mirror of
https://github.com/OneUptime/oneuptime.git
synced 2026-04-06 00:32:12 +02:00
1025 lines
35 KiB
Plaintext
1025 lines
35 KiB
Plaintext
## Hash tuning for many/long server names. Can be overridden via env vars.
|
|
## Defaults are provided by envsubst-on-templates.sh if not set.
|
|
server_names_hash_bucket_size ${SERVER_NAMES_HASH_BUCKET_SIZE};
|
|
server_names_hash_max_size ${SERVER_NAMES_HASH_MAX_SIZE};
|
|
|
|
|
|
# Status Pages
|
|
|
|
server {
|
|
|
|
server_tokens off;
|
|
|
|
|
|
gzip on;
|
|
gzip_types text/plain application/xml application/javascript text/javascript text/css application/json;
|
|
gzip_proxied no-cache no-store private expired auth;
|
|
gzip_min_length 1000;
|
|
|
|
listen ${NGINX_LISTEN_ADDRESS}7849 default_server ${NGINX_LISTEN_OPTIONS};
|
|
|
|
server_name _; # All domains.
|
|
|
|
proxy_busy_buffers_size 512k;
|
|
proxy_buffers 4 512k;
|
|
proxy_buffer_size 256k;
|
|
|
|
fastcgi_buffers 16 16k;
|
|
fastcgi_buffer_size 32k;
|
|
|
|
set $billing_enabled ${BILLING_ENABLED};
|
|
|
|
|
|
location / {
|
|
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
if ($billing_enabled = true) {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
if ($billing_enabled != true) {
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
}
|
|
|
|
location /status-page {
|
|
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
if ($billing_enabled = true) {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
if ($billing_enabled != true) {
|
|
proxy_pass $backend_app;
|
|
}
|
|
}
|
|
|
|
location /status-page-api/ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/status-page-api/(.*)$ /api/status-page/$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /status-page-sso-api/ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/status-page-sso-api/(.*)$ /api/identity/status-page-sso/$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /status-page-identity-api/ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/status-page-identity-api/(.*)$ /api/identity/status-page/$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /public-dashboard-api/ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/public-dashboard-api/(.*)$ /api/dashboard/$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /public-dashboard {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
# Acme Verification.
|
|
location /.well-known {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/\.well-known(.*)$ /api/status-page/.well-known$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
}
|
|
|
|
#
|
|
|
|
server {
|
|
|
|
server_tokens off;
|
|
|
|
|
|
gzip on;
|
|
gzip_types text/plain application/xml application/javascript text/javascript text/css application/json;
|
|
gzip_proxied no-cache no-store private expired auth;
|
|
gzip_min_length 1000;
|
|
|
|
listen ${NGINX_LISTEN_ADDRESS}7850 ssl default_server ${NGINX_LISTEN_OPTIONS}; # Port HTTPS
|
|
|
|
|
|
ssl_certificate /etc/nginx/certs/StatusPageCerts/$ssl_server_name.crt;
|
|
ssl_certificate_key /etc/nginx/certs/StatusPageCerts/$ssl_server_name.key;
|
|
|
|
server_name _; # All domains.
|
|
|
|
proxy_busy_buffers_size 512k;
|
|
proxy_buffers 4 512k;
|
|
proxy_buffer_size 256k;
|
|
|
|
fastcgi_buffers 16 16k;
|
|
fastcgi_buffer_size 32k;
|
|
|
|
location / {
|
|
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_pass $backend_app;
|
|
|
|
|
|
}
|
|
|
|
location /status-page-api/ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/status-page-api/(.*)$ /api/status-page/$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /status-page-sso-api/ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/status-page-sso-api/(.*)$ /api/identity/status-page-sso/$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /status-page-identity-api/ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/status-page-identity-api/(.*)$ /api/identity/status-page/$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /public-dashboard-api/ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/public-dashboard-api/(.*)$ /api/dashboard/$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /status-page {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /public-dashboard {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
}
|
|
|
|
server {
|
|
|
|
server_tokens off;
|
|
|
|
|
|
gzip on;
|
|
gzip_types text/plain application/xml application/javascript text/javascript text/css application/json;
|
|
gzip_proxied no-cache no-store private expired auth;
|
|
gzip_min_length 1000;
|
|
|
|
listen ${NGINX_LISTEN_ADDRESS}7849 ${NGINX_LISTEN_OPTIONS};
|
|
${PROVISION_SSL_LISTEN_DIRECTIVE}
|
|
${PROVISION_SSL_CERTIFICATE_DIRECTIVE}
|
|
${PROVISION_SSL_CERTIFICATE_KEY_DIRECTIVE}
|
|
http2 on;
|
|
|
|
server_name localhost ingress ${HOST}; #All domains
|
|
|
|
proxy_busy_buffers_size 512k;
|
|
proxy_buffers 4 512k;
|
|
proxy_buffer_size 256k;
|
|
|
|
fastcgi_buffers 16 16k;
|
|
fastcgi_buffer_size 32k;
|
|
|
|
set $billing_enabled ${BILLING_ENABLED};
|
|
|
|
location / {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
set $backend_home http://${SERVER_HOME_HOSTNAME}:${HOME_PORT};
|
|
proxy_set_header Host $server_name;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
# If billing_enabled is true then proxy to home otherwise to dashboard because we dont need marketing pages for on-prem install.
|
|
if ($billing_enabled = true) {
|
|
proxy_pass $backend_home;
|
|
}
|
|
|
|
if ($billing_enabled != true) {
|
|
proxy_pass $backend_app;
|
|
}
|
|
}
|
|
|
|
# ACME Challenge for primary domain.
|
|
location /.well-known/acme-challenge {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/\.well-known/acme-challenge(.*)$ /api/acme-challenge/.well-known$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /.well-known/assetlinks.json {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_home http://${SERVER_HOME_HOSTNAME}:${HOME_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_pass $backend_home;
|
|
}
|
|
|
|
# PWA manifest and service worker with proper headers for home
|
|
location ~* ^/(manifest\.json|service-worker\.js)$ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
set $backend_home http://${SERVER_HOME_HOSTNAME}:${HOME_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# Cache manifest for 1 hour, service worker for no cache
|
|
if ($uri ~* "service-worker\.js$") {
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
|
|
add_header Pragma "no-cache" always;
|
|
add_header Expires "0" always;
|
|
}
|
|
|
|
if ($uri ~* "manifest\.json$") {
|
|
add_header Cache-Control "public, max-age=3600" always;
|
|
}
|
|
|
|
# Serve from home if billing enabled, dashboard otherwise
|
|
if ($billing_enabled = true) {
|
|
proxy_pass $backend_home;
|
|
}
|
|
|
|
if ($billing_enabled != true) {
|
|
proxy_pass $backend_app;
|
|
}
|
|
}
|
|
|
|
|
|
location /status-page-api/ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/status-page-api/(.*)$ /api/status-page/$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /status-page-sso-api/ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/status-page-sso-api/(.*)$ /api/identity/status-page-sso/$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /status-page-identity-api/ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/status-page-identity-api/(.*)$ /api/identity/status-page/$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /public-dashboard-api/ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/public-dashboard-api/(.*)$ /api/dashboard/$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
|
|
location /accounts {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
|
|
location /telemetry {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /incoming-request-ingest {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
|
|
location /otlp {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
# Pyroscope profiling ingestion endpoint
|
|
location /pyroscope {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location ~ /opentelemetry.proto.collector* {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app_grpc grpc://${SERVER_APP_HOSTNAME}:4317;
|
|
grpc_pass $backend_app_grpc;
|
|
}
|
|
|
|
location /notification {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# Use upstream X-Forwarded-Proto if available (for webhook signature validation behind proxies like ngrok)
|
|
# Falls back to $scheme if not set
|
|
set $forwarded_proto $http_x_forwarded_proto;
|
|
if ($forwarded_proto = '') {
|
|
set $forwarded_proto $scheme;
|
|
}
|
|
proxy_set_header X-Forwarded-Proto $forwarded_proto;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
rewrite ^/notification(.*)$ /api/notification$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /fluentd/logs {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
rewrite ^/fluentd/logs(.*)$ /fluentd/v1/logs$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /syslog/v1/logs {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /probe-ingest {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
# For backward compatibility with probes that are already deployed
|
|
location /ingestor {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
location /server-monitor {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
location /dashboard {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
# PWA Headers for proper caching
|
|
add_header Cache-Control "public, max-age=31536000" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Frame-Options "DENY" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
# PWA manifest and service worker with proper headers
|
|
location ~* ^/dashboard/(manifest\.json|sw\.js|browserconfig\.xml)$ {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# Cache manifest for 1 hour, service worker for no cache
|
|
if ($uri ~* "sw\.js$") {
|
|
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
|
|
add_header Pragma "no-cache" always;
|
|
add_header Expires "0" always;
|
|
}
|
|
|
|
if ($uri ~* "manifest\.json$") {
|
|
add_header Cache-Control "public, max-age=3600" always;
|
|
}
|
|
|
|
if ($uri ~* "browserconfig\.xml$") {
|
|
add_header Cache-Control "public, max-age=86400" always;
|
|
}
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
|
|
location /admin {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /worker {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /status-page {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /public-dashboard {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /identity {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
rewrite ^/identity(.*)$ /api/identity$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /reference {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /docs {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /file {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
rewrite ^/file(.*)$ /api/file$1 break;
|
|
proxy_pass $backend_app;
|
|
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
location /api {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
location /realtime {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
location /analytics-api {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
|
|
location /heartbeat {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
rewrite ^/heartbeat(.*)$ /incoming-request$1 break;
|
|
proxy_pass $backend_app;
|
|
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
location /incoming-email {
|
|
# Incoming Email Monitor webhook endpoint
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
|
|
location /workflow {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass $backend_app;
|
|
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
location /l/ { # Short URL for Link Shortener
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
rewrite ^/l/(.*)$ /api/short-link/redirect-to-shortlink/$1 break;
|
|
proxy_pass $backend_app;
|
|
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
location /workers {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
rewrite ^/workers(.*)$ /api/workers$1 break;
|
|
proxy_pass $backend_app;
|
|
}
|
|
|
|
location /mcp {
|
|
resolver ${NGINX_RESOLVER} valid=30s;
|
|
set $backend_app http://${SERVER_APP_HOSTNAME}:${APP_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# enable WebSockets and SSE (for MCP Server-Sent Events)
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
# SSE specific settings for long-lived connections
|
|
proxy_buffering off;
|
|
proxy_cache off;
|
|
proxy_read_timeout 86400s;
|
|
proxy_send_timeout 86400s;
|
|
chunked_transfer_encoding on;
|
|
|
|
proxy_pass $backend_app;
|
|
}
|
|
}
|