@cicore/cli 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/ci.js +13 -0
- package/dist/commands/addon/api-actions.d.ts +45 -0
- package/dist/commands/addon/api-actions.d.ts.map +1 -0
- package/dist/commands/addon/api-actions.js +281 -0
- package/dist/commands/addon/api-actions.js.map +1 -0
- package/dist/commands/addon/build.d.ts +11 -0
- package/dist/commands/addon/build.d.ts.map +1 -0
- package/dist/commands/addon/build.js +182 -0
- package/dist/commands/addon/build.js.map +1 -0
- package/dist/commands/addon/create.d.ts +11 -0
- package/dist/commands/addon/create.d.ts.map +1 -0
- package/dist/commands/addon/create.js +1186 -0
- package/dist/commands/addon/create.js.map +1 -0
- package/dist/commands/addon/delete.d.ts +13 -0
- package/dist/commands/addon/delete.d.ts.map +1 -0
- package/dist/commands/addon/delete.js +83 -0
- package/dist/commands/addon/delete.js.map +1 -0
- package/dist/commands/addon/deploy.d.ts +27 -0
- package/dist/commands/addon/deploy.d.ts.map +1 -0
- package/dist/commands/addon/deploy.js +459 -0
- package/dist/commands/addon/deploy.js.map +1 -0
- package/dist/commands/addon/dev-deploy.d.ts +31 -0
- package/dist/commands/addon/dev-deploy.d.ts.map +1 -0
- package/dist/commands/addon/dev-deploy.js +128 -0
- package/dist/commands/addon/dev-deploy.js.map +1 -0
- package/dist/commands/addon/dev.d.ts +36 -0
- package/dist/commands/addon/dev.d.ts.map +1 -0
- package/dist/commands/addon/dev.js +323 -0
- package/dist/commands/addon/dev.js.map +1 -0
- package/dist/commands/addon/extract-classes.d.ts +23 -0
- package/dist/commands/addon/extract-classes.d.ts.map +1 -0
- package/dist/commands/addon/extract-classes.js +281 -0
- package/dist/commands/addon/extract-classes.js.map +1 -0
- package/dist/commands/addon/generate-safelist.d.ts +24 -0
- package/dist/commands/addon/generate-safelist.d.ts.map +1 -0
- package/dist/commands/addon/generate-safelist.js +276 -0
- package/dist/commands/addon/generate-safelist.js.map +1 -0
- package/dist/commands/addon/index.d.ts +19 -0
- package/dist/commands/addon/index.d.ts.map +1 -0
- package/dist/commands/addon/index.js +296 -0
- package/dist/commands/addon/index.js.map +1 -0
- package/dist/commands/addon/init-repo.d.ts +25 -0
- package/dist/commands/addon/init-repo.d.ts.map +1 -0
- package/dist/commands/addon/init-repo.js +171 -0
- package/dist/commands/addon/init-repo.js.map +1 -0
- package/dist/commands/addon/install.d.ts +23 -0
- package/dist/commands/addon/install.d.ts.map +1 -0
- package/dist/commands/addon/install.js +84 -0
- package/dist/commands/addon/install.js.map +1 -0
- package/dist/commands/addon/list.d.ts +10 -0
- package/dist/commands/addon/list.d.ts.map +1 -0
- package/dist/commands/addon/list.js +102 -0
- package/dist/commands/addon/list.js.map +1 -0
- package/dist/commands/addon/manifest-refresh.d.ts +17 -0
- package/dist/commands/addon/manifest-refresh.d.ts.map +1 -0
- package/dist/commands/addon/manifest-refresh.js +48 -0
- package/dist/commands/addon/manifest-refresh.js.map +1 -0
- package/dist/commands/addon/migrate.d.ts +40 -0
- package/dist/commands/addon/migrate.d.ts.map +1 -0
- package/dist/commands/addon/migrate.js +236 -0
- package/dist/commands/addon/migrate.js.map +1 -0
- package/dist/commands/addon/publish.d.ts +33 -0
- package/dist/commands/addon/publish.d.ts.map +1 -0
- package/dist/commands/addon/publish.js +236 -0
- package/dist/commands/addon/publish.js.map +1 -0
- package/dist/commands/addon/scaffold-quality.d.ts +21 -0
- package/dist/commands/addon/scaffold-quality.d.ts.map +1 -0
- package/dist/commands/addon/scaffold-quality.js +90 -0
- package/dist/commands/addon/scaffold-quality.js.map +1 -0
- package/dist/commands/addon/sign.d.ts +9 -0
- package/dist/commands/addon/sign.d.ts.map +1 -0
- package/dist/commands/addon/sign.js +83 -0
- package/dist/commands/addon/sign.js.map +1 -0
- package/dist/commands/addon/toggle.d.ts +6 -0
- package/dist/commands/addon/toggle.d.ts.map +1 -0
- package/dist/commands/addon/toggle.js +46 -0
- package/dist/commands/addon/toggle.js.map +1 -0
- package/dist/commands/agent/index.d.ts +34 -0
- package/dist/commands/agent/index.d.ts.map +1 -0
- package/dist/commands/agent/index.js +564 -0
- package/dist/commands/agent/index.js.map +1 -0
- package/dist/commands/brand/index.d.ts +54 -0
- package/dist/commands/brand/index.d.ts.map +1 -0
- package/dist/commands/brand/index.js +367 -0
- package/dist/commands/brand/index.js.map +1 -0
- package/dist/commands/build/index.d.ts +53 -0
- package/dist/commands/build/index.d.ts.map +1 -0
- package/dist/commands/build/index.js +726 -0
- package/dist/commands/build/index.js.map +1 -0
- package/dist/commands/cache/flush-local.d.ts +31 -0
- package/dist/commands/cache/flush-local.d.ts.map +1 -0
- package/dist/commands/cache/flush-local.js +161 -0
- package/dist/commands/cache/flush-local.js.map +1 -0
- package/dist/commands/cache/index.d.ts +14 -0
- package/dist/commands/cache/index.d.ts.map +1 -0
- package/dist/commands/cache/index.js +453 -0
- package/dist/commands/cache/index.js.map +1 -0
- package/dist/commands/check/index.d.ts +8 -0
- package/dist/commands/check/index.d.ts.map +1 -0
- package/dist/commands/check/index.js +1316 -0
- package/dist/commands/check/index.js.map +1 -0
- package/dist/commands/cloudflare/index.d.ts +8 -0
- package/dist/commands/cloudflare/index.d.ts.map +1 -0
- package/dist/commands/cloudflare/index.js +453 -0
- package/dist/commands/cloudflare/index.js.map +1 -0
- package/dist/commands/core/create.d.ts +12 -0
- package/dist/commands/core/create.d.ts.map +1 -0
- package/dist/commands/core/create.js +206 -0
- package/dist/commands/core/create.js.map +1 -0
- package/dist/commands/core/delete.d.ts +11 -0
- package/dist/commands/core/delete.d.ts.map +1 -0
- package/dist/commands/core/delete.js +64 -0
- package/dist/commands/core/delete.js.map +1 -0
- package/dist/commands/core/env.d.ts +12 -0
- package/dist/commands/core/env.d.ts.map +1 -0
- package/dist/commands/core/env.js +95 -0
- package/dist/commands/core/env.js.map +1 -0
- package/dist/commands/core/health.d.ts +6 -0
- package/dist/commands/core/health.d.ts.map +1 -0
- package/dist/commands/core/health.js +215 -0
- package/dist/commands/core/health.js.map +1 -0
- package/dist/commands/core/index.d.ts +15 -0
- package/dist/commands/core/index.d.ts.map +1 -0
- package/dist/commands/core/index.js +86 -0
- package/dist/commands/core/index.js.map +1 -0
- package/dist/commands/core/list.d.ts +11 -0
- package/dist/commands/core/list.d.ts.map +1 -0
- package/dist/commands/core/list.js +58 -0
- package/dist/commands/core/list.js.map +1 -0
- package/dist/commands/core/rebuild.d.ts +13 -0
- package/dist/commands/core/rebuild.d.ts.map +1 -0
- package/dist/commands/core/rebuild.js +119 -0
- package/dist/commands/core/rebuild.js.map +1 -0
- package/dist/commands/db/index.d.ts +23 -0
- package/dist/commands/db/index.d.ts.map +1 -0
- package/dist/commands/db/index.js +355 -0
- package/dist/commands/db/index.js.map +1 -0
- package/dist/commands/db/promote-silo.d.ts +320 -0
- package/dist/commands/db/promote-silo.d.ts.map +1 -0
- package/dist/commands/db/promote-silo.js +930 -0
- package/dist/commands/db/promote-silo.js.map +1 -0
- package/dist/commands/db/relocate.d.ts +41 -0
- package/dist/commands/db/relocate.d.ts.map +1 -0
- package/dist/commands/db/relocate.js +482 -0
- package/dist/commands/db/relocate.js.map +1 -0
- package/dist/commands/db/rollback-silo.d.ts +44 -0
- package/dist/commands/db/rollback-silo.d.ts.map +1 -0
- package/dist/commands/db/rollback-silo.js +402 -0
- package/dist/commands/db/rollback-silo.js.map +1 -0
- package/dist/commands/deploy/index.d.ts +26 -0
- package/dist/commands/deploy/index.d.ts.map +1 -0
- package/dist/commands/deploy/index.js +107 -0
- package/dist/commands/deploy/index.js.map +1 -0
- package/dist/commands/devops/index.d.ts +6 -0
- package/dist/commands/devops/index.d.ts.map +1 -0
- package/dist/commands/devops/index.js +220 -0
- package/dist/commands/devops/index.js.map +1 -0
- package/dist/commands/domain/index.d.ts +8 -0
- package/dist/commands/domain/index.d.ts.map +1 -0
- package/dist/commands/domain/index.js +386 -0
- package/dist/commands/domain/index.js.map +1 -0
- package/dist/commands/image/index.d.ts +8 -0
- package/dist/commands/image/index.d.ts.map +1 -0
- package/dist/commands/image/index.js +308 -0
- package/dist/commands/image/index.js.map +1 -0
- package/dist/commands/install/factory-reset.d.ts +21 -0
- package/dist/commands/install/factory-reset.d.ts.map +1 -0
- package/dist/commands/install/factory-reset.js +83 -0
- package/dist/commands/install/factory-reset.js.map +1 -0
- package/dist/commands/install/index.d.ts +17 -0
- package/dist/commands/install/index.d.ts.map +1 -0
- package/dist/commands/install/index.js +44 -0
- package/dist/commands/install/index.js.map +1 -0
- package/dist/commands/install/install.d.ts +35 -0
- package/dist/commands/install/install.d.ts.map +1 -0
- package/dist/commands/install/install.js +171 -0
- package/dist/commands/install/install.js.map +1 -0
- package/dist/commands/login/index.d.ts +15 -0
- package/dist/commands/login/index.d.ts.map +1 -0
- package/dist/commands/login/index.js +58 -0
- package/dist/commands/login/index.js.map +1 -0
- package/dist/commands/nginx/index.d.ts +11 -0
- package/dist/commands/nginx/index.d.ts.map +1 -0
- package/dist/commands/nginx/index.js +580 -0
- package/dist/commands/nginx/index.js.map +1 -0
- package/dist/commands/server/bootstrap.d.ts +25 -0
- package/dist/commands/server/bootstrap.d.ts.map +1 -0
- package/dist/commands/server/bootstrap.js +260 -0
- package/dist/commands/server/bootstrap.js.map +1 -0
- package/dist/commands/server/index.d.ts +8 -0
- package/dist/commands/server/index.d.ts.map +1 -0
- package/dist/commands/server/index.js +2524 -0
- package/dist/commands/server/index.js.map +1 -0
- package/dist/commands/setup/index.d.ts +34 -0
- package/dist/commands/setup/index.d.ts.map +1 -0
- package/dist/commands/setup/index.js +423 -0
- package/dist/commands/setup/index.js.map +1 -0
- package/dist/commands/ssl/index.d.ts +8 -0
- package/dist/commands/ssl/index.d.ts.map +1 -0
- package/dist/commands/ssl/index.js +275 -0
- package/dist/commands/ssl/index.js.map +1 -0
- package/dist/commands/superadmin/index.d.ts +16 -0
- package/dist/commands/superadmin/index.d.ts.map +1 -0
- package/dist/commands/superadmin/index.js +81 -0
- package/dist/commands/superadmin/index.js.map +1 -0
- package/dist/commands/tenant/index.d.ts +6 -0
- package/dist/commands/tenant/index.d.ts.map +1 -0
- package/dist/commands/tenant/index.js +192 -0
- package/dist/commands/tenant/index.js.map +1 -0
- package/dist/index.d.ts +11 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +107 -0
- package/dist/index.js.map +1 -0
- package/dist/lib/addon-sign.d.ts +23 -0
- package/dist/lib/addon-sign.d.ts.map +1 -0
- package/dist/lib/addon-sign.js +39 -0
- package/dist/lib/addon-sign.js.map +1 -0
- package/dist/lib/addon-sign.test.d.ts +2 -0
- package/dist/lib/addon-sign.test.d.ts.map +1 -0
- package/dist/lib/addon-sign.test.js +27 -0
- package/dist/lib/addon-sign.test.js.map +1 -0
- package/dist/lib/cdn.d.ts +25 -0
- package/dist/lib/cdn.d.ts.map +1 -0
- package/dist/lib/cdn.js +131 -0
- package/dist/lib/cdn.js.map +1 -0
- package/dist/lib/cloudflare.d.ts +133 -0
- package/dist/lib/cloudflare.d.ts.map +1 -0
- package/dist/lib/cloudflare.js +435 -0
- package/dist/lib/cloudflare.js.map +1 -0
- package/dist/lib/config.d.ts +96 -0
- package/dist/lib/config.d.ts.map +1 -0
- package/dist/lib/config.js +132 -0
- package/dist/lib/config.js.map +1 -0
- package/dist/lib/env.d.ts +8 -0
- package/dist/lib/env.d.ts.map +1 -0
- package/dist/lib/env.js +64 -0
- package/dist/lib/env.js.map +1 -0
- package/dist/lib/hosts.d.ts +194 -0
- package/dist/lib/hosts.d.ts.map +1 -0
- package/dist/lib/hosts.js +183 -0
- package/dist/lib/hosts.js.map +1 -0
- package/dist/lib/logger.d.ts +68 -0
- package/dist/lib/logger.d.ts.map +1 -0
- package/dist/lib/logger.js +130 -0
- package/dist/lib/logger.js.map +1 -0
- package/dist/lib/nginx-config.d.ts +78 -0
- package/dist/lib/nginx-config.d.ts.map +1 -0
- package/dist/lib/nginx-config.js +736 -0
- package/dist/lib/nginx-config.js.map +1 -0
- package/dist/lib/ops/addon-dev.d.ts +93 -0
- package/dist/lib/ops/addon-dev.d.ts.map +1 -0
- package/dist/lib/ops/addon-dev.js +237 -0
- package/dist/lib/ops/addon-dev.js.map +1 -0
- package/dist/lib/ops/addon-quality.d.ts +38 -0
- package/dist/lib/ops/addon-quality.d.ts.map +1 -0
- package/dist/lib/ops/addon-quality.js +338 -0
- package/dist/lib/ops/addon-quality.js.map +1 -0
- package/dist/lib/ops/addon-routes.d.ts +49 -0
- package/dist/lib/ops/addon-routes.d.ts.map +1 -0
- package/dist/lib/ops/addon-routes.js +189 -0
- package/dist/lib/ops/addon-routes.js.map +1 -0
- package/dist/lib/ops/addon.d.ts +120 -0
- package/dist/lib/ops/addon.d.ts.map +1 -0
- package/dist/lib/ops/addon.js +260 -0
- package/dist/lib/ops/addon.js.map +1 -0
- package/dist/lib/ops/cdn.d.ts +87 -0
- package/dist/lib/ops/cdn.d.ts.map +1 -0
- package/dist/lib/ops/cdn.js +170 -0
- package/dist/lib/ops/cdn.js.map +1 -0
- package/dist/lib/ops/cf.d.ts +36 -0
- package/dist/lib/ops/cf.d.ts.map +1 -0
- package/dist/lib/ops/cf.js +114 -0
- package/dist/lib/ops/cf.js.map +1 -0
- package/dist/lib/ops/compose.d.ts +95 -0
- package/dist/lib/ops/compose.d.ts.map +1 -0
- package/dist/lib/ops/compose.js +165 -0
- package/dist/lib/ops/compose.js.map +1 -0
- package/dist/lib/ops/core.d.ts +117 -0
- package/dist/lib/ops/core.d.ts.map +1 -0
- package/dist/lib/ops/core.js +322 -0
- package/dist/lib/ops/core.js.map +1 -0
- package/dist/lib/ops/db.d.ts +116 -0
- package/dist/lib/ops/db.d.ts.map +1 -0
- package/dist/lib/ops/db.js +351 -0
- package/dist/lib/ops/db.js.map +1 -0
- package/dist/lib/ops/dns.d.ts +111 -0
- package/dist/lib/ops/dns.d.ts.map +1 -0
- package/dist/lib/ops/dns.js +306 -0
- package/dist/lib/ops/dns.js.map +1 -0
- package/dist/lib/ops/image.d.ts +94 -0
- package/dist/lib/ops/image.d.ts.map +1 -0
- package/dist/lib/ops/image.js +159 -0
- package/dist/lib/ops/image.js.map +1 -0
- package/dist/lib/ops/nginx.d.ts +114 -0
- package/dist/lib/ops/nginx.d.ts.map +1 -0
- package/dist/lib/ops/nginx.js +388 -0
- package/dist/lib/ops/nginx.js.map +1 -0
- package/dist/lib/ops/redis.d.ts +7 -0
- package/dist/lib/ops/redis.d.ts.map +1 -0
- package/dist/lib/ops/redis.js +35 -0
- package/dist/lib/ops/redis.js.map +1 -0
- package/dist/lib/ops/ssh.d.ts +127 -0
- package/dist/lib/ops/ssh.d.ts.map +1 -0
- package/dist/lib/ops/ssh.js +269 -0
- package/dist/lib/ops/ssh.js.map +1 -0
- package/dist/lib/prompts.d.ts +46 -0
- package/dist/lib/prompts.d.ts.map +1 -0
- package/dist/lib/prompts.js +113 -0
- package/dist/lib/prompts.js.map +1 -0
- package/dist/lib/sast.d.ts +43 -0
- package/dist/lib/sast.d.ts.map +1 -0
- package/dist/lib/sast.js +79 -0
- package/dist/lib/sast.js.map +1 -0
- package/dist/lib/sast.test.d.ts +2 -0
- package/dist/lib/sast.test.d.ts.map +1 -0
- package/dist/lib/sast.test.js +33 -0
- package/dist/lib/sast.test.js.map +1 -0
- package/dist/lib/shell.d.ts +61 -0
- package/dist/lib/shell.d.ts.map +1 -0
- package/dist/lib/shell.js +183 -0
- package/dist/lib/shell.js.map +1 -0
- package/dist/lib/ssh-config.d.ts +37 -0
- package/dist/lib/ssh-config.d.ts.map +1 -0
- package/dist/lib/ssh-config.js +122 -0
- package/dist/lib/ssh-config.js.map +1 -0
- package/dist/lib/tenant-scope.d.ts +38 -0
- package/dist/lib/tenant-scope.d.ts.map +1 -0
- package/dist/lib/tenant-scope.js +129 -0
- package/dist/lib/tenant-scope.js.map +1 -0
- package/dist/lib/tenant-scope.test.d.ts +2 -0
- package/dist/lib/tenant-scope.test.d.ts.map +1 -0
- package/dist/lib/tenant-scope.test.js +223 -0
- package/dist/lib/tenant-scope.test.js.map +1 -0
- package/package.json +58 -0
- package/templates/bootstrap/.env.template +54 -0
- package/templates/bootstrap/docker-compose.yml +145 -0
- package/templates/vhost.conf.tmpl +446 -0
|
@@ -0,0 +1,446 @@
|
|
|
1
|
+
# ciCore Domain Config - {{DOMAIN}} -> {{CORE}}
|
|
2
|
+
# CDN URL: https://cdn.{{DOMAIN}}/CoreUI/latest
|
|
3
|
+
# Generated by: vu setup (nginxWriteVhost primitive, host-aware multi-core)
|
|
4
|
+
# API: api.{{DOMAIN}} -> PHP backend (HTTPS)
|
|
5
|
+
# Web: {{DOMAIN}}, www.{{DOMAIN}} -> Nuxt frontend (HTTPS)
|
|
6
|
+
# Tenants: *.{{DOMAIN}} (except api) -> Nuxt frontend (HTTPS)
|
|
7
|
+
# Custom Domains: tenant.com (CNAME to tenant.{{DOMAIN}}) -> Nuxt frontend (HTTPS)
|
|
8
|
+
# Wildcard SSL: Cloudflare Origin Certificate covers *.{{DOMAIN}}
|
|
9
|
+
|
|
10
|
+
# ======================================================
|
|
11
|
+
# CUSTOM DOMAIN → TENANT MAPPING
|
|
12
|
+
# Tenants can use their own domains via Cloudflare CNAME
|
|
13
|
+
# Example: tenant.com CNAME -> tenant.{{DOMAIN}}
|
|
14
|
+
# ======================================================
|
|
15
|
+
map $host $custom_domain_tenant {
|
|
16
|
+
default "";
|
|
17
|
+
# {{CUSTOM_DOMAIN_MAP}} - Placeholder for dynamic custom domain entries
|
|
18
|
+
# Example:
|
|
19
|
+
# "example.com" "tenant1.{{DOMAIN}}";
|
|
20
|
+
# "mycompany.com" "tenant2.{{DOMAIN}}";
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
# ======================================================
|
|
24
|
+
# 0. CUSTOM DOMAIN API SUBDOMAIN (api.tenant.com -> PHP Backend)
|
|
25
|
+
# API subdomain for custom domains - routes to PHP backend
|
|
26
|
+
# ======================================================
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
# ======================================================
|
|
30
|
+
# 1. CUSTOM DOMAIN ROUTING (tenant.com -> tenant.{{DOMAIN}})
|
|
31
|
+
# Tenants using custom domains via Cloudflare CNAME
|
|
32
|
+
# ======================================================
|
|
33
|
+
|
|
34
|
+
|
|
35
|
+
# ======================================================
|
|
36
|
+
# 1. HTTP -> HTTPS Redirect (All domains)
|
|
37
|
+
# ======================================================
|
