lecoffre-back-mini/confs/nginx/_effective_20250924-190412/sites-enabled/dev3.4nkweb.com

server {
	listen 443 ssl;
	server_name dev3.4nkweb.com;

    # Callback IdNot -> backend, avec CORS dynamique et masquage des en-têtes upstream
    location = /idnot/callback {
        # Masquer les en-têtes CORS envoyés par l'upstream (Express)
        proxy_hide_header Access-Control-Allow-Origin;
        proxy_hide_header Access-Control-Allow-Credentials;
        proxy_hide_header Access-Control-Allow-Headers;
        proxy_hide_header Access-Control-Allow-Methods;

        # CORS dynamique: autorise dev4, local.4nkweb.com:3000, localhost:3000 et sous-domaines *.4nkweb.com
        set $cors_origin "";
        if ($http_origin ~* ^(https://dev4\.4nkweb\.com|http://local\.4nkweb\.com:3000|http://localhost:3000|https://.*\.4nkweb\.com)$) {
            set $cors_origin $http_origin;
        }

        # Préflight OPTIONS
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin $cors_origin always;
            add_header Access-Control-Allow-Credentials "true" always;
            add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always;
            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
            add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
            return 204;
        }

        # En-têtes CORS pour les autres méthodes
        add_header Access-Control-Allow-Origin $cors_origin always;
        add_header Access-Control-Allow-Credentials "true" always;
        add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always;
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
        add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;

        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

	ssl_certificate /etc/letsencrypt/live/dev3.4nkweb.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/dev3.4nkweb.com/privkey.pem;

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
	ssl_ciphers HIGH:!aNULL:!MD5;
	# Redirection des requêtes HTTP normales vers Vite
	location / {
		proxy_pass http://localhost:3004;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
		proxy_set_header Host $host;
	}

	location /ws/ {
		proxy_pass http://localhost:8090;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-NginX-Proxy true;

		proxy_read_timeout 86400;
		proxy_set_header Connection "Upgrade";
	}

	location /storage/ {
		if ($request_method = 'OPTIONS') {
			add_header 'Access-Control-Allow-Origin' '*' always;
			add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
			add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
			add_header 'Access-Control-Max-Age' 86400;
			add_header 'Content-Length' 0;
			add_header 'Content-Type' 'text/plain';
			return 204;
		}

		add_header 'Access-Control-Allow-Origin' '*' always;
		add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
		add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;

		rewrite ^/storage(/.*)$ $1 break;
		proxy_pass http://localhost:8080;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
		proxy_set_header Host $host;
	}

	location ^~ /api/ {
		# Masquer les en-têtes CORS de l'upstream (Express)
		proxy_hide_header Access-Control-Allow-Origin;
		proxy_hide_header Access-Control-Allow-Credentials;
		proxy_hide_header Access-Control-Allow-Headers;
		proxy_hide_header Access-Control-Allow-Methods;

		# CORS dynamique: autorise dev4, local.4nkweb.com:3000, localhost:3000 et sous-domaines *.4nkweb.com
		set $cors_origin "";
		if ($http_origin ~* ^(https://dev4\.4nkweb\.com|http://local\.4nkweb\.com:3000|http://localhost:3000|https://.*\.4nkweb\.com)$) {
			set $cors_origin $http_origin;
		}

		# Préflight OPTIONS
		if ($request_method = OPTIONS) {
			add_header Access-Control-Allow-Origin $cors_origin always;
			add_header Access-Control-Allow-Credentials "true" always;
			add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always;
			add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
			add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
			return 204;
		}

		# En-têtes CORS pour les autres méthodes
		add_header Access-Control-Allow-Origin $cors_origin always;
		add_header Access-Control-Allow-Credentials "true" always;
		add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always;
		add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
		add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;

		proxy_pass http://127.0.0.1:8080;
		proxy_set_header Host              $host;
		proxy_set_header X-Real-IP         $remote_addr;
		proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
	}

	location @handle_502 {
		internal;
		add_header Access-Control-Allow-Origin  "*" always;
		add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
		add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, X-Requested-With" always;
		return 502;
	}

}

server {
	if ($host = dev3.4nkweb.com) {
		return 301 https://$host$request_uri;
	} # managed by Certbot


	listen 80;
	server_name dev3.4nkweb.com;
    location = /idnot/callback {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

	return 301 https://$host$request_uri;


}