uchill/docker/nginx/conf.d/default.conf

# ==============================================
# Nginx в контейнере (PROD: порт 8084 на хосте).
# Upstream — по имени сервиса: web:8000, front_material:3000 (внутри сети).
# ==============================================

# API Backend (Django) — default_server: сюда попадают запросы на localhost и api.localhost
server {
    listen 80 default_server;
    server_name api.localhost localhost;
    
    charset utf-8;
    client_max_body_size 100M;

    # ==============================================
    # API ENDPOINTS
    # ==============================================
    location /api/ {
        limit_req zone=api_limit burst=20 nodelay;
        
        proxy_pass http://django;
        proxy_http_version 1.1;
        
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Connection "";
        
        proxy_connect_timeout 300s;
        proxy_send_timeout 300s;
        proxy_read_timeout 300s;
    }

    # ==============================================
    # ADMIN PANEL
    # ==============================================
    location /admin/ {
        proxy_pass http://django;
        proxy_http_version 1.1;
        
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # ==============================================
    # WEBSOCKET CONNECTIONS
    # ==============================================
    location /ws/ {
        proxy_pass http://django;
        proxy_http_version 1.1;
        
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        proxy_connect_timeout 7d;
        proxy_send_timeout 7d;
        proxy_read_timeout 7d;
    }

    # Запрет выполнения скриптов в static и media
    location ~* ^/(static|media)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
        deny all;
        access_log off;
    }

    # ==============================================
    # СТАТИЧЕСКИЕ ФАЙЛЫ — содержимое STATIC_ROOT (staticfiles) из volume
    # Web пишет в /app/staticfiles (volume), nginx читает тот же volume как /var/www/static
    # ==============================================
    location /static/ {
        alias /var/www/static/;
        expires 30d;
        add_header Cache-Control "public, immutable";
        add_header X-Content-Type-Options "nosniff" always;
        access_log off;
    }

    # ==============================================
    # МЕДИА ФАЙЛЫ — содержимое MEDIA_ROOT (media) из volume
    # ==============================================
    location /media/ {
        alias /var/www/media/;
        expires 7d;
        add_header Cache-Control "public";
        add_header X-Content-Type-Options "nosniff" always;
    }

    # ==============================================
    # LIVEKIT - видеоконференции (2K, высокий битрейт)
    # Увеличенные буферы для WebSocket и видеопотока
    # ==============================================
    location = /livekit/rtc/v1/validate {
        add_header Content-Type application/json;
        return 200 '{}';
    }
    location /livekit {
        proxy_pass http://livekit/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400s;
        proxy_send_timeout 86400s;
        proxy_connect_timeout 60s;
        # Буферы для высокого битрейта (2K / 6 Mbps)
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        proxy_temp_file_write_size 256k;
    }

    # ==============================================
    # HEALTH CHECK
    # ==============================================
    location /health/ {
        proxy_pass http://django;
        access_log off;
    }
}

# Frontend (Next.js) — app.localhost и app.uchill.online
server {
    listen 80;
    server_name app.localhost app.uchill.online;
    
    charset utf-8;

    location / {
        limit_req zone=general_limit burst=50 nodelay;
        
        proxy_pass http://frontend;
        proxy_http_version 1.1;
        
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Connection "";
        
        # Для Hot Module Replacement (HMR) в development
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # Next.js static files
    location /_next/static/ {
        proxy_pass http://frontend;
        expires 365d;
        add_header Cache-Control "public, immutable";
        access_log off;
    }
}