-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathfixed_nginx_config.conf
More file actions
136 lines (112 loc) · 4.34 KB
/
fixed_nginx_config.conf
File metadata and controls
136 lines (112 loc) · 4.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# Define upstream servers for each service (using explicit IPv4 addresses)
upstream transcribe_api {
server 127.0.0.1:8000;
}
upstream relay_service {
server 127.0.0.1:9001;
}
upstream panel_service {
server 127.0.0.1:9002;
}
upstream wallet_service {
server 127.0.0.1:9003;
}
# WebSocket connection upgrade mapping
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Main server block listening on HTTP
server {
listen 80; # Nginx listens on port 80 locally
server_name _; # Accept all hostnames (localhost, ngrok, custom domains, etc.)
# Basic Security Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
server_tokens off;
# Increase buffer sizes for large files
client_max_body_size 100M;
# Forward client IP and protocol
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
# Health check endpoint - exact match first
location = /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
# Relay WebSocket service - handle both /relay and /relay/
location ~ ^/relay/?$ {
# Strip the /relay prefix (with or without trailing slash) when forwarding to the service
rewrite ^/relay/?$ / break;
proxy_pass http://relay_service;
# WebSocket-specific headers
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# Extended timeouts for WebSocket connections
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
proxy_connect_timeout 60s;
# Additional headers for tunnel compatibility
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
# Transcribe service
location /transcribe/ {
rewrite ^/transcribe/(.*)$ /$1 break;
proxy_pass http://transcribe_api;
}
# Wallet service
location /wallet/ {
rewrite ^/wallet/(.*)$ /$1 break;
proxy_pass http://wallet_service;
}
# Blossom file storage routes
location /blossom/ {
proxy_pass http://panel_service;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Disable buffering for file uploads/downloads
proxy_buffering off;
proxy_request_buffering off;
# Set appropriate headers
proxy_set_header Accept-Encoding "";
# Larger timeouts for file operations
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_connect_timeout 60s;
}
# Default location - Panel service (frontend + API) - MUST BE LAST
location / {
# Add CORS headers for the panel service
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization' always;
# Handle preflight OPTIONS requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization';
add_header 'Content-Length' 0;
return 204;
}
proxy_pass http://panel_service;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Handle WebSocket if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}