🎓 Initial commit: Math2 Platform - Plataforma de Álgebra Lineal PRO

✨ Características:
- 45 ejercicios universitarios (Basic → Advanced)
- Renderizado LaTeX profesional
- IA generativa (Z.ai/DashScope)
- Docker 9 servicios
- Tests 123/123 pasando
- Seguridad enterprise (JWT, XSS, Rate limiting)

🐳 Infraestructura:
- Next.js 14 + Node.js 20
- PostgreSQL 15 + Redis 7
- Docker Compose completo
- Nginx + SSL ready

📚 Documentación:
- 5 informes técnicos completos
- README profesional
- Scripts de deployment automatizados

Estado: Producción lista ✅

docker/nginx.conf

@@ -0,0 +1,241 @@
+# ==================================================
+# NGINX REVERSE PROXY CONFIGURATION
+# Math Platform - Load Balancer + Rate Limiting + Security
+# ==================================================
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+    use epoll;
+    multi_accept on;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Logging format
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for" '
+                    'rt=$request_time uct="$upstream_connect_time" '
+                    'uht="$upstream_header_time" urt="$upstream_response_time"';
+
+    access_log /var/log/nginx/access.log main;
+
+    # Performance optimizations
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+    client_max_body_size 20M;
+
+    # Gzip compression
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css text/xml text/javascript
+               application/json application/javascript application/xml+rss
+               application/rss+xml font/truetype font/opentype
+               application/vnd.ms-fontobject image/svg+xml;
+    gzip_disable "msie6";
+
+    # Rate limiting zones
+    limit_req_zone $binary_remote_addr zone=auth_limit:10m rate=5r/s;
+    limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
+    limit_req_zone $binary_remote_addr zone=general_limit:10m rate=20r/s;
+    limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
+
+    # Upstream servers
+    upstream frontend {
+        server frontend:3000;
+        keepalive 64;
+    }
+
+    upstream backend {
+        server backend:3001;
+        keepalive 64;
+    }
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+
+    # Main server block
+    server {
+        listen 80;
+        listen [::]:80;
+        server_name localhost;
+
+        # Client body size limit for file uploads
+        client_max_body_size 20M;
+
+        # Rate limiting
+        limit_conn conn_limit 10;
+
+        # Frontend routes
+        location / {
+            proxy_pass http://frontend;
+            proxy_http_version 1.1;
+
+            # Headers
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Timeouts
+            proxy_connect_timeout 60s;
+            proxy_send_timeout 60s;
+            proxy_read_timeout 60s;
+
+            # Caching
+            proxy_cache_bypass $http_upgrade;
+
+            # Hide sensitive upstream headers
+            proxy_hide_header X-Powered-By;
+            proxy_hide_header Server;
+            proxy_hide_header X-AspNet-Version;
+            proxy_hide_header X-AspNetMvc-Version;
+
+            # Rate limiting
+            limit_req zone=general_limit burst=30 nodelay;
+        }
+
+        # API routes - Auth endpoints (stricter rate limit)
+        location /api/auth {
+            proxy_pass http://backend;
+            proxy_http_version 1.1;
+
+            # Headers
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Timeouts
+            proxy_connect_timeout 30s;
+            proxy_send_timeout 30s;
+            proxy_read_timeout 30s;
+
+            # Stricter rate limiting for auth
+            limit_req zone=auth_limit burst=10 nodelay;
+            limit_req_status 429;
+        }
+
+        # API routes - General
+        location /api/ {
+            proxy_pass http://backend;
+            proxy_http_version 1.1;
+
+            # Headers
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Timeouts
+            proxy_connect_timeout 60s;
+            proxy_send_timeout 60s;
+            proxy_read_timeout 60s;
+
+            # Rate limiting
+            limit_req zone=api_limit burst=20 nodelay;
+            limit_req_status 429;
+        }
+
+        # Health check endpoint
+        location /health {
+            access_log off;
+            return 200 "healthy\n";
+            add_header Content-Type text/plain;
+        }
+
+        # Nginx status (for monitoring)
+        location /nginx_status {
+            stub_status on;
+            access_log off;
+            allow 127.0.0.1;
+            allow 172.16.0.0/12;
+            allow 10.0.0.0/8;
+            deny all;
+        }
+
+        # Error pages
+        error_page 429 /429.html;
+        error_page 500 502 503 504 /50x.html;
+
+        location = /429.html {
+            internal;
+            return 429 '{"error": "Too many requests. Please slow down."}';
+            add_header Content-Type application/json;
+        }
+
+        location = /50x.html {
+            internal;
+            return 500 '{"error": "Internal server error. Please try again later."}';
+            add_header Content-Type application/json;
+        }
+
+        # Static files caching
+        location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
+            proxy_pass http://frontend;
+            expires 1y;
+            add_header Cache-Control "public, immutable";
+        }
+
+        # WebSocket support for Next.js HMR (development only)
+        location /_next/webpack-hmr {
+            proxy_pass http://frontend;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+        }
+    }
+
+    # HTTPS server block (uncomment for production with SSL certificates)
+    # server {
+    #     listen 443 ssl http2;
+    #     listen [::]:443 ssl http2;
+    #     server_name localhost;
+    #
+    #     ssl_certificate /etc/nginx/ssl/cert.pem;
+    #     ssl_certificate_key /etc/nginx/ssl/key.pem;
+    #     ssl_protocols TLSv1.2 TLSv1.3;
+    #     ssl_ciphers HIGH:!aNULL:!MD5;
+    #     ssl_prefer_server_ciphers on;
+    #
+    #     # Same location blocks as above
+    #     # ...
+    # }
+}
+
+# ==================================================
+# CONFIGURATION NOTES
+# ==================================================
+#
+# Rate Limiting:
+# - /api/auth: 5 requests/second (stricter for security)
+# - /api/*: 10 requests/second (general API)
+# - /*: 20 requests/second (frontend pages)
+#
+# Connection Limits:
+# - Max 10 concurrent connections per IP
+#
+# Upstream Health:
+# - Frontend: frontend:3000
+# - Backend: backend:3001
+#
+# Monitoring:
+# - Health check: http://localhost/health
+# - Nginx status: http://localhost/nginx_status (local only)