|
38
|
+
server {
|
|
39
|
+
listen 80;
|
|
40
|
+
server_name {{DOMAIN}} *.{{DOMAIN}};
|
|
41
|
+
|
|
42
|
+
location /health {
|
|
43
|
+
access_log off;
|
|
44
|
+
return 200 "healthy\n";
|
|
45
|
+
add_header Content-Type text/plain;
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
location / {
|
|
49
|
+
return 301 https://$host$request_uri;
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
# ======================================================
|
|
54
|
+
# 2. API SUBDOMAIN SERVER (api.{{DOMAIN}}) - HTTPS
|
|
55
|
+
# ======================================================
|
|
56
|
+
server {
|
|
57
|
+
listen 443 ssl;
|
|
58
|
+
http2 on;
|
|
59
|
+
server_name api.{{DOMAIN}};
|
|
60
|
+
|
|
61
|
+
ssl_certificate /etc/nginx/ssl/{{SSL_CERT_NAME}}.crt;
|
|
62
|
+
ssl_certificate_key /etc/nginx/ssl/{{SSL_CERT_NAME}}.key;
|
|
63
|
+
ssl_protocols TLSv1.2 TLSv1.3;
|
|
64
|
+
ssl_prefer_server_ciphers on;
|
|
65
|
+
ssl_session_cache shared:SSL:10m;
|
|
66
|
+
ssl_session_timeout 10m;
|
|
67
|
+
|
|
68
|
+
client_max_body_size 25m;
|
|
69
|
+
server_tokens off;
|
|
70
|
+
|
|
71
|
+
# Security Headers
|
|
72
|
+
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
73
|
+
add_header X-Content-Type-Options "nosniff" always;
|
|
74
|
+
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
75
|
+
add_header X-XSS-Protection "1; mode=block" always;
|
|
76
|
+
|
|
77
|
+
location / {
|
|
78
|
+
# CORS Preflight
|
|
79
|
+
if ($request_method = 'OPTIONS') {
|
|
80
|
+
add_header 'Access-Control-Allow-Origin' $http_origin always;
|
|
81
|
+
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE, OPTIONS' always;
|
|
82
|
+
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With, X-CSRF-Token, X-Core-Path, X-Tenant-Host, Cache-Control, Accept' always;
|
|
83
|
+
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
84
|
+
add_header 'Access-Control-Max-Age' '86400' always;
|
|
85
|
+
add_header 'Content-Type' 'text/plain; charset=utf-8' always;
|
|
86
|
+
add_header 'Content-Length' '0' always;
|
|
87
|
+
return 204;
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
add_header 'Access-Control-Allow-Origin' $http_origin always;
|
|
91
|
+
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE, OPTIONS' always;
|
|
92
|
+
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With, X-CSRF-Token, X-Core-Path, X-Tenant-Host, Accept' always;
|
|
93
|
+
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
94
|
+
add_header 'Access-Control-Expose-Headers' 'X-CSRF-Token' always;
|
|
95
|
+
|
|
96
|
+
fastcgi_pass php_backend;
|
|
97
|
+
fastcgi_param SCRIPT_FILENAME /var/www/public/index.php;
|
|
98
|
+
fastcgi_param CORE_PATH $core_path;
|
|
99
|
+
include fastcgi_params;
|
|
100
|
+
fastcgi_param REQUEST_URI $request_uri;
|
|
101
|
+
fastcgi_param SCRIPT_NAME /index.php;
|
|
102
|
+
fastcgi_param HTTP_HOST $host;
|
|
103
|
+
fastcgi_param HTTP_TENANT_HOST $host;
|
|
104
|
+
fastcgi_param HTTPS on;
|
|
105
|
+
fastcgi_param HTTP_X_FORWARDED_PROTO https;
|
|
106
|
+
|
|
107
|
+
fastcgi_connect_timeout 300s;
|
|
108
|
+
fastcgi_send_timeout 300s;
|
|
109
|
+
fastcgi_read_timeout 300s;
|
|
110
|
+
fastcgi_buffer_size 128k;
|
|
111
|
+
fastcgi_buffers 4 256k;
|
|
112
|
+
fastcgi_busy_buffers_size 256k;
|
|
113
|
+
fastcgi_temp_file_write_size 256k;
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
# ======================================================
|
|
118
|
+
# 3. TENANT SUBDOMAIN SERVER (*.{{DOMAIN}} except api) - HTTPS
|
|
119
|
+
# Wildcard subdomain - her tenant kendi subdomain'inde çalışır
|
|
120
|
+
# ======================================================
|
|
121
|
+
server {
|
|
122
|
+
listen 443 ssl;
|
|
123
|
+
http2 on;
|
|
124
|
+
server_name ~^(?!api\.)(?<subdomain>[^.]+)\.{{DOMAIN_REGEX}}$;
|
|
125
|
+
|
|
126
|
+
ssl_certificate /etc/nginx/ssl/{{SSL_CERT_NAME}}.crt;
|
|
127
|
+
ssl_certificate_key /etc/nginx/ssl/{{SSL_CERT_NAME}}.key;
|
|
128
|
+
ssl_protocols TLSv1.2 TLSv1.3;
|
|
129
|
+
ssl_prefer_server_ciphers on;
|
|
130
|
+
ssl_session_cache shared:SSL:10m;
|
|
131
|
+
ssl_session_timeout 10m;
|
|
132
|
+
|
|
133
|
+
client_max_body_size 25m;
|
|
134
|
+
client_body_timeout 60s;
|
|
135
|
+
client_header_timeout 60s;
|
|
136
|
+
server_tokens off;
|
|
137
|
+
|
|
138
|
+
# Security Headers
|
|
139
|
+
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
140
|
+
add_header X-Content-Type-Options "nosniff" always;
|
|
141
|
+
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
142
|
+
add_header X-XSS-Protection "1; mode=block" always;
|
|
143
|
+
|
|
144
|
+
# Gzip Compression
|
|
145
|
+
gzip on;
|
|
146
|
+
gzip_vary on;
|
|
147
|
+
gzip_proxied any;
|
|
148
|
+
gzip_comp_level 6;
|
|
149
|
+
gzip_min_length 1000;
|
|
150
|
+
gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
|
|
151
|
+
|
|
152
|
+
# Health Check
|
|
153
|
+
location /health {
|
|
154
|
+
access_log off;
|
|
155
|
+
return 200 "healthy\n";
|
|
156
|
+
add_header Content-Type text/plain;
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
# CDN Proxy for Nuxt Assets (/_nuxt/ -> CDN)
|
|
160
|
+
location ^~ /_nuxt/ {
|
|
161
|
+
proxy_pass http://nuxt_frontend;
|
|
162
|
+
proxy_ssl_server_name on;
|
|
163
|
+
proxy_cache_valid 200 365d;
|
|
164
|
+
proxy_cache_valid 404 1m;
|
|
165
|
+
add_header 'Cache-Control' 'public, max-age=31536000, immutable' always;
|
|
166
|
+
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
167
|
+
proxy_hide_header 'Access-Control-Allow-Origin';
|
|
168
|
+
proxy_intercept_errors on;
|
|
169
|
+
error_page 404 = @nuxt_fallback_tenant;
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
# Fallback to Nuxt if CDN file not found
|
|
173
|
+
location @nuxt_fallback_tenant {
|
|
174
|
+
proxy_pass http://nuxt_frontend;
|
|
175
|
+
proxy_set_header Host $host;
|
|
176
|
+
proxy_set_header X-Real-IP $remote_addr;
|
|
177
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
178
|
+
proxy_set_header X-Forwarded-Proto https;
|
|
179
|
+
}
|
|
180
|
+
|
|
181
|
+
# Shared API Files
|
|
182
|
+
location ^~ /shared/ {
|
|
183
|
+
alias /home/cores/{{CORE}}/shared/;
|
|
184
|
+
autoindex off;
|
|
185
|
+
types { application/javascript js mjs; application/json json; }
|
|
186
|
+
default_type application/javascript;
|
|
187
|
+
add_header 'Access-Control-Allow-Origin' $http_origin always;
|
|
188
|
+
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
189
|
+
add_header 'Cache-Control' 'public, max-age=3600, immutable' always;
|
|
190
|
+
try_files $uri =404;
|
|
191
|
+
}
|
|
192
|
+
|
|
193
|
+
# Vendor Libs
|
|
194
|
+
location ^~ /vendor/ {
|
|
195
|
+
alias /home/cores/{{CORE}}/shared/vendor/;
|
|
196
|
+
autoindex off;
|
|
197
|
+
types { application/javascript js mjs; }
|
|
198
|
+
default_type application/javascript;
|
|
199
|
+
add_header 'Access-Control-Allow-Origin' $http_origin always;
|
|
200
|
+
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
201
|
+
add_header 'Cache-Control' 'public, max-age=31536000, immutable' always;
|
|
202
|
+
try_files $uri =404;
|
|
203
|
+
}
|
|
204
|
+
|
|
205
|
+
# Addon ESM Files
|
|
206
|
+
location ^~ /cores/ {
|
|
207
|
+
alias /home/cores/;
|
|
208
|
+
autoindex off;
|
|
209
|
+
types { application/javascript js mjs; application/json json; text/css css; text/html html vue; image/svg+xml svg; }
|
|
210
|
+
default_type application/javascript;
|
|
211
|
+
add_header 'Access-Control-Allow-Origin' $http_origin always;
|
|
212
|
+
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
213
|
+
add_header 'X-Content-Type-Options' 'nosniff' always;
|
|
214
|
+
open_file_cache off;
|
|
215
|
+
try_files $uri =404;
|
|
216
|
+
}
|
|
217
|
+
|
|
218
|
+
# ================================================================
|
|
219
|
+
# Nuxt Icon API - Route to Nuxt (BEFORE general / route)
|
|
220
|
+
# Fixes: 404 errors for /api/_nuxt_icon/* requests
|
|
221
|
+
# ================================================================
|
|
222
|
+
location ^~ /api/_nuxt_icon/ {
|
|
223
|
+
proxy_pass http://nuxt_frontend;
|
|
224
|
+
proxy_http_version 1.1;
|
|
225
|
+
proxy_set_header Host $host;
|
|
226
|
+
proxy_set_header X-Real-IP $remote_addr;
|
|
227
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
228
|
+
proxy_set_header X-Forwarded-Proto https;
|
|
229
|
+
# Cache icons for 1 day
|
|
230
|
+
proxy_cache_valid 200 1d;
|
|
231
|
+
add_header 'Cache-Control' 'public, max-age=86400' always;
|
|
232
|
+
}
|
|
233
|
+
|
|
234
|
+
# Frontend (Nuxt SSR) - Tenant subdomain olarak yönlendir
|
|
235
|
+
location / {
|
|
236
|
+
proxy_pass http://nuxt_frontend;
|
|
237
|
+
proxy_set_header Host $host;
|
|
238
|
+
proxy_set_header X-Real-IP $remote_addr;
|
|
239
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
240
|
+
proxy_set_header X-Forwarded-Proto https;
|
|
241
|
+
proxy_set_header X-Forwarded-Host $host;
|
|
242
|
+
proxy_set_header X-Core-Path $core_path;
|
|
243
|
+
proxy_set_header X-Tenant-Host $host;
