Fix nginx configuration for panel routing

Critical fixes based on backend dev feedback:
1. Add trailing slash to proxy_pass to strip /panel/ prefix properly
2. Add required proxy headers for proper request forwarding

Before: /panel/login → http://127.0.0.1:9002/panel/login (broken)
After:  /panel/login → http://127.0.0.1:9002/login (correct)

This fixes panel accessibility at https://domain.com/panel/

Author: Maphikza

README.md

@@ -288,7 +288,11 @@ server {
     }
     
     location /panel/ {
-        proxy_pass http://127.0.0.1:9002;
+        proxy_pass http://127.0.0.1:9002/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
     }
 
     # Default location - Relay service with WebSocket support

fixed_nginx_config.conf

@@ -0,0 +1,92 @@
+# Define upstream servers for each service (using explicit IPv4 addresses)
+upstream transcribe_api {
+    server 127.0.0.1:8000;
+}
+
+upstream relay_service {
+    server 127.0.0.1:9001;
+}
+
+upstream panel_service {
+    server 127.0.0.1:9002;
+}
+
+upstream wallet_service {
+    server 127.0.0.1:9003;
+}
+
+# WebSocket connection upgrade mapping
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
+# Main server block listening on HTTP
+server {
+    listen 80; # Nginx listens on port 80 locally
+    server_name localhost *.serveo.net _; # Dynamic - works with any serveo URL and localhost
+
+    # Basic Security Headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-XSS-Protection "1; mode=block";
+    server_tokens off;
+
+    # Forward client IP and protocol
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $host;
+
+    location /transcribe/ {
+        rewrite ^/transcribe/(.*)$ /$1 break;
+        proxy_pass http://transcribe_api;
+    }
+
+    # Panel access - Admin dashboard (FIXED: proper trailing slash and headers)
+    location /panel {
+        return 301 /panel/;
+    }
+    
+    location /panel/ {
+        proxy_pass http://panel_service/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /wallet/ {
+        rewrite ^/wallet/(.*)$ /$1 break;
+        proxy_pass http://wallet_service;
+    }
+
+    # Health check endpoint
+    location /health {
+        access_log off;
+        return 200 "healthy\n";
+        add_header Content-Type text/plain;
+    }
+
+    # Default location - Relay service with WebSocket support
+    location / {
+        proxy_pass http://relay_service;
+        
+        # WebSocket-specific headers
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+        
+        # Extended timeouts for WebSocket connections
+        proxy_read_timeout 86400s;
+        proxy_send_timeout 86400s;
+        proxy_connect_timeout 60s;
+        
+        # Additional headers for tunnel compatibility
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+}