Nginx & Routing

Overview

All external traffic enters through Nginx on ports 80/443. HTTP is redirected to HTTPS. SSL certificates are managed via Let’s Encrypt.

Config location: /etc/nginx/sites-enabled/ (87 configuration files)

Domain Routing Map

Portal & Dashboard

Domain	Target	Purpose
`portal.magiceverse.online`	`:4096`	Portal API + SPA
`dashboard.magiceverse.online`	`:11005` (flow), `:3003` (API)	Dashboard

PIM

Domain	Target	Purpose
`magic-pim.magiceverse.online`	`:9002`	PIM storefront
`magic-pimadmin.magiceverse.online`	`:3002`	PIM admin

Tenant Storefronts

Domain	Target
`development.magiceverse.online`	`:10010`
`demo.magiceverse.online`	`:10020`
`default.magiceverse.online`	`:10030`
`brinxx.magiceverse.online`	`:10040`
`bovisales.magiceverse.online`	`:10050`
`desluis.magiceverse.online`	`:10060`
`jodasign.magiceverse.online`	`:10070`
`logohorloge.magiceverse.online`	`:10080`
`spranz.magiceverse.online`	`:10090`

Tenant Admin Panels

Domain	Target
`admin-development.magiceverse.online`	`:4010`
`admin-demo.magiceverse.online`	`:4020`
`admin-default.magiceverse.online`	`:4030`
`admin-brinxx.magiceverse.online`	`:4040`
`admin-bovisales.magiceverse.online`	`:4050`
`admin-master.magiceverse.online`	`:4059`
`admin-desluis.magiceverse.online`	`:4060`
`admin-jodasign.magiceverse.online`	`:4070`
`admin-logohorloge.magiceverse.online`	`:4080`
`admin-spranz.magiceverse.online`	`:4091`

N8N Workflow Automation

Domain	Target	Access
`n8n.magiceverse.online`	`:8090`	IP restricted
`n8n2.magiceverse.online`	`:8091`	IP restricted
`n8n3.magiceverse.online`	`:8092`	IP restricted

NextCloud & Office

Domain	Target	Purpose
`docs.magiceverse.online`	`:8580`	NextCloud
`office.magiceverse.online`	`:8581`	OnlyOffice

Other Notable Services

Domain	Target	Purpose
`rembg.magiceverse.online`	`:5050`	Background removal (Spranz IP only)
`escalation.magiceverse.online`	—	Escalation management service
`contacts.magiceverse.online`	—	Contact management service
`designer.spranz.de`	External (23.88.122.78)	Spranz product designer
`glances.magiceverse.online`	—	Server monitoring (Glances)
`magic-editor.magiceverse.online`	—	Magic editor service

Static File Serving

Nginx serves static files directly (bypassing Docker) for performance:

# Product images (30-day cache)
location /pim_data/ {
    alias /mnt/data/pim_data/;
    expires 30d;
}

# Brand assets (7-day cache)
location /branding/ {
    alias /mnt/data/magic_pim/backend/static/branding/;
    expires 7d;
}

# Product SVGs (30-day cache, CORS enabled)
location /product-svg/ {
    alias /mnt/data/htdocs/_magic_ts_def/product_images/svg/;
    add_header Access-Control-Allow-Origin *;
    expires 30d;
}

IP Whitelist Security

Portal and some services use device authentication:

include /etc/nginx/snippets/device-auth.conf;

# Protected endpoints
auth_request /___device_auth;

# Public exceptions
location /api/activate/ { proxy_pass ...; }
location /api/gatekeeper/request { proxy_pass ...; }

SSL Certificates

Managed via Let’s Encrypt with automatic renewal:

/etc/letsencrypt/live/{domain}/
├── fullchain.pem
└── privkey.pem