worker_processes auto; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; error_log /var/log/nginx/error.log warn; sendfile on; keepalive_timeout 65; # DNS interne (dnsmasq sur la passerelle Docker de 4nk_network) resolver 172.20.0.1 valid=10s ipv6=off; map $http_upgrade $connection_upgrade { default upgrade; '' close; } # Mapping hôte -> port applicatif map $host $upstream_port { default 80; ihm-client.local 80; coffre-front.local 3000; coffre-back-mini.local 8080; blindbit-oracle.local 8000; sdk-storage.local 8080; sdk-relay1.local 8090; sdk-relay2.local 8090; sdk-relay3.local 8090; sdk-signer.local 9090; grafana-central.local 3000; loki.local 3100; prometheus.local 9091; 4nk-ia-front.local 3000; } ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; server { listen 443 ssl; server_name *.local; ssl_certificate /etc/nginx/certs/local.crt; ssl_certificate_key /etc/nginx/certs/local.key; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options SAMEORIGIN; add_header X-XSS-Protection "1; mode=block"; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_pass http://$host:$upstream_port$request_uri; } } }