========== Static & Media Files ========== + + location /static/ { + alias /home/app/web/imam_javad_static/static/; + } + + location /media/ { + alias /home/app/web/imam_javad_static/media/; + } + + # ========== Next.js Frontend ========== + + location /_next/ { + proxy_pass http://88.99.212.243:7227/_next/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + expires 1y; + add_header Cache-Control "public, immutable"; + } + + # ⚠️ این باید آخرین location باشد (fallback) + location / { + proxy_pass http://88.99.212.243:7227; + client_max_body_size 1200M; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} diff --git a/nginx/imamjavad.conf b/nginx/imamjavad.conf new file mode 100644 index 0000000..6abc51d --- /dev/null +++ b/nginx/imamjavad.conf @@ -0,0 +1,153 @@ +server { + listen 80; + # listen 443 ssl; + server_name imamjavad.nwhco.ir imamjavad.newhorizonco.uk; + # ssl_certificate /etc/nginx/certs/nwhco.pem; + # ssl_certificate_key /etc/nginx/certs/nwhco.key; + # include /etc/nginx/options-ssl-nginx.conf; + + client_max_body_size 500M; + client_body_timeout 600s; + client_header_timeout 60s; + proxy_connect_timeout 600s; + proxy_send_timeout 600s; + proxy_read_timeout 600s; + + # ========== Django Admin Paths (باید قبل از location / باشند) ========== + + # با prefix زبانی + location /en/imam-javad/ { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 1200M; + } + + location /fa/imam-javad/ { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 1200M; + } + + # بدون prefix زبانی (fallback) + location /imam-javad/ { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 1200M; + } + + # ========== Admin Entry Points ========== + + location = /admin { + return 301 /admin/; + } + + location /admin/ { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 1200M; + } + + location = /admin/logout { + return 301 /en/imam-javad/admin/logout/; + } + + # مسیر عمومی admin (سازگاری با config قدیمی) + location /en/admin { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + client_max_body_size 1200M; + } + + # ========== Django Services ========== + + location /api { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_method $request_method; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + + # 🔥 CRITICAL: Forward Authorization header for Token authentication + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + + client_max_body_size 1200M; + } + + location /en/swagger { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + } + + location /en/redoc { + proxy_pass http://88.99.212.243:8010; + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + } + + location /i18n/ { + proxy_pass http://88.99.212.243:8010; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + } + + # ========== Other Services ========== + + location /chat { + proxy_pass http://88.99.212.243:8020; + client_max_body_size 1200M; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location /static/ { + alias /home/app/web/imam_javad_static/static/; + } + + location /media/ { + alias /home/app/web/imam_javad_static/media/; + } + + # ========== Next.js Frontend ========== + + location /_next/ { + proxy_pass http://88.99.212.243:7226/_next/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + expires 1y; + add_header Cache-Control "public, immutable"; + } + + # ⚠️ این باید آخرین location باشد (fallback) + location / { + proxy_pass http://88.99.212.243:7226; + client_max_body_size 1200M; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +}