nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    server {
        server_name _;
        listen 8010;

        location / {
            proxy_pass http://host.docker.internal:3003;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }

        location ~ ^/api {
            proxy_pass http://host.docker.internal:3003;
            proxy_set_header Host $http_host;

            auth_request /_auth;

            auth_request_set $x_authgear_session_valid $upstream_http_x_authgear_session_valid;
            auth_request_set $x_authgear_user_id $upstream_http_x_authgear_user_id;
            auth_request_set $x_authgear_user_anonymous $upstream_http_x_authgear_user_anonymous;
            auth_request_set $x_authgear_user_verified $upstream_http_x_authgear_user_verified;
            auth_request_set $x_authgear_session_acr $upstream_http_x_authgear_session_acr;
            auth_request_set $x_authgear_session_amr $upstream_http_x_authgear_session_amr;
            auth_request_set $x_authgear_session_authenticated_at $upstream_http_x_authgear_session_authenticated_at;
            auth_request_set $x_authgear_user_can_reauthenticate $upstream_http_x_authgear_user_can_reauthenticate;

            proxy_set_header x-authgear-session-valid $x_authgear_session_valid;
            proxy_set_header x-authgear-user-id $x_authgear_user_id;
            proxy_set_header x-authgear-user-anonymous $x_authgear_user_anonymous;
            proxy_set_header x-authgear-user-verified $x_authgear_user_verified;
            proxy_set_header x-authgear-session-acr $x_authgear_session_acr;
            proxy_set_header x-authgear-session-amr $x_authgear_session_amr;
            proxy_set_header x-authgear-session-authenticated-at $x_authgear_session_authenticated_at;
            proxy_set_header x-authgear-user-can-reauthenticate $x_authgear_user_can_reauthenticate;
        }

        location = /_auth {
            internal;
            proxy_pass http://host.docker.internal:3001/resolve;
            proxy_pass_request_body off;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Host "accounts.portal.localhost:3100";
            proxy_set_header Content-Length "";
        }
    }

    # vite dev server, sessionType=refresh_token
    server {
        server_name _;
        listen 8000;

        location / {
            proxy_pass http://host.docker.internal:1234;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }

        location ~ ^/api {
            proxy_pass http://host.docker.internal:3003;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }
    }

    # vite dev server, sessionType=cookie
    server {
        server_name _;
        listen 8001;

        location / {
            proxy_pass http://host.docker.internal:1234;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }

        location ~ ^/api {
            proxy_pass http://host.docker.internal:3003;
            proxy_set_header Host $http_host;

            auth_request /_auth;

            auth_request_set $x_authgear_session_valid $upstream_http_x_authgear_session_valid;
            auth_request_set $x_authgear_user_id $upstream_http_x_authgear_user_id;
            auth_request_set $x_authgear_user_anonymous $upstream_http_x_authgear_user_anonymous;
            auth_request_set $x_authgear_user_verified $upstream_http_x_authgear_user_verified;
            auth_request_set $x_authgear_session_acr $upstream_http_x_authgear_session_acr;
            auth_request_set $x_authgear_session_amr $upstream_http_x_authgear_session_amr;
            auth_request_set $x_authgear_session_authenticated_at $upstream_http_x_authgear_session_authenticated_at;
            auth_request_set $x_authgear_user_can_reauthenticate $upstream_http_x_authgear_user_can_reauthenticate;

            proxy_set_header x-authgear-session-valid $x_authgear_session_valid;
            proxy_set_header x-authgear-user-id $x_authgear_user_id;
            proxy_set_header x-authgear-user-anonymous $x_authgear_user_anonymous;
            proxy_set_header x-authgear-user-verified $x_authgear_user_verified;
            proxy_set_header x-authgear-session-acr $x_authgear_session_acr;
            proxy_set_header x-authgear-session-amr $x_authgear_session_amr;
            proxy_set_header x-authgear-session-authenticated-at $x_authgear_session_authenticated_at;
            proxy_set_header x-authgear-user-can-reauthenticate $x_authgear_user_can_reauthenticate;
        }

        location = /_auth {
            internal;
            proxy_pass http://host.docker.internal:3001/resolve;
            proxy_pass_request_body off;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Host "accounts.portal.localhost:3100";
            proxy_set_header Content-Length "";
        }
    }

    # portal production build, sessionType=refresh_token
    server {
        server_name _;
        listen 8010;

        location / {
            proxy_pass http://host.docker.internal:3003;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }

        location ~ ^/api {
            proxy_pass http://host.docker.internal:3003;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }
    }

    # portal production build, sessionType=cookie
    server {
        server_name _;
        listen 8011;

        location / {
            proxy_pass http://host.docker.internal:3003;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }

        location ~ ^/api {
            proxy_pass http://host.docker.internal:3003;
            proxy_set_header Host $http_host;

            auth_request /_auth;

            auth_request_set $x_authgear_session_valid $upstream_http_x_authgear_session_valid;
            auth_request_set $x_authgear_user_id $upstream_http_x_authgear_user_id;
            auth_request_set $x_authgear_user_anonymous $upstream_http_x_authgear_user_anonymous;
            auth_request_set $x_authgear_user_verified $upstream_http_x_authgear_user_verified;
            auth_request_set $x_authgear_session_acr $upstream_http_x_authgear_session_acr;
            auth_request_set $x_authgear_session_amr $upstream_http_x_authgear_session_amr;
            auth_request_set $x_authgear_session_authenticated_at $upstream_http_x_authgear_session_authenticated_at;
            auth_request_set $x_authgear_user_can_reauthenticate $upstream_http_x_authgear_user_can_reauthenticate;

            proxy_set_header x-authgear-session-valid $x_authgear_session_valid;
            proxy_set_header x-authgear-user-id $x_authgear_user_id;
            proxy_set_header x-authgear-user-anonymous $x_authgear_user_anonymous;
            proxy_set_header x-authgear-user-verified $x_authgear_user_verified;
            proxy_set_header x-authgear-session-acr $x_authgear_session_acr;
            proxy_set_header x-authgear-session-amr $x_authgear_session_amr;
            proxy_set_header x-authgear-session-authenticated-at $x_authgear_session_authenticated_at;
            proxy_set_header x-authgear-user-can-reauthenticate $x_authgear_user_can_reauthenticate;
        }

        location = /_auth {
            internal;
            proxy_pass http://host.docker.internal:3001/resolve;
            proxy_pass_request_body off;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Host "accounts.portal.localhost:3100";
            proxy_set_header Content-Length "";
        }
    }

    server {
        server_name _;
        listen 3100;
        #listen 443 ssl;
        #ssl_certificate tls-cert.pem;
        #ssl_certificate_key tls-key.pem;

        location / {
            proxy_pass http://host.docker.internal:3000;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /_api/admin {
            proxy_pass http://host.docker.internal:3002;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /_resolver {
            proxy_pass http://host.docker.internal:3001;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /_images {
            client_max_body_size 10M;
            proxy_pass http://host.docker.internal:3004;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /_vite {
            proxy_pass http://host.docker.internal:5173;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}