update configuration docker setup for data platform

This commit is contained in:
jigoong
2026-05-07 17:57:42 +07:00
parent ce949dcc8f
commit 1dba772e62
53 changed files with 6732 additions and 24 deletions

View File

@@ -1,51 +1,76 @@
x-common-configs: &common-config
extra_hosts:
- "dev.sriphat.com:192.168.100.9"
pull_policy: ${DOCKER_PULL_POLICY:-missing}
services:
# nginx-proxy:
# image: jc21/nginx-proxy-manager:latest
# container_name: nginx-proxy-manager
# ports:
# - "8020:80"
# - "8043:443"
# - "8021:81"
# volumes:
# - ./data:/data
# - ./letsencrypt:/etc/letsencrypt
# environment:
# - TZ=${TZ:-Asia/Bangkok}
# env_file:
# - ../.env
# networks:
# - shared_data_network
# restart: unless-stopped
nginx-proxy:
image: jc21/nginx-proxy-manager:latest
image: nginx:latest
container_name: nginx-proxy-manager
ports:
- "8020:80"
- "8043:443"
- "8021:81"
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
environment:
- TZ=${TZ:-Asia/Bangkok}
env_file:
- ../.env.global
volumes:
- ./nginx-configs/default-all.conf:/etc/nginx/conf.d/default.conf:ro
networks:
- shared_data_network
restart: unless-stopped
<<: *common-config
keycloak:
image: quay.io/keycloak/keycloak:23.0
container_name: keycloak
command: start-dev
#command: start-dev
command: start-dev --http-relative-path /keycloak
env_file:
- ../.env.global
- ../.env
environment:
KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN}
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/${KEYCLOAK_DB_NAME}
KC_DB_URL: jdbc:postgresql://postgres:${DB_PORT:-5432}/${KEYCLOAK_DB_NAME}
KC_DB_USERNAME: ${DB_USER}
KC_DB_PASSWORD: ${DB_PASSWORD}
KC_HOSTNAME_STRICT: "false"
KC_HTTP_ENABLED: "true"
KC_PROXY: edge
# passthrough
KC_HTTP_RELATIVE_PATH: "/keycloak"
KC_HOSTNAME_PATH: "/keycloak"
KC_HOSTNAME_STRICT_HTTPS: "true"
ports:
- "8080:8080"
- "8085:8080"
networks:
- shared_data_network
restart: unless-stopped
depends_on:
- postgres
<<: *common-config
postgres:
image: postgres:15-alpine
container_name: postgres
env_file:
- ../.env.global
- ../.env
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USER}
@@ -58,13 +83,57 @@ services:
- shared_data_network
restart: unless-stopped
ports:
- "0.0.0.0:5435:5432"
- "0.0.0.0:${DB_PORT_EXPOSE:-5435}:5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${DB_USER}"]
interval: 10s
timeout: 5s
retries: 5
redis:
# Redis is limited to 7.2-bookworm due to licencing change
# https://redis.io/blog/redis-adopts-dual-source-available-licensing/
image: redis:7.2-bookworm
expose:
- 6379
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 30s
retries: 50
start_period: 30s
restart: always
networks:
- shared_data_network
dozzle:
image: amir20/dozzle:latest
container_name: dozzle
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/dozzle:/data
ports:
- "${DOZZLE_PORT:-9999}:8080"
environment:
DOZZLE_LEVEL: ${DOZZLE_LEVEL:-info}
DOZZLE_BASE: ${DOZZLE_BASE:-/dozzle}
DOZZLE_HOSTNAME: ${DOZZLE_HOSTNAME:-Sriphat Main Server}
DOZZLE_NO_ANALYTICS: "true"
DOZZLE_ENABLE_ACTIONS: "true"
DOZZLE_AUTH_PROVIDER: ${DOZZLE_AUTH_PROVIDER:-none}
DOZZLE_REMOTE_AGENT: ${DOZZLE_REMOTE_AGENT:-}
TZ: ${TZ:-Asia/Bangkok}
networks:
- shared_data_network
restart: ${DOZZLE_RESTART_POLICY:-unless-stopped}
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/dozzle/healthcheck"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
<<: *common-config
networks:
shared_data_network:
external: true

View File

@@ -0,0 +1,5 @@
-- Create Keycloak database
CREATE DATABASE keycloak;
-- Grant privileges to postgres user
GRANT ALL PRIVILEGES ON DATABASE keycloak TO postgres;

View File

@@ -0,0 +1,8 @@
-- Create databases for Airbyte OSS
-- These databases will be used by the Airbyte deployment in 04-ingestion
-- Main Airbyte database
CREATE DATABASE airflow_db;
-- Grant permissions to postgres user
GRANT ALL PRIVILEGES ON DATABASE airflow_db TO postgres;

View File

@@ -0,0 +1,149 @@
# Nginx Proxy Manager - Site Configurations
Nginx site configurations สำหรับ handle subpath routing ของทุก service ใน Sriphat Data Platform
## 📋 Services และ Subpaths
| Service | Subpath | Backend | Port |
|---------|---------|---------|------|
| API Service | `/apiservice` | apiservice:8000 | 8040 |
| Supabase Studio | `/supabase` | sdp-studio:3000 | - |
| Supabase Kong API | `/supabase-api` | sdp-kong:8000 | - |
| Keycloak | `/keycloak` | keycloak:8080 | 8085 |
| Superset | `/superset` | superset:8088 | 8088 |
| Airflow | `/airflow` | airflow-webserver:8080 | - |
| DBT Docs | `/dbt` | dbt-docs:8080 | - |
| Dozzle | `/dozzle` | dozzle:8080 | 9999 |
## 🚀 การใช้งาน
### วิธีที่ 1: ใช้ Nginx Proxy Manager UI (แนะนำ)
1. เข้า Nginx Proxy Manager: `http://your-server:8021`
2. Login (default: admin@example.com / changeme)
3. ไปที่ **Proxy Hosts****Add