[e12e]

Not entirely clear why you need to rewrite if you're also doing vhost based "routing" (wildcard certificate).

But as the saying went with apache, if you have a routing problem, you can fix it with mod_rewrite - now you have two problems!

You might want to (re)read:

https://nginx.org/en/docs/http/request_processing.html

and skim:

https://nginx.org/en/docs/http/load_balancing.html

And (re)read:

https://nginx.org/en/docs/http/ngx_http_proxy_module.html#pr...

It seems dubious that you need any rewriting for your setup.

You might need a handful of server blocks (vhosts) with either proxy_pass or a few locations with proxy_pass?

[sireat]

Indeed I am wary of rewrite from apache days.

So using a subdomain should solve routing issues - api.myproject.myorg.org instead of myproject.myorg.org/api ?

Two issues - my wildcard cert is *.myorg.org so not 100% it would cover subdomains of subdomains.

Second issue - you'd need to set up DNS for subdomain of subdomain, would you not?

Sadly DNS setup would require opening an uncertain to complete support ticket in myorg...

[e12e]

> my wildcard cert is *.myorg.org so not 100% it would cover subdomains of subdomains.

it won't:

https://www.rfc-editor.org/rfc/rfc2818#section-3.1

> Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.

[e12e]

Ah, I assumed you already had subdomains set up. Path based routing should be fine, but you probably still don't need rewriting - just "mount" the appropriate proxies in appropriate location blocks (read over the examples in the documentation carefully).