From 1cb22b3f2b2f40d1b35807cfd917ed81bb2ddd7f Mon Sep 17 00:00:00 2001 From: Peyman Date: Sat, 17 May 2025 13:09:44 +0330 Subject: [PATCH 01/28] Testing config --- nginx.conf | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/nginx.conf b/nginx.conf index b1ac5d1..1758c24 100644 --- a/nginx.conf +++ b/nginx.conf @@ -157,6 +157,36 @@ http { } } + server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name $SERVER_NAME_KC; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $host; + proxy_pass http://keycloak:8080; + } + } + + server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name $SERVER_NAME_V2_AUTH; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Authorization $http_authorization; + proxy_pass http://auth-gateway:8080; + } + } + server { listen 443 ssl; listen [::]:443 ssl; From 47f11d82a0c7ecf64405ce6ddc562a424b8b30f5 Mon Sep 17 00:00:00 2001 From: Peyman Date: Sat, 31 May 2025 18:56:58 +0330 Subject: [PATCH 02/28] Add v2api config --- nginx.conf | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/nginx.conf b/nginx.conf index 1758c24..65195b3 100644 --- a/nginx.conf +++ b/nginx.conf @@ -177,6 +177,10 @@ http { server_name $SERVER_NAME_V2_AUTH; + if ($request_method = 'OPTIONS') { + return 204; + } + location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -187,6 +191,27 @@ http { } } + server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name v2api.opex.dev; + + if ($request_method = 'OPTIONS') { + return 204; + } + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Authorization $http_authorization; + proxy_pass http://api:8080; + rewrite ^/(.*)$ /opex/$1 break; + } + } + server { listen 443 ssl; listen [::]:443 ssl; From 307b19db00106c339d5fcced90838cf2ac1c9885 Mon Sep 17 00:00:00 2001 From: Amir Rajabi <34955519+AmirRajabii@users.noreply.github.com> Date: Sat, 19 Jul 2025 18:11:57 +0330 Subject: [PATCH 03/28] add profile --- nginx.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nginx.conf b/nginx.conf index 65195b3..df7a533 100644 --- a/nginx.conf +++ b/nginx.conf @@ -390,6 +390,12 @@ http { proxy_pass $backend; rewrite ^/api/(.*)$ /$1 break; } + + location /profile { + set $backend http://profile:8080; + proxy_pass $backend; + rewrite ^/profile/(.*)$ /$1 break; + } location /sapi { set $backend http://api:8080; From d1b98649108ec0a27619d15746e004d4c6ba2230 Mon Sep 17 00:00:00 2001 From: Peyman Date: Tue, 29 Jul 2025 14:06:21 +0330 Subject: [PATCH 04/28] Add ip configs --- nginx.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nginx.conf b/nginx.conf index 65195b3..e594f14 100644 --- a/nginx.conf +++ b/nginx.conf @@ -166,6 +166,8 @@ http { location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_pass http://keycloak:8080; } @@ -186,6 +188,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; proxy_set_header Authorization $http_authorization; proxy_pass http://auth-gateway:8080; } From 1f9b4bfdff967d0d766b1f52dd16b43c1cbaa7bd Mon Sep 17 00:00:00 2001 From: Amir Rajabi <34955519+AmirRajabii@users.noreply.github.com> Date: Wed, 3 Sep 2025 13:26:15 +0330 Subject: [PATCH 05/28] Add bc-gateway --- nginx.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nginx.conf b/nginx.conf index 1d88deb..914cc18 100644 --- a/nginx.conf +++ b/nginx.conf @@ -399,6 +399,11 @@ http { proxy_pass $backend; rewrite ^/profile/(.*)$ /$1 break; } + location /bc-gateway { + set $backend http://bc-gateway:8080; + proxy_pass $backend; + rewrite ^/bc-gateway/(.*)$ /$1 break; + } location /sapi { set $backend http://api:8080; From 4dd660299fc89a6e4d0f906304e10fea5be3c1ef Mon Sep 17 00:00:00 2001 From: Amir Rajabi <34955519+AmirRajabii@users.noreply.github.com> Date: Wed, 3 Sep 2025 14:30:21 +0330 Subject: [PATCH 06/28] Remove bc-gateway --- nginx.conf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/nginx.conf b/nginx.conf index 914cc18..1d88deb 100644 --- a/nginx.conf +++ b/nginx.conf @@ -399,11 +399,6 @@ http { proxy_pass $backend; rewrite ^/profile/(.