## Hash tuning for many/long server names. Can be overridden via env vars. ## Defaults are provided by envsubst-on-templates.sh if not set. server_names_hash_bucket_size ${SERVER_NAMES_HASH_BUCKET_SIZE}; server_names_hash_max_size ${SERVER_NAMES_HASH_MAX_SIZE}; # Status Pages server { server_tokens off; gzip on; gzip_types text/plain application/xml application/javascript text/javascript text/css application/json; gzip_proxied no-cache no-store private expired auth; gzip_min_length 1000; listen ${NGINX_LISTEN_ADDRESS}7849 default_server ${NGINX_LISTEN_OPTIONS}; server_name _; # All domains. proxy_busy_buffers_size 512k; proxy_buffers 4 512k; proxy_buffer_size 256k; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; set $billing_enabled ${BILLING_ENABLED}; location / { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; if ($billing_enabled = true) { return 301 https://$host$request_uri; } if ($billing_enabled != true) { proxy_pass $backend_app; } } location /status-page { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; if ($billing_enabled = true) { return 301 https://$host$request_uri; } if ($billing_enabled != true) { proxy_pass $backend_app; } } location /status-page-api/ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/status-page-api/(.*)$ /api/status-page/$1 break; proxy_pass $backend_app; } location /status-page-sso-api/ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/status-page-sso-api/(.*)$ /api/identity/status-page-sso/$1 break; proxy_pass $backend_app; } location /status-page-identity-api/ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/status-page-identity-api/(.*)$ /api/identity/status-page/$1 break; proxy_pass $backend_app; } location /public-dashboard-api/ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/public-dashboard-api/(.*)$ /api/dashboard/$1 break; proxy_pass $backend_app; } location /public-dashboard { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } # Acme Verification. location /.well-known { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/\.well-known(.*)$ /api/status-page/.well-known$1 break; proxy_pass $backend_app; } } # server { server_tokens off; gzip on; gzip_types text/plain application/xml application/javascript text/javascript text/css application/json; gzip_proxied no-cache no-store private expired auth; gzip_min_length 1000; listen ${NGINX_LISTEN_ADDRESS}7850 ssl default_server ${NGINX_LISTEN_OPTIONS}; # Port HTTPS ssl_certificate /etc/nginx/certs/StatusPageCerts/$ssl_server_name.crt; ssl_certificate_key /etc/nginx/certs/StatusPageCerts/$ssl_server_name.key; server_name _; # All domains. proxy_busy_buffers_size 512k; proxy_buffers 4 512k; proxy_buffer_size 256k; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; location / { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } location /status-page-api/ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/status-page-api/(.*)$ /api/status-page/$1 break; proxy_pass $backend_app; } location /status-page-sso-api/ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/status-page-sso-api/(.*)$ /api/identity/status-page-sso/$1 break; proxy_pass $backend_app; } location /status-page-identity-api/ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/status-page-identity-api/(.*)$ /api/identity/status-page/$1 break; proxy_pass $backend_app; } location /public-dashboard-api/ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/public-dashboard-api/(.*)$ /api/dashboard/$1 break; proxy_pass $backend_app; } location /status-page { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } location /public-dashboard { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } } server { server_tokens off; gzip on; gzip_types text/plain application/xml application/javascript text/javascript text/css application/json; gzip_proxied no-cache no-store private expired auth; gzip_min_length 1000; listen ${NGINX_LISTEN_ADDRESS}7849 ${NGINX_LISTEN_OPTIONS}; ${PROVISION_SSL_LISTEN_DIRECTIVE} ${PROVISION_SSL_CERTIFICATE_DIRECTIVE} ${PROVISION_SSL_CERTIFICATE_KEY_DIRECTIVE} http2 on; server_name localhost ingress ${HOST}; #All domains proxy_busy_buffers_size 512k; proxy_buffers 4 512k; proxy_buffer_size 256k; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; set $billing_enabled ${BILLING_ENABLED}; location / { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; set $backend_home http://${SERVER_HOME_HOSTNAME}:${HOME_PORT}; proxy_set_header Host $server_name; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # If billing_enabled is true then proxy to home otherwise to dashboard because we dont need marketing pages for on-prem install. if ($billing_enabled = true) { proxy_pass $backend_home; } if ($billing_enabled != true) { proxy_pass $backend_app; } } # ACME Challenge for primary domain. location /.well-known/acme-challenge { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/\.well-known/acme-challenge(.*)$ /api/acme-challenge/.well-known$1 break; proxy_pass $backend_app; } location /.well-known/assetlinks.json { resolver ${NGINX_RESOLVER} valid=30s; set $backend_home http://${SERVER_HOME_HOSTNAME}:${HOME_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_home; } # PWA manifest and service worker with proper headers for home location ~* ^/(manifest\.json|service-worker\.js)$ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; set $backend_home http://${SERVER_HOME_HOSTNAME}:${HOME_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Cache manifest for 1 hour, service worker for no cache if ($uri ~* "service-worker\.js$") { add_header Cache-Control "no-cache, no-store, must-revalidate" always; add_header Pragma "no-cache" always; add_header Expires "0" always; } if ($uri ~* "manifest\.json$") { add_header Cache-Control "public, max-age=3600" always; } # Serve from home if billing enabled, dashboard otherwise if ($billing_enabled = true) { proxy_pass $backend_home; } if ($billing_enabled != true) { proxy_pass $backend_app; } } location /status-page-api/ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/status-page-api/(.