|
|
244
|
+
proxy_set_header X-Tenant-Subdomain $subdomain;
|
|
245
|
+
proxy_http_version 1.1;
|
|
246
|
+
proxy_set_header Upgrade $http_upgrade;
|
|
247
|
+
proxy_set_header Connection $connection_upgrade;
|
|
248
|
+
proxy_connect_timeout 300s;
|
|
249
|
+
proxy_send_timeout 300s;
|
|
250
|
+
proxy_read_timeout 300s;
|
|
251
|
+
proxy_buffering off;
|
|
252
|
+
proxy_cache_bypass $http_upgrade;
|
|
253
|
+
}
|
|
254
|
+
|
|
255
|
+
# Deny Hidden Files
|
|
256
|
+
location ~ /\.(?!well-known) {
|
|
257
|
+
deny all;
|
|
258
|
+
access_log off;
|
|
259
|
+
log_not_found off;
|
|
260
|
+
}
|
|
261
|
+
}
|
|
262
|
+
|
|
263
|
+
# ======================================================
|
|
264
|
+
# 4. MAIN WEB SERVER ({{DOMAIN}}, www.{{DOMAIN}}) - HTTPS
|
|
265
|
+
# ======================================================
|
|
266
|
+
server {
|
|
267
|
+
listen 443 ssl;
|
|
268
|
+
http2 on;
|
|
269
|
+
server_name {{DOMAIN}} www.{{DOMAIN}};
|
|
270
|
+
|
|
271
|
+
ssl_certificate /etc/nginx/ssl/{{SSL_CERT_NAME}}.crt;
|
|
272
|
+
ssl_certificate_key /etc/nginx/ssl/{{SSL_CERT_NAME}}.key;
|
|
273
|
+
ssl_protocols TLSv1.2 TLSv1.3;
|
|
274
|
+
ssl_prefer_server_ciphers on;
|
|
275
|
+
ssl_session_cache shared:SSL:10m;
|
|
276
|
+
ssl_session_timeout 10m;
|
|
277
|
+
|
|
278
|
+
client_max_body_size 25m;
|
|
279
|
+
client_body_timeout 60s;
|
|
280
|
+
client_header_timeout 60s;
|
|
281
|
+
server_tokens off;
|
|
282
|
+
|
|
283
|
+
# Security Headers
|
|
284
|
+
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
285
|
+
add_header X-Content-Type-Options "nosniff" always;
|
|
286
|
+
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
287
|
+
add_header X-XSS-Protection "1; mode=block" always;
|
|
288
|
+
|
|
289
|
+
# Gzip Compression
|
|
290
|
+
gzip on;
|
|
291
|
+
gzip_vary on;
|
|
292
|
+
gzip_proxied any;
|
|
293
|
+
gzip_comp_level 6;
|
|
294
|
+
gzip_min_length 1000;
|
|
295
|
+
gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
|
|
296
|
+
|
|
297
|
+
# Health Check
|
|
298
|
+
location /health {
|
|
299
|
+
access_log off;
|
|
300
|
+
return 200 "healthy\n";
|
|
301
|
+
add_header Content-Type text/plain;
|
|
302
|
+
}
|
|
303
|
+
|
|
304
|
+
# CDN Proxy for Nuxt Assets (/_nuxt/ -> CDN)
|
|
305
|
+
# Each core can use its own CDN URL from .env (NUXT_PUBLIC_CORE_CDN_URL)
|
|
306
|
+
location ^~ /_nuxt/ {
|
|
307
|
+
proxy_pass http://nuxt_frontend;
|
|
308
|
+
proxy_ssl_server_name on;
|
|
309
|
+
proxy_cache_valid 200 365d;
|
|
310
|
+
proxy_cache_valid 404 1m;
|
|
311
|
+
add_header 'Cache-Control' 'public, max-age=31536000, immutable' always;
|
|
312
|
+
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
313
|
+
proxy_hide_header 'Access-Control-Allow-Origin';
|
|
314
|
+
proxy_intercept_errors on;
|
|
315
|
+
error_page 404 = @nuxt_fallback;
|
|
316
|
+
}
|
|
317
|
+
|
|
318
|
+
# Fallback to Nuxt if CDN file not found
|
|
319
|
+
location @nuxt_fallback {
|
|
320
|
+
proxy_pass http://nuxt_frontend;
|
|
321
|
+
proxy_set_header Host $host;
|
|
322
|
+
proxy_set_header X-Real-IP $remote_addr;
|
|
323
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
324
|
+
proxy_set_header X-Forwarded-Proto https;
|
|
325
|
+
}
|
|
326
|
+
|
|
327
|
+
# Shared API Files
|
|
328
|
+
location ^~ /shared/ {
|
|
329
|
+
alias /home/cores/{{CORE}}/shared/;
|
|
330
|
+
autoindex off;
|
|
331
|
+
types { application/javascript js mjs; application/json json; }
|
|
332
|
+
default_type application/javascript;
|
|
333
|
+
add_header 'Access-Control-Allow-Origin' $http_origin always;
|
|
334
|
+
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
335
|
+
add_header 'Cache-Control' 'public, max-age=3600, immutable' always;
|
|
336
|
+
try_files $uri =404;
|
|
337
|
+
}
|
|
338
|
+
|
|
339
|
+
# Vendor Libs
|
|
340
|
+
location ^~ /vendor/ {
|
|
341
|
+
alias /home/cores/{{CORE}}/shared/vendor/;
|
|
342
|
+
autoindex off;
|
|
343
|
+
types { application/javascript js mjs; }
|
|
344
|
+
default_type application/javascript;
|
|
345
|
+
add_header 'Access-Control-Allow-Origin' $http_origin always;
|
|
346
|
+
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
347
|
+
add_header 'Cache-Control' 'public, max-age=31536000, immutable' always;
|
|
348
|
+
try_files $uri =404;
|
|
349
|
+
}
|
|
350
|
+
|
|
351
|
+
# Addon ESM Files
|
|
352
|
+
location ^~ /cores/ {
|
|
353
|
+
alias /home/cores/;
|
|
354
|
+
autoindex off;
|
|
355
|
+
types { application/javascript js mjs; application/json json; text/css css; text/html html vue; image/svg+xml svg; }
