refactor: phase 2 production requirements

docs/reverse-proxy-nginx.md

@@ -0,0 +1,47 @@
+# nginx example
+
+If you still want old URLs like `mkiso.php`, nginx can forward them to the Go service.
+
+This keeps the client side stable while the backend moves to Go.
+
+## Basic idea
+The browser still calls the old path.
+nginx receives that request and passes it to the Go API.
+
+## Example
+
+```nginx
+server {
+    listen 80;
+    server_name _;
+
+    location = /mkiso.php {
+        proxy_pass http://127.0.0.1:8080/api/iso/download$is_args$args;
+    }
+
+    location = /mkiso_multiple.php {
+        proxy_pass http://127.0.0.1:8080/api/iso/download-multiple$is_args$args;
+    }
+
+    location = /send_rimage_multiple.php {
+        proxy_pass http://127.0.0.1:8080/api/iso/print$is_args$args;
+    }
+
+    location /api/ {
+        proxy_pass http://127.0.0.1:8080;
+    }
+}
+```
+
+## If API key auth is enabled later
+If the Go service is protected with `X-API-Key`, nginx can inject that header before proxying.
+That keeps the browser code unchanged.
+
+```nginx
+location = /mkiso.php {
+    proxy_set_header X-API-Key "REDACTED";
+    proxy_pass http://127.0.0.1:8080/api/iso/download$is_args$args;
+}
+```
+
+Do not commit real keys into nginx config stored in git.