baron-sso/userfront/nginx.conf

# Map ISO8601 time to "YYYY-MM-DD HH:mm:ss" format
map $time_iso8601 $time_custom {
    "~^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})" "$1-$2-$3 $4:$5:$6";
}

# Custom JSON Log Format matching Go slog
log_format json_combined escape=json
    '{'
    '"time":"$time_custom",'
    '"level":"INFO",'
    '"msg":"http_access",'
    '"svc":"baron-userfront",'
    '"status":$status,'
    '"method":"$request_method",'
    '"path":"$request_uri",'
    '"latency":"${request_time}s",'
    '"ip":"$remote_addr",'
    '"forwarded_for":"$http_x_forwarded_for",'
    '"user_agent":"$http_user_agent"'
    '}';

server {
    listen 5000;
    include /etc/nginx/mime.types;
    
    access_log /var/log/nginx/access.log json_combined;

    # --- Backend API Proxy ---
    location /api {
        proxy_pass http://baron_backend:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # --- Ory Stack Proxy (via Oathkeeper) ---
    # Kratos Public API
    location /auth {
        proxy_pass http://oathkeeper:4455;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Hydra Public API
    location /oidc {
        proxy_pass http://oathkeeper:4455;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # --- Internal Web Apps Proxy --- 초반에는 외부 오픈 없이 Private Net 내부에서만 운영
    # AdminFront (Vite Dev Server or Nginx)
    # location /admin {
    #     proxy_pass http://baron_adminfront:5173;
    #     proxy_set_header Host $host;
    #     proxy_set_header X-Real-IP $remote_addr;
    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #     proxy_set_header X-Forwarded-Proto $scheme;
        
    #     # WebSocket support (for Vite HMR)
    #     proxy_http_version 1.1;
    #     proxy_set_header Upgrade $http_upgrade;
    #     proxy_set_header Connection "upgrade";
    # }

    # # DevFront (Vite Dev Server or Nginx)
    # location /dev {
    #     proxy_pass http://baron_devfront:5173;
    #     proxy_set_header Host $host;
    #     proxy_set_header X-Real-IP $remote_addr;
    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #     proxy_set_header X-Forwarded-Proto $scheme;

    #     # WebSocket support (for Vite HMR)
    #     proxy_http_version 1.1;
    #     proxy_set_header Upgrade $http_upgrade;
    #     proxy_set_header Connection "upgrade";
    # }

    # --- UserFront Static Files ---
    location / {
        root /usr/share/nginx/html;
        index index.html;
        try_files $uri $uri/ /index.html;
    }
}