tk-factory-services/gateway/nginx.conf

server {
    listen 80;
    server_name _;

    root /usr/share/nginx/html;

    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;

    # 대시보드 (로그인 포함)
    location = /dashboard {
        add_header Cache-Control "no-store, no-cache, must-revalidate";
        add_header Pragma "no-cache";
        try_files /dashboard.html =404;
    }

    location = / {
        return 302 /dashboard$is_args$args;
    }

    # 레거시 /login → /dashboard 리다이렉트
    location = /login {
        return 302 /dashboard$is_args$args;
    }

    # 공유 JS (notification-bell.js, nav-header.js)
    location /shared/ {
        alias /usr/share/nginx/html/shared/;
        expires 1h;
        add_header Cache-Control "public, no-transform";
    }

    # SSO Auth 프록시
    location /auth/ {
        proxy_pass http://sso-auth:3000/api/auth/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # System1 API 프록시 (대시보드 배너용: 알림/TBM/휴가 카운트)
    location /api/ {
        proxy_pass http://system1-api:3005/api/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Health check
    location /health {
        access_log off;
        return 200 '{"status":"ok","service":"gateway"}';
        add_header Content-Type application/json;
    }
}