events { worker_connections 1024; } http { # Catch-all HTTP -> HTTPS redirect (handles localhost and unknown hosts) server { listen 80 default_server; server_name _; return 301 https://$host$request_uri; } # Main domain - Landing page server { listen 80; server_name motovaultpro.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name motovaultpro.com; ssl_certificate /etc/nginx/certs/motovaultpro.com.crt; ssl_certificate_key /etc/nginx/certs/motovaultpro.com.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass http://mvp-platform-landing:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # Admin subdomain - Admin tenant server { listen 80; server_name admin.motovaultpro.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name admin.motovaultpro.com; ssl_certificate /etc/nginx/certs/motovaultpro.com.crt; ssl_certificate_key /etc/nginx/certs/motovaultpro.com.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass http://admin-frontend:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /api/ { proxy_pass http://admin-backend:3001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } }