daarion-admin/microdao-daarion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
94bb222c9cd58ad203bed4ae90637fd18c2e8220
microdao-daarion/infra/all-in-one-gateway/nginx/nginx.conf
Apple 3de3c8cb36 feat: Add presence heartbeat for Matrix online status 
- matrix-gateway: POST /internal/matrix/presence/online endpoint
- usePresenceHeartbeat hook with activity tracking
- Auto away after 5 min inactivity
- Offline on page close/visibility change
- Integrated in MatrixChatRoom component
2025-11-27 00:19:40 -08:00

237 lines
7.7 KiB
Nginx Configuration File
Raw Blame History

worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# Основні заголовки безпеки (мінімум)
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header Referrer-Policy strict-origin-when-cross-origin;
# HSTS для прод-сервера (коментуємо в локалі):
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
map $http_x_request_id $req_id {
default $http_x_request_id;
"" $request_id;
}
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$req_id"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
# ==========================================================================
# UPSTREAMS
# ==========================================================================
upstream microdao_api {
server microdao-api:8000;
}
upstream microdao_ws {
server microdao-ws:8001;
}
upstream matrix_hs {
server matrix-homeserver:8008;
}
upstream grafana_srv {
server grafana:3000;
}
upstream prometheus_srv {
server prometheus:9090;
}
upstream rag_srv {
server rag-service:8081;
}
upstream notify_srv {
server notification-service:8082;
}
# ==========================================================================
# MAIN SERVER
# ==========================================================================
server {
listen 80;
server_name _;
# Client settings
client_max_body_size 100M;
client_body_buffer_size 128k;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# ======================================================================
# HEALTHCHECK
# ======================================================================
location = /healthz {
access_log off;
return 200 'OK';
add_header Content-Type text/plain;
}
# ======================================================================
# MICRODAO API
# ======================================================================
location /api/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Id $req_id;
proxy_pass http://microdao_api/;
}
# ======================================================================
# MICRODAO WEBSOCKET
# ======================================================================
location /ws/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Id $req_id;
# WebSocket upgrade
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Extended timeout for WebSocket
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
proxy_pass http://microdao_ws/;
}
# ======================================================================
# MATRIX
# ======================================================================
location /matrix/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Id $req_id;
# Remove /matrix/ prefix for Matrix API
rewrite ^/matrix/(.*) /$1 break;
proxy_pass http://matrix_hs;
}
# Matrix client API (without rewrite)
location /_matrix {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Id $req_id;
proxy_pass http://matrix_hs;
}
# ======================================================================
# GRAFANA
# ======================================================================
location /grafana/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Id $req_id;
proxy_pass http://grafana_srv/;
}
# Grafana WebSocket (Live)
location /grafana/api/live/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://grafana_srv/api/live/;
}
# ======================================================================
# PROMETHEUS
# ======================================================================
location /prometheus/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Id $req_id;
proxy_pass http://prometheus_srv/;
}
# ======================================================================
# RAG SERVICE
# ======================================================================
location /rag/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Id $req_id;
proxy_pass http://rag_srv/;
}
# ======================================================================
# NOTIFICATION SERVICE
# ======================================================================
location /notify/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Id $req_id;
proxy_pass http://notify_srv/;
}
# ======================================================================
# ERROR PAGES
# ======================================================================
error_page 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
Reference in New Issue View Git Blame Copy Permalink