events {} http { upstream hapi_fhir { server hapi-fhir:8080; } upstream bus_gateway { server bus-gateway:3000; } # Redirige HTTP → HTTPS server { listen 80; server_name _; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name _; # Certificados montados como Docker secrets ssl_certificate /run/secrets/ssl_cert; ssl_certificate_key /run/secrets/ssl_key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # Rutas del bus-gateway (prefijo más específico gana sobre /fhir/) # ITI-65: Provide Document Bundle — transaction Bundle location /fhir/IPSTransaction { proxy_pass http://bus_gateway; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 90s; } # ITI-65: Provide Document Bundle — IPS document Bundle # ITI-68: Retrieve Document location /fhir/Bundle { proxy_pass http://bus_gateway; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 90s; } # ITI-67: Find Document References location /fhir/DocumentReference { proxy_pass http://bus_gateway; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 90s; } # ITI-78: Mobile Patient Demographics Query # ITI-104: Patient Identity Feed FHIR location /fhir/Patient { proxy_pass http://bus_gateway; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 90s; } location /vhl/ { proxy_pass http://bus_gateway; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 90s; } # Resto de /fhir/* va a hapi-fhir location /fhir/ { proxy_pass http://hapi_fhir; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 90s; } location /gdhcn/ { proxy_pass http://gdhcn-validator-service:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 90s; } # Todo lo demás va a hapi-fhir location / { proxy_pass http://hapi_fhir; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 90s; } } }