*)$ /$1 break; } - location /bc-gateway { - set $backend http://bc-gateway:8080; - proxy_pass $backend; - rewrite ^/bc-gateway/(.*)$ /$1 break; - } location /sapi { set $backend http://api:8080; From 63ba56e9299a6797045669179aac8ef6c62db17e Mon Sep 17 00:00:00 2001 From: Amir Rajabi <34955519+AmirRajabii@users.noreply.github.com> Date: Sun, 2 Nov 2025 15:43:38 +0330 Subject: [PATCH 07/28] Add auth gateway health check --- nginx.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nginx.conf b/nginx.conf index 1d88deb..5e0c743 100644 --- a/nginx.conf +++ b/nginx.conf @@ -280,6 +280,11 @@ http { proxy_pass $backend; rewrite ^/auth(.*)$ /actuator/health/$1 break; } + location /auth-gateway { + set $backend http://auth-gateway:8080; + proxy_pass $backend; + rewrite ^/auth-gateway(.*)$ /actuator/health/$1 break; + } location /wallet { set $backend http://wallet:8080; From 493573276f42b1a8b8b6a4e064db278938402816 Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Wed, 5 Nov 2025 19:19:07 +0330 Subject: [PATCH 08/28] Add bc location for handling chain scanner webhook --- nginx.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nginx.conf b/nginx.conf index 5e0c743..fd48102 100644 --- a/nginx.conf +++ b/nginx.conf @@ -411,6 +411,12 @@ http { rewrite ^/sapi/(.*)$ /$1 break; } + location /bc { + set $backend http://bc-gateway:8080; + proxy_pass $backend; + rewrite ^/sapi/(.*)$ /$1 break; + } + location /captcha { add_header Access-Control-Allow-Credentials true always; add_header Access-Control-Allow-Origin $http_origin always; From a25dcb9d438dc2f4d030f8803b27d01ff0318858 Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Wed, 5 Nov 2025 19:40:31 +0330 Subject: [PATCH 09/28] Fix the bc location --- nginx.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nginx.conf b/nginx.conf index fd48102..7b794bd 100644 --- a/nginx.conf +++ b/nginx.conf @@ -412,10 +412,10 @@ http { } location /bc { - set $backend http://bc-gateway:8080; - proxy_pass $backend; - rewrite ^/sapi/(.*)$ /$1 break; - } + set $backend http://bc-gateway:8080; + proxy_pass $backend; + rewrite ^/bc/(.*)$ /$1 break; + } location /captcha { add_header Access-Control-Allow-Credentials true always; From 370e9ec6d42ab1f0848fc8c9409d3531c6ea639b Mon Sep 17 00:00:00 2001 From: Amir Rajabi <34955519+AmirRajabii@users.noreply.github.com> Date: Tue, 24 Feb 2026 15:49:37 +0330 Subject: [PATCH 10/28] Add server block for admin v2 panel Added new server configuration for admin panel with proxy settings. --- nginx.conf | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/nginx.conf b/nginx.conf index 7b794bd..4ff36f1 100644 --- a/nginx.conf +++ b/nginx.conf @@ -108,6 +108,24 @@ http { } } + server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name $SERVER_NAME_ADMIN_V2_PANEL; + + location ~* \.(.*)$ { + set $backend http://admin-v2-panel-nginx; + proxy_pass $backend; + } + + location / { + set $backend http://admin-v2-panel-nginx; + proxy_pass $backend; + rewrite .* / break; + } + } + server { listen 443 ssl; listen [::]:443 ssl; From 1b40ab8165642083112f639bd243e6d22d2e0033 Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Mon, 13 Apr 2026 20:35:22 +0330 Subject: [PATCH 11/28] Add mobile web app route in the nginx config --- docker-compose.yml | 3 ++ nginx.conf | 90 +++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 84 insertions(+), 9 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index c7686ac..c5cb581 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,9 +17,12 @@ services: - SERVER_WALLET_STAT=$SERVER_WALLET_STAT - SERVER_NAME_KC=$SERVER_NAME_KC - SERVER_NAME_V2_AUTH=$SERVER_NAME_V2_AUTH + - SERVER_NAME_BETA_APP=$SERVER_NAME_BETA_APP secrets: - opex_dev_crt - private_pem + volumes: + - /var/www:/var/www:ro nginx-exporter: image: nginx/nginx-prometheus-exporter:1.1.0 ports: diff --git a/nginx.conf b/nginx.conf index 4ff36f1..da5b75e 100644 --- a/nginx.conf +++ b/nginx.conf @@ -41,6 +41,10 @@ http { proxy_set_header X-Forwarded-Port $EXPOSED_PORT; resolver 127.0.0.11 valid=60s; + map $http_x_client_type $web_app_root { + default /desktop; + mobile /mobile; + } server { listen 80; @@ -446,15 +450,83 @@ http { rewrite ^/captcha/(.*)$ /$1 break; } - location /binance { - proxy_set_header Host api.binance.com; - proxy_set_header X-Real-IP ''; - proxy_set_header X-Forwarded-For ''; - proxy_set_header X-Forwarded-Host ''; - set $backend https://api.binance.com; - proxy_pass $backend; - rewrite ^/binance/(.*)$ /$1 break; - } + resolver 127.0.0.11 valid=30s; + resolver_timeout 15s; + + + location /binance { + + # target upstream (IMPORTANT: must be variable for DNS resolution) + set $backend https://binance.beeep.ir; + + # route path + rewrite ^/binance/(.*)$ /$1 break; + + # upstream connection settings + proxy_pass $backend; + + # correct upstream identity + proxy_set_header Host binance.beeep.ir; + proxy_ssl_server_name on; + proxy_ssl_name binance.beeep.ir; + + # client headers + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # timeouts (important for slow Binance-like APIs) + proxy_connect_timeout 60s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + send_timeout 300s; + + # retry logic (VERY IMPORTANT for your error) + proxy_next_upstream error timeout invalid_header http_502 http_503 http_504; + proxy_next_upstream_tries 3; + proxy_next_upstream_timeout 60s; + + # TLS (since upstream is HTTPS) + proxy_ssl_verify off; + + # avoid buffering issues for slow responses + proxy_buffering off; + proxy_request_buffering off; + + # stability + proxy_intercept_errors off; + } + + } + + server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name $SERVER_NAME_BETA_APP; + + root /var/www; + + index index.html; + + + location / { + + # Try requested file in selected app + try_files $web_app_root$request_uri + $web_app_root/index.html; + } + + # ----------------------------------- + # Static assets optimization + # ----------------------------------- + location ~* \.(js|css|png|jpg|jpeg|svg|ico|woff2?)$ { + expires 7d; + add_header Cache-Control "public"; + + try_files $web_app_root$request_uri; + } } + } From 671bce82506b9b7a86d3d55cae062af3ac8dd177 Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Mon, 13 Apr 2026 21:12:18 +0330 Subject: [PATCH 12/28] Handle public files in nginx --- nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.conf b/nginx.conf index da5b75e..9508f1c 100644 --- a/nginx.conf +++ b/nginx.conf @@ -524,7 +524,7 @@ http { expires 7d; add_header Cache-Control "public"; - try_files $web_app_root$request_uri; + try_files $web_app_root$request_uri $web_app_root/index.html =404; } } From 598c06471ac52852fc9684df7af8a2cc162c9bfd Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Tue, 14 Apr 2026 17:59:10 +0330 Subject: [PATCH 13/28] Change the root directory for the beta apps --- nginx.conf | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/nginx.conf b/nginx.conf index 9508f1c..5a9365d 100644 --- a/nginx.conf +++ b/nginx.conf @@ -41,9 +41,10 @@ http { proxy_set_header X-Forwarded-Port $EXPOSED_PORT; resolver 127.0.0.11 valid=60s; + map $http_x_client_type $web_app_root { - default /desktop; - mobile /mobile; + default /var/www/desktop; + mobile /var/www/mobile; } server { @@ -499,33 +500,32 @@ http { } - server { - listen 443 ssl; - listen [::]:443 ssl; - server_name $SERVER_NAME_BETA_APP; - root /var/www; + server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name $SERVER_NAME_BETA_APP; - index index.html; + root /var/www; + index index.html; - location / { + location / { + set $full_path "${web_app_root}${request_uri}"; - # Try requested file in selected app - try_files $web_app_root$request_uri - $web_app_root/index.html; - } + try_files $full_path ${web_app_root}/index.html =404; + } - # ----------------------------------- - # Static assets optimization - # ----------------------------------- - location ~* \.(js|css|png|jpg|jpeg|svg|ico|woff2?)$ { - expires 7d; - add_header Cache-Control "public"; + location ~* \.(js|css|png|jpg|jpeg|svg|ico|woff2?)$ { + expires 7d; + add_header Cache-Control "public"; - try_files $web_app_root$request_uri $web_app_root/index.html =404; - } + set $full_path "${web_app_root}${request_uri}"; + try_files $full_path =404; + } + } } From 03c89179932b0de5c65c84b40d2feb17a2ed490b Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Tue, 14 Apr 2026 18:09:27 +0330 Subject: [PATCH 14/28] Change the way to separate mobile/desktop web app --- nginx.conf | 67 ++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 48 insertions(+), 19 deletions(-) diff --git a/nginx.conf b/nginx.conf index 5a9365d..0d2b3a5 100644 --- a/nginx.conf +++ b/nginx.conf @@ -42,9 +42,15 @@ http { resolver 127.0.0.11 valid=60s; - map $http_x_client_type $web_app_root { - default /var/www/desktop; - mobile /var/www/mobile; + map $http_user_agent $is_mobile { + default 0; + ~*(iphone|ipod|android|blackberry|windows phone|mobile|opera mini|iemobile) 1; + } + + # Set root path based on device type + map $is_mobile $web_app_root { + 0 /var/www/desktop; + 1 /var/www/mobile; } server { @@ -502,31 +508,54 @@ http { - server { - listen 443 ssl; - listen [::]:443 ssl; +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; - server_name $SERVER_NAME_BETA_APP; + server_name $SERVER_NAME_BETA_APP; - root /var/www; - index index.html; + # Root directory - dynamically set + root $web_app_root; - location / { - set $full_path "${web_app_root}${request_uri}"; + # Default files + index index.html index.htm; - try_files $full_path ${web_app_root}/index.html =404; - } + # Main location block + location / { + try_files $uri $uri/ /index.html; + } - location ~* \.(js|css|png|jpg|jpeg|svg|ico|woff2?)$ { - expires 7d; - add_header Cache-Control "public"; + # Static assets - long cache + location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + access_log off; + try_files $uri =404; + } - set $full_path "${web_app_root}${request_uri}"; - try_files $full_path =404; - } + # Security headers (recommended) + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Gzip compression + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_types text/plain text/css text/xml text/javascript + application/json application/javascript application/xml+rss + application/rss+xml application/atom+xml image/svg+xml; + + # Error pages + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; } } + } } From 22d4ff145e3e42b028e074750c2223777792edac Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Tue, 14 Apr 2026 18:23:05 +0330 Subject: [PATCH 15/28] Fix the regex issue in separating mobile and desktop apps --- nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx.conf b/nginx.conf index 0d2b3a5..43b34b5 100644 --- a/nginx.conf +++ b/nginx.conf @@ -44,7 +44,7 @@ http { map $http_user_agent $is_mobile { default 0; - ~*(iphone|ipod|android|blackberry|windows phone|mobile|opera mini|iemobile) 1; + ~*\(iphone|ipod|android|blackberry|windows\ phone|mobile|opera\ mini|iemobile\) 1; } # Set root path based on device type @@ -555,7 +555,7 @@ server { root /usr/share/nginx/html; } } - } + } From 459d318f93d74c2d3391fc02a9f220235d4ba35d Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Tue, 14 Apr 2026 18:52:15 +0330 Subject: [PATCH 16/28] Set the log directory for nginx --- nginx.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nginx.conf b/nginx.conf index 43b34b5..c247b29 100644 --- a/nginx.conf +++ b/nginx.conf @@ -5,6 +5,9 @@ events { } http { + access_log /dev/stdout; + error_log /dev/stdout debug; + include /etc/nginx/mime.types; sendfile on; From a8cc888f6e2784a94eb491e9a3f4915e41550df7 Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Tue, 14 Apr 2026 19:13:54 +0330 Subject: [PATCH 17/28] Change the log directory for nginx --- nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx.conf b/nginx.conf index c247b29..f460256 100644 --- a/nginx.conf +++ b/nginx.conf @@ -5,8 +5,8 @@ events { } http { - access_log /dev/stdout; - error_log /dev/stdout debug; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log debug; include /etc/nginx/mime.types; sendfile on; From 4e9e55fc61190dc665830c42c8babd6260367186 Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Wed, 15 Apr 2026 14:39:05 +0330 Subject: [PATCH 18/28] Change the route policy of beta app --- nginx.conf | 60 +++++++++++++++++++++++------------------------------- 1 file changed, 26 insertions(+), 34 deletions(-) diff --git a/nginx.conf b/nginx.conf index f460256..eaf9a6c 100644 --- a/nginx.conf +++ b/nginx.conf @@ -46,8 +46,15 @@ http { resolver 127.0.0.11 valid=60s; map $http_user_agent $is_mobile { - default 0; - ~*\(iphone|ipod|android|blackberry|windows\ phone|mobile|opera\ mini|iemobile\) 1; + default 0; + ~*iphone 1; + ~*ipod 1; + ~*android 1; + ~*blackberry 1; + ~*windows\ phone 1; + mobile 1; + opera\ mini 1; + iemobile 1; } # Set root path based on device type @@ -510,55 +517,40 @@ http { } - server { listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name $SERVER_NAME_BETA_APP; + index index.html; - # Root directory - dynamically set - root $web_app_root; + # Redirect mobile users + location / { + if ($is_mobile) { + rewrite ^ /mobile break; + } - # Default files - index index.html index.htm; + root /var/www/desktop; + try_files $uri $uri/ /index.html; + } - # Main location block - location / { + # Mobile app + location /mobile/ { + alias /var/www/mobile/; try_files $uri $uri/ /index.html; } - # Static assets - long cache + # Static assets (shared logic) location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; - try_files $uri =404; } - # Security headers (recommended) - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Gzip compression - gzip on; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_types text/plain text/css text/xml text/javascript - application/json application/javascript application/xml+rss - application/rss+xml application/atom+xml image/svg+xml; - - # Error pages - error_page 404 /404.html; - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; + # Optional: silence favicon errors + location = /favicon.ico { + log_not_found off; + access_log off; } } - - } From a49500777a8c5aa6345da05d5bc59d1fcba36518 Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Wed, 15 Apr 2026 14:44:46 +0330 Subject: [PATCH 19/28] Handle errors around favicon --- nginx.conf | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/nginx.conf b/nginx.conf index eaf9a6c..96ca2fc 100644 --- a/nginx.conf +++ b/nginx.conf @@ -519,7 +519,7 @@ http { server { listen 443 ssl http2; - server_name $SERVER_NAME_BETA_APP; + server_name $rot; index index.html; @@ -548,8 +548,13 @@ server { # Optional: silence favicon errors location = /favicon.ico { - log_not_found off; access_log off; + log_not_found off; + + # Always serve