|
|
356
|
+
default_type application/javascript;
|
|
357
|
+
add_header 'Access-Control-Allow-Origin' $http_origin always;
|
|
358
|
+
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
359
|
+
add_header 'X-Content-Type-Options' 'nosniff' always;
|
|
360
|
+
open_file_cache off;
|
|
361
|
+
try_files $uri =404;
|
|
362
|
+
}
|
|
363
|
+
|
|
364
|
+
# ================================================================
|
|
365
|
+
# Nuxt Icon API - Route to Nuxt (BEFORE general /api/ route)
|
|
366
|
+
# Fixes: 404 errors for /api/_nuxt_icon/* requests
|
|
367
|
+
# ================================================================
|
|
368
|
+
location ^~ /api/_nuxt_icon/ {
|
|
369
|
+
proxy_pass http://nuxt_frontend;
|
|
370
|
+
proxy_http_version 1.1;
|
|
371
|
+
proxy_set_header Host $host;
|
|
372
|
+
proxy_set_header X-Real-IP $remote_addr;
|
|
373
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
374
|
+
proxy_set_header X-Forwarded-Proto https;
|
|
375
|
+
# Cache icons for 1 day
|
|
376
|
+
proxy_cache_valid 200 1d;
|
|
377
|
+
add_header 'Cache-Control' 'public, max-age=86400' always;
|
|
378
|
+
}
|
|
379
|
+
|
|
380
|
+
# API Endpoints (on web domain)
|
|
381
|
+
location ~ ^/(api|v1|v2|auth|system|system-settings|upload|addons|core_addons|core|analyzer|summary|metrics|jobs|worker|setup|tenant-manager|tenant-admin|user-admin|users|csrf-token|refresh|languages|institutions|sectors|security|odeme|builds|catalog|web-index|login|logout|me|public|status) {
|
|
382
|
+
# CORS Preflight
|
|
383
|
+
if ($request_method = 'OPTIONS') {
|
|
384
|
+
add_header 'Access-Control-Allow-Origin' $http_origin always;
|
|
385
|
+
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE, OPTIONS' always;
|
|
386
|
+
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With, X-CSRF-Token, X-Core-Path, X-Tenant-Host, Cache-Control, Accept' always;
|
|
387
|
+
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
388
|
+
add_header 'Access-Control-Max-Age' '86400' always;
|
|
389
|
+
add_header 'Content-Type' 'text/plain; charset=utf-8' always;
|
|
390
|
+
add_header 'Content-Length' '0' always;
|
|
391
|
+
return 204;
|
|
392
|
+
}
|
|
393
|
+
|
|
394
|
+
add_header 'Access-Control-Allow-Origin' $http_origin always;
|
|
395
|
+
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE, OPTIONS' always;
|
|
396
|
+
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With, X-CSRF-Token, X-Core-Path, X-Tenant-Host, Accept' always;
|
|
397
|
+
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
398
|
+
add_header 'Access-Control-Expose-Headers' 'X-CSRF-Token' always;
|
|
399
|
+
|
|
400
|
+
fastcgi_pass php_backend;
|
|
401
|
+
fastcgi_param SCRIPT_FILENAME /var/www/public/index.php;
|
|
402
|
+
fastcgi_param CORE_PATH $core_path;
|
|
403
|
+
include fastcgi_params;
|
|
404
|
+
fastcgi_param REQUEST_URI $request_uri;
|
|
405
|
+
fastcgi_param SCRIPT_NAME /index.php;
|
|
406
|
+
fastcgi_param HTTP_HOST $host;
|
|
407
|
+
fastcgi_param HTTP_TENANT_HOST $host;
|
|
408
|
+
fastcgi_param HTTPS on;
|
|
409
|
+
fastcgi_param HTTP_X_FORWARDED_PROTO https;
|
|
410
|
+
|
|
411
|
+
fastcgi_connect_timeout 300s;
|
|
412
|
+
fastcgi_send_timeout 300s;
|
|
413
|
+
fastcgi_read_timeout 300s;
|
|
414
|
+
fastcgi_buffer_size 128k;
|
|
415
|
+
fastcgi_buffers 4 256k;
|
|
416
|
+
fastcgi_busy_buffers_size 256k;
|
|
417
|
+
fastcgi_temp_file_write_size 256k;
|
|
418
|
+
}
|
|
419
|
+
|
|
420
|
+
# Frontend (Nuxt SSR)
|
|
421
|
+
location / {
|
|
422
|
+
proxy_pass http://nuxt_frontend;
|
|
423
|
+
proxy_set_header Host $host;
|
|
424
|
+
proxy_set_header X-Real-IP $remote_addr;
|
|
425
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
426
|
+
proxy_set_header X-Forwarded-Proto https;
|
|
427
|
+
proxy_set_header X-Forwarded-Host $host;
|
|
428
|
+
proxy_set_header X-Core-Path $core_path;
|
|
429
|
+
proxy_set_header X-Tenant-Host $host;
|
|
430
|
+
proxy_http_version 1.1;
|
|
431
|
+
proxy_set_header Upgrade $http_upgrade;
|
|
432
|
+
proxy_set_header Connection $connection_upgrade;
|
|
433
|
+
proxy_connect_timeout 300s;
|
|
434
|
+
proxy_send_timeout 300s;
|
|
435
|
+
proxy_read_timeout 300s;
|
|
436
|
+
proxy_buffering off;
|
|
437
|
+
proxy_cache_bypass $http_upgrade;
|
|
438
|
+
}
|
|
439
|
+
|
|
440
|
+
# Deny Hidden Files
|
|
441
|
+
location ~ /\.(?!well-known) {
|
|
442
|
+
deny all;
|
|
443
|
+
access_log off;
|
|
444
|
+
log_not_found off;
|
|
445
|
+
}
|
|
446
|
+
}
|