When docker compose recreates a service, it gets a new internal IP.
nginx was resolving upstream hostnames once at startup and serving 502
until someone manually restarted it — which is what broke /api/auth
after the last deploy.
Uses Docker Compose's embedded DNS (127.0.0.11) and moves each
proxy_pass onto a variable so nginx re-resolves every request.
Rewrites replace the path-stripping behavior that variable-form
proxy_pass doesn't provide out of the box.
Also adds a `nginx -t && nginx -s reload` step in the deploy workflow
so future nginx.conf edits land without manual ssh.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaced the double-proxy (browser→Next.js→chat-api→Modal) with
direct streaming (browser→nginx→chat-api→Modal). Added nginx route
for /api/conversations → chat-api. Inlined SSE parsing in ChatWindow
instead of useSSE hook going through /api/chat/stream.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Nginx was catching /api/chat/stream and /api/conversations and sending
them to chat-api:8002, bypassing the frontend's Next.js API routes.
Now only /api/auth/* goes directly to auth service. Everything else
goes to frontend, which proxies internally to backend services.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- deploy.sh: single script to switch between EC2 and EKS modes
- ec2: docker-compose with ECR images + nginx SSL reverse proxy
- eks: terraform apply + helm install (for demos/grading)
- eks-down: terraform destroy (stop costs)
- docker-compose.prod.yml: ECR image overrides + nginx service
- nginx/nginx.conf: reverse proxy with SSL, SSE streaming support
- deploy-ec2.yml: auto-deploy to EC2 after images are built
- Remove old single-server deploy.yml
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