from desktop (simplest + safest) + root /var/www/desktop; + + try_files /favicon.ico =204; } } From aede9c44a6818d33afe65fec3f41a3ab8496f297 Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Fri, 17 Apr 2026 20:00:42 +0330 Subject: [PATCH 20/28] Fix typo in beta app block --- nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.conf b/nginx.conf index 96ca2fc..f856fff 100644 --- a/nginx.conf +++ b/nginx.conf @@ -519,7 +519,7 @@ http { server { listen 443 ssl http2; - server_name $rot; + server_name $SERVER_NAME_BETA_APP; index index.html; From 2c7036b43b5179046846c4b3a2268412bd4b34a4 Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Fri, 17 Apr 2026 20:42:11 +0330 Subject: [PATCH 21/28] Set SERVER_NAME_BETA_APP as an env for the nginx.conf --- Dockerfile | 3 ++- nginx.conf | 61 +++++++++++++++++++++++++++--------------------------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/Dockerfile b/Dockerfile index a27c553..2305f40 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,8 +14,9 @@ ENV SERVER_NAME_MOBILE_APP mobile.opex.dev ENV SERVER_WALLET_STAT walletstat.opex.dev ENV SERVER_NAME_KC kc.opex.dev ENV SERVER_NAME_V2_AUTH v2auth.opex.dev +ENV SERVER_NAME_BETA_APP beta-app.opex.dev ENTRYPOINT sh -c 'envsubst \ -\$EXPOSED_PORT,\$SERVER_NAME_DASHBOARD,\$SERVER_NAME_ADMIN_PANEL,\$SERVER_NAME_WEB_APP,\$SERVER_NAME_AUTH,\$SERVER_NAME_HEALTH,\$SERVER_NAME_API,\$SERVER_NAME_MOBILE_APP,\$SERVER_WALLET_STAT,\$SERVER_NAME_GRAFANA,\$SERVER_NAME_KIBANA,\$SERVER_NAME_KC,\$SERVER_NAME_V2_AUTH \ +\$EXPOSED_PORT,\$SERVER_NAME_DASHBOARD,\$SERVER_NAME_ADMIN_PANEL,\$SERVER_NAME_WEB_APP,\$SERVER_NAME_AUTH,\$SERVER_NAME_HEALTH,\$SERVER_NAME_API,\$SERVER_NAME_MOBILE_APP,\$SERVER_WALLET_STAT,\$SERVER_NAME_GRAFANA,\$SERVER_NAME_KIBANA,\$SERVER_NAME_KC,\$SERVER_NAME_V2_AUTH, \$SERVER_NAME_BETA_APP \ < /etc/nginx/nginx.conf.org \ | tee /etc/nginx/nginx.conf \ && nginx -g "daemon off;"' diff --git a/nginx.conf b/nginx.conf index f856fff..3ff3662 100644 --- a/nginx.conf +++ b/nginx.conf @@ -517,45 +517,44 @@ http { } -server { - listen 443 ssl http2; - server_name $SERVER_NAME_BETA_APP; + server { + listen 443 ssl http2; + server_name $SERVER_NAME_BETA_APP; + index index.html; - index index.html; + # Redirect mobile users + location / { + if ($is_mobile) { + rewrite ^ /mobile break; + } - # Redirect mobile users - location / { - if ($is_mobile) { - rewrite ^ /mobile break; + root /var/www/desktop; + try_files $uri $uri/ /index.html; } - root /var/www/desktop; - try_files $uri $uri/ /index.html; - } - - # Mobile app - location /mobile/ { - alias /var/www/mobile/; - try_files $uri $uri/ /index.html; - } + # Mobile app + location /mobile/ { + alias /var/www/mobile/; + try_files $uri $uri/ /index.html; + } - # Static assets (shared logic) - location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { - expires 1y; - add_header Cache-Control "public, immutable"; - access_log off; - } + # Static assets (shared logic) + location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + access_log off; + } - # Optional: silence favicon errors - location = /favicon.ico { - access_log off; - log_not_found off; + # Optional: silence favicon errors + location = /favicon.ico { + access_log off; + log_not_found off; - # Always serve from desktop (simplest + safest) - root /var/www/desktop; + # Always serve from desktop (simplest + safest) + root /var/www/desktop; - try_files /favicon.ico =204; - } + try_files /favicon.ico =204; + } } } From 5e33838992c9d50beb9fe6e94f1a70464231a27a Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Fri, 17 Apr 2026 20:50:34 +0330 Subject: [PATCH 22/28] Remove extra spaces in envsubst --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2305f40..8d68b24 