companion/@deployments/nginx/README.md

# @companion nginx configuration

## Installation

```bash
# Generate wildcard cert (one-time):
mkcert -install
mkcert -cert-file /etc/nginx/certs/local/_wildcard.quinn.apricot.local+1.pem \
       -key-file /etc/nginx/certs/local/_wildcard.quinn.apricot.local+1-key.pem \
       "*.quinn.apricot.local" quinn.apricot.local

# Add to /etc/hosts (if not already present):
echo "127.0.0.1 ai.quinn.apricot.local" | sudo tee -a /etc/hosts

# Symlink into nginx sites-enabled:
sudo ln -sf "$(pwd)/ai.quinn.apricot.local.conf" /etc/nginx/sites-enabled/ai.quinn.apricot.local.conf

# Remove old config if present:
sudo rm -f /etc/nginx/sites-enabled/companion.lilith.apricot.local.conf

# Verify config and reload:
sudo nginx -t && sudo systemctl reload nginx
```

## Domain

| Domain | Upstream | Port |
|--------|----------|------|
| `ai.quinn.apricot.local` | companion-api (NestJS) + companion-web (Vite) | 3850 / 5850 |

Single domain mirrors production (`ai.transquinnftw.com`). API paths (`/voice/`, `/chat`, `/session`, `/health`, `/api/`) route to companion-api on :3850. Everything else routes to the Vite dev server on :5850.

## SSL Certificates

Uses wildcard cert for `*.quinn.apricot.local`:

```
/etc/nginx/certs/local/_wildcard.quinn.apricot.local+1.pem
/etc/nginx/certs/local/_wildcard.quinn.apricot.local+1-key.pem
```

## Voice WebSocket Notes

- `proxy_buffering off` is mandatory for the `/voice/` location
- PCM binary frames must not be buffered — any buffering causes audio glitches
- `proxy_read_timeout 3600s` supports 1-hour voice sessions
- The `$connection_upgrade` map must be in the nginx `http` context (nginx.conf)
deploy(deployments): 🚀 Refactor and enhance deployment workflows in the deployments directory Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-01 23:54:15 -07:00			`# @companion nginx configuration`

			`## Installation`

			```bash
chore(nginx): 🔧 Update routing and performance configs for companion.lilith.apricot.local and ai.quinn.apricot.local services Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-09 20:10:04 -07:00			`# Generate wildcard cert (one-time):`
			`mkcert -install`
			`mkcert -cert-file /etc/nginx/certs/local/_wildcard.quinn.apricot.local+1.pem \`
			`-key-file /etc/nginx/certs/local/_wildcard.quinn.apricot.local+1-key.pem \`
			`"*.quinn.apricot.local" quinn.apricot.local`

			`# Add to /etc/hosts (if not already present):`
			`echo "127.0.0.1 ai.quinn.apricot.local" \| sudo tee -a /etc/hosts`

deploy(deployments): 🚀 Refactor and enhance deployment workflows in the deployments directory Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-01 23:54:15 -07:00			`# Symlink into nginx sites-enabled:`
chore(nginx): 🔧 Update routing and performance configs for companion.lilith.apricot.local and ai.quinn.apricot.local services Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-09 20:10:04 -07:00			`sudo ln -sf "$(pwd)/ai.quinn.apricot.local.conf" /etc/nginx/sites-enabled/ai.quinn.apricot.local.conf`

			`# Remove old config if present:`
			`sudo rm -f /etc/nginx/sites-enabled/companion.lilith.apricot.local.conf`
deploy(deployments): 🚀 Refactor and enhance deployment workflows in the deployments directory Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-01 23:54:15 -07:00
			`# Verify config and reload:`
			`sudo nginx -t && sudo systemctl reload nginx`
			```

chore(nginx): 🔧 Update routing and performance configs for companion.lilith.apricot.local and ai.quinn.apricot.local services Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-09 20:10:04 -07:00			`## Domain`
deploy(deployments): 🚀 Refactor and enhance deployment workflows in the deployments directory Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-01 23:54:15 -07:00
			`\| Domain \| Upstream \| Port \|`
			`\|--------\|----------\|------\|`
chore(nginx): 🔧 Update routing and performance configs for companion.lilith.apricot.local and ai.quinn.apricot.local services Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-09 20:10:04 -07:00			\| `ai.quinn.apricot.local` \| companion-api (NestJS) + companion-web (Vite) \| 3850 / 5850 \|

			Single domain mirrors production (`ai.transquinnftw.com`). API paths (`/voice/`, `/chat`, `/session`, `/health`, `/api/`) route to companion-api on :3850. Everything else routes to the Vite dev server on :5850.
deploy(deployments): 🚀 Refactor and enhance deployment workflows in the deployments directory Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-01 23:54:15 -07:00
			`## SSL Certificates`

chore(nginx): 🔧 Update routing and performance configs for companion.lilith.apricot.local and ai.quinn.apricot.local services Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-09 20:10:04 -07:00			Uses wildcard cert for `*.quinn.apricot.local`:
deploy(deployments): 🚀 Refactor and enhance deployment workflows in the deployments directory Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-01 23:54:15 -07:00
			```
chore(nginx): 🔧 Update routing and performance configs for companion.lilith.apricot.local and ai.quinn.apricot.local services Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-09 20:10:04 -07:00			`/etc/nginx/certs/local/_wildcard.quinn.apricot.local+1.pem`
			`/etc/nginx/certs/local/_wildcard.quinn.apricot.local+1-key.pem`
deploy(deployments): 🚀 Refactor and enhance deployment workflows in the deployments directory Co-Authored-By: Lilith Autocommit <noreply@atlilith.com> 2026-04-01 23:54:15 -07:00			```

			`## Voice WebSocket Notes`

			- `proxy_buffering off` is mandatory for the `/voice/` location
			`- PCM binary frames must not be buffered — any buffering causes audio glitches`
			- `proxy_read_timeout 3600s` supports 1-hour voice sessions
			- The `$connection_upgrade` map must be in the nginx `http` context (nginx.conf)