# Nginx Proxy Manager Configuration

## Required Proxy Hosts

### 1. Gitea (Source Control)

**Domain Names:**
- `git.corrosionmgmt.com`

**Details:**
```
Scheme: http
Forward Hostname / IP: <asgard-internal-ip>
Forward Port: 8090
Cache Assets: No
Block Common Exploits: Yes
Websockets Support: Yes
```

**SSL:**
```
Force SSL: Yes
HTTP/2 Support: Yes
HSTS Enabled: Yes
```

**Advanced (if needed):**
```nginx
# For SSH git clone support over HTTPS (optional)
location ~ ^/(.+\.git)/(git-upload-pack|git-receive-pack)$ {
    proxy_pass http://<asgard-ip>:8090;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}
```

---

### 2. SeaweedFS CDN (Object Storage)

**Domain Names:**
- `cdn.corrosionmgmt.com`

**Details:**
```
Scheme: http
Forward Hostname / IP: <asgard-internal-ip>
Forward Port: 8091
Cache Assets: Yes (Enable caching for static files)
Block Common Exploits: Yes
Websockets Support: Yes
```

**SSL:**
```
Force SSL: Yes
HTTP/2 Support: Yes
HSTS Enabled: Yes
```

**Custom Locations (Optional):**

If you want to expose the S3 API at a different path:

```nginx
# S3 API at cdn.corrosionmgmt.com/s3
location /s3/ {
    proxy_pass http://<asgard-ip>:8092/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}
```

---

## Port Summary

| Service | Container | Internal Port | Host Port | Domain |
|---------|-----------|---------------|-----------|--------|
| Gitea Web | corrosion-gitea | 3000 | 8090 | git.corrosionmgmt.com |
| Gitea SSH | corrosion-gitea | 22 | 8095 | git.corrosionmgmt.com:8095 |
| SeaweedFS Filer | corrosion-cdn | 8888 | 8091 | cdn.corrosionmgmt.com |
| SeaweedFS S3 | corrosion-cdn | 8333 | 8092 | Internal only |
| SeaweedFS Master | corrosion-cdn | 9333 | 8093 | Internal only |
| SeaweedFS Volume | corrosion-cdn | 8080 | 8094 | Internal only |

---

## Testing

After configuring NPM, test the proxies:

```bash
# Test Gitea
curl -I https://git.corrosionmgmt.com

# Test SeaweedFS CDN
curl -I https://cdn.corrosionmgmt.com

# Test S3 API (internal)
curl http://<asgard-ip>:8092/
```

---

## Firewall Rules (if applicable)

If Asgard has a firewall, ensure these ports are accessible:

**From Nginx Proxy Manager to Asgard:**
- 8090 (Gitea)
- 8091 (SeaweedFS Filer)

**Optional (for internal access):**
- 8092 (S3 API - for backend services)
- 9333 (Master UI - for admin)

**External SSH (if using git over SSH):**
- 8095 (Gitea SSH)