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,8 +16,7 @@ ENV SERVER_NAME_KC kc.opex.dev ENV SERVER_NAME_V2_AUTH v2auth.opex.dev ENV SERVER_NAME_BETA_APP beta-app.opex.dev ENTRYPOINT sh -c 'envsubst \ -\$EXPOSED_PORT,\$SERVER_NAME_DASHBOARD,\$SERVER_NAME_ADMIN_PANEL,\$SERVER_NAME_WEB_APP,\$SERVER_NAME_AUTH,\$SERVER_NAME_HEALTH,\$SERVER_NAME_API,\$SERVER_NAME_MOBILE_APP,\$SERVER_WALLET_STAT,\$SERVER_NAME_GRAFANA,\$SERVER_NAME_KIBANA,\$SERVER_NAME_KC,\$SERVER_NAME_V2_AUTH, \$SERVER_NAME_BETA_APP \ -< /etc/nginx/nginx.conf.org \ +\$EXPOSED_PORT,\$SERVER_NAME_DASHBOARD,\$SERVER_NAME_ADMIN_PANEL,\$SERVER_NAME_WEB_APP,\$SERVER_NAME_AUTH,\$SERVER_NAME_HEALTH,\$SERVER_NAME_API,\$SERVER_NAME_MOBILE_APP,\$SERVER_WALLET_STAT,\$SERVER_NAME_GRAFANA,\$SERVER_NAME_KIBANA,\$SERVER_NAME_KC,\$SERVER_NAME_V2_AUTH,\$SERVER_NAME_BETA_APP\ | tee /etc/nginx/nginx.conf \ && nginx -g "daemon off;"' EXPOSE 443 From 3718e4816a18ac2a5781f030d215898d280535bb Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Fri, 17 Apr 2026 21:10:36 +0330 Subject: [PATCH 23/28] Fix the issue in the syntax of envsubst --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8d68b24..1a37b09 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,8 @@ ENV SERVER_NAME_KC kc.opex.dev ENV SERVER_NAME_V2_AUTH v2auth.opex.dev ENV SERVER_NAME_BETA_APP beta-app.opex.dev ENTRYPOINT sh -c 'envsubst \ -\$EXPOSED_PORT,\$SERVER_NAME_DASHBOARD,\$SERVER_NAME_ADMIN_PANEL,\$SERVER_NAME_WEB_APP,\$SERVER_NAME_AUTH,\$SERVER_NAME_HEALTH,\$SERVER_NAME_API,\$SERVER_NAME_MOBILE_APP,\$SERVER_WALLET_STAT,\$SERVER_NAME_GRAFANA,\$SERVER_NAME_KIBANA,\$SERVER_NAME_KC,\$SERVER_NAME_V2_AUTH,\$SERVER_NAME_BETA_APP\ +\$EXPOSED_PORT,\$SERVER_NAME_DASHBOARD,\$SERVER_NAME_ADMIN_PANEL,\$SERVER_NAME_WEB_APP,\$SERVER_NAME_AUTH,\$SERVER_NAME_HEALTH,\$SERVER_NAME_API,\$SERVER_NAME_MOBILE_APP,\$SERVER_WALLET_STAT,\$SERVER_NAME_GRAFANA,\$SERVER_NAME_KIBANA,\$SERVER_NAME_KC,\$SERVER_NAME_V2_AUTH,\$SERVER_NAME_BETA_APP \ +< /etc/nginx/nginx.conf.org \ | tee /etc/nginx/nginx.conf \ && nginx -g "daemon off;"' EXPOSE 443 From fe544cb320fcc37968e025ce68ed321a848ed706 Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Sat, 18 Apr 2026 16:59:41 +0330 Subject: [PATCH 24/28] Change the beta app root to a dynamic configuration --- nginx.conf | 58 ++++++++++++++++++------------------------------------ 1 file changed, 19 insertions(+), 39 deletions(-) diff --git a/nginx.conf b/nginx.conf index 3ff3662..7254a2c 100644 --- a/nginx.conf +++ b/nginx.conf @@ -517,44 +517,24 @@ http { } - server { - listen 443 ssl http2; - server_name $SERVER_NAME_BETA_APP; - index index.html; - - # Redirect mobile users - location / { - if ($is_mobile) { - rewrite ^ /mobile break; - } - - root /var/www/desktop; - try_files $uri $uri/ /index.html; - } - - # Mobile app - location /mobile/ { - alias /var/www/mobile/; - try_files $uri $uri/ /index.html; - } - - # Static assets (shared logic) - location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { - expires 1y; - add_header Cache-Control "public, immutable"; - access_log off; - } - - # Optional: silence favicon errors - location = /favicon.ico { - access_log off; - log_not_found off; - - # Always serve from desktop (simplest + safest) - root /var/www/desktop; - - try_files /favicon.ico =204; - } - } + server { + listen 443 ssl http2; + server_name $SERVER_NAME_BETA_APP; + + location / { + try_files + $web_root$uri + $web_root$uri/ + $web_root/index.html; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { + try_files $web_root$uri =404; + + expires 1y; + add_header Cache-Control "public, immutable"; + access_log off; + } + } } From a03fa6a56c031ee38307184bdf38fbc9eaa72b4c Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Sat, 18 Apr 2026 17:07:29 +0330 Subject: [PATCH 25/28] Rename web_root var to web_app_root --- nginx.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nginx.conf b/nginx.conf index 7254a2c..1e632f2 100644 --- a/nginx.conf +++ b/nginx.conf @@ -523,13 +523,13 @@ http { location / { try_files - $web_root$uri - $web_root$uri/ - $web_root/index.html; + $web_app_root$uri + $web_app_root$uri/ + $web_app_root/index.html; } location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { - try_files $web_root$uri =404; + try_files $web_app_root$uri =404; expires 1y; add_header Cache-Control "public, immutable"; From 05baf1e781f3862f2ed8aa6e5d1076a1bd42be80 Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Sat, 18 Apr 2026 17:17:55 +0330 Subject: [PATCH 26/28] Change the location order --- nginx.conf | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/nginx.conf b/nginx.conf index 1e632f2..00ef8ae 100644 --- a/nginx.conf +++ b/nginx.conf @@ -521,12 +521,6 @@ http { listen 443 ssl http2; server_name $SERVER_NAME_BETA_APP; - location / { - try_files - $web_app_root$uri - $web_app_root$uri/ - $web_app_root/index.html; - } location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { try_files $web_app_root$uri =404; @@ -535,6 +529,11 @@ http { add_header Cache-Control "public, immutable"; access_log off; } + location / { + try_files + $web_app_root$uri + $web_app_root/index.html; + } } } From e469e30b5454237148bd058e8193d516a924c268 Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Sat, 18 Apr 2026 17:29:27 +0330 Subject: [PATCH 27/28] Change thes tructure of locations in beta app section --- nginx.conf | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/nginx.conf b/nginx.conf index 00ef8ae..d7904fa 100644 --- a/nginx.conf +++ b/nginx.conf @@ -518,22 +518,29 @@ http { server { - listen 443 ssl http2; - server_name $SERVER_NAME_BETA_APP; + listen 443 ssl http2; + server_name $SERVER_NAME_BETA_APP; - location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { - try_files $web_app_root$uri =404; + location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { + root $web_app_root; + try_files $uri =404; - expires 1y; - add_header Cache-Control "public, immutable"; - access_log off; - } - location / { - try_files - $web_app_root$uri - $web_app_root/index.html; - } + expires 1y; + add_header Cache-Control "public, immutable"; + access_log off; + } + + location = /index.html { + root $web_app_root; + internal; + } + + location / { + root $web_app_root; + + try_files $uri $uri/ /index.html; + } } } From 0e829afba2994bd4989d5a133a38430f8a605aed Mon Sep 17 00:00:00 2001 From: fatemeh imanipour Date: Sat, 18 Apr 2026 17:50:28 +0330 Subject: [PATCH 28/28] Make a decision about the root in the server blok to handle root in all interal requests --- nginx.conf | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/nginx.conf b/nginx.conf index d7904fa..df4d7b8 100644 --- a/nginx.conf +++ b/nginx.conf @@ -521,26 +521,21 @@ http { listen 443 ssl http2; server_name $SERVER_NAME_BETA_APP; + set $web_app_root /var/www/desktop; - location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ { - root $web_app_root; - try_files $uri =404; + if ($http_user_agent ~* (iphone|ipod|android|blackberry|windows\ phone|mobile|opera\ mini|iemobile)) { + set $web_app_root /var/www/mobile; + } - expires 1y; - add_header Cache-Control "public, immutable"; - access_log off; - } + location / { + root $web_app_root; + try_files $uri $uri/ /index.html; + } - location = /index.html { - root $web_app_root; - internal; - } - - location / { - root $web_app_root; - - try_files $uri $uri/ /index.html; - } + location = /index.html { + root $web_app_root; + add_header Cache-Control "no-cache, no-store, must-revalidate"; + } } }