upstream hydra_public_api { server hydra:4444; } upstream hydra_admin_api { server hydra:4445; } upstream frontend { server front:3000; } upstream backend { server back:8080; } server { listen 80; server_name oauth2.logidex.ru; location ~ ^/(admin|clients|keys|health|metrics|version|oauth2/auth/requests|oauth2/introspect|oauth2/flush)/? { set $allow 0; if ($remote_addr ~* "172.28.0.*") { set $allow 1; } if ($arg_secret = "CHANGE-ME-INSECURE-PASSWORD") { set $allow 1; } if ($http_x_secret = "CHANGE-ME-INSECURE-PASSWORD") { set $allow 1; } if ($allow = 0) { return 403; } proxy_pass http://hydra_admin_api; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; } location ~ ^/(.well-known|oauth2/auth|oauth2/token|oauth2/sessions|oauth2/revoke|oauth2/fallbacks/consent|oauth2/fallbacks/error|userinfo)/? { proxy_pass http://hydra_public_api; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; } } server { listen 80; server_name id.logidex.ru; location /api/ { proxy_pass http://backend/api/; # Replace with your backend API URL proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } location / { proxy_pass http://frontend; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /_next/webpack-hmr { proxy_pass http://frontend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; } }