*)$ /api/status-page/$1 break; proxy_pass $backend_app; } location /status-page-sso-api/ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/status-page-sso-api/(.*)$ /api/identity/status-page-sso/$1 break; proxy_pass $backend_app; } location /status-page-identity-api/ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/status-page-identity-api/(.*)$ /api/identity/status-page/$1 break; proxy_pass $backend_app; } location /public-dashboard-api/ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/public-dashboard-api/(.*)$ /api/dashboard/$1 break; proxy_pass $backend_app; } location /accounts { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } location /telemetry { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass $backend_app; } location /incoming-request-ingest { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass $backend_app; } location /otlp { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } # Pyroscope profiling ingestion endpoint location /pyroscope { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass $backend_app; } location ~ /opentelemetry.proto.collector* { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app_grpc grpc://${SERVER_APP_HOSTNAME}:4317; grpc_pass $backend_app_grpc; } location /notification { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Use upstream X-Forwarded-Proto if available (for webhook signature validation behind proxies like ngrok) # Falls back to $scheme if not set set $forwarded_proto $http_x_forwarded_proto; if ($forwarded_proto = '') { set $forwarded_proto $scheme; } proxy_set_header X-Forwarded-Proto $forwarded_proto; proxy_set_header X-Forwarded-Host $host; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/notification(.*)$ /api/notification$1 break; proxy_pass $backend_app; } location /fluentd/logs { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/fluentd/logs(.*)$ /fluentd/v1/logs$1 break; proxy_pass $backend_app; } location /syslog/v1/logs { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } location /probe-ingest { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; client_max_body_size 50M; } # For backward compatibility with probes that are already deployed location /ingestor { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; client_max_body_size 50M; } location /server-monitor { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; client_max_body_size 50M; } location /dashboard { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # PWA Headers for proper caching add_header Cache-Control "public, max-age=31536000" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "DENY" always; add_header X-XSS-Protection "1; mode=block" always; proxy_pass $backend_app; } # PWA manifest and service worker with proper headers location ~* ^/dashboard/(manifest\.json|sw\.js|browserconfig\.xml)$ { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Cache manifest for 1 hour, service worker for no cache if ($uri ~* "sw\.js$") { add_header Cache-Control "no-cache, no-store, must-revalidate" always; add_header Pragma "no-cache" always; add_header Expires "0" always; } if ($uri ~* "manifest\.json$") { add_header Cache-Control "public, max-age=3600" always; } if ($uri ~* "browserconfig\.xml$") { add_header Cache-Control "public, max-age=86400" always; } proxy_pass $backend_app; } location /admin { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } location /worker { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } location /status-page { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } location /public-dashboard { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } location /identity { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/identity(.*)$ /api/identity$1 break; proxy_pass $backend_app; } location /reference { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } location /docs { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; } location /file { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/file(.*)$ /api/file$1 break; proxy_pass $backend_app; client_max_body_size 50M; } location /api { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; client_max_body_size 50M; } location /realtime { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; client_max_body_size 50M; } location /analytics-api { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; client_max_body_size 50M; } location /heartbeat { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/heartbeat(.*)$ /incoming-request$1 break; proxy_pass $backend_app; client_max_body_size 50M; } location /incoming-email { # Incoming Email Monitor webhook endpoint resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; client_max_body_size 50M; } location /workflow { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass $backend_app; client_max_body_size 50M; } location /l/ { # Short URL for Link Shortener resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/l/(.*)$ /api/short-link/redirect-to-shortlink/$1 break; proxy_pass $backend_app; client_max_body_size 50M; } location /workers { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; rewrite ^/workers(.*)$ /api/workers$1 break; proxy_pass $backend_app; } location /mcp { resolver ${NGINX_RESOLVER} valid=30s; set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # enable WebSockets and SSE (for MCP Server-Sent Events) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # SSE specific settings for long-lived connections proxy_buffering off; proxy_cache off; proxy_read_timeout 86400s; proxy_send_timeout 86400s; chunked_transfer_encoding on; proxy_pass $backend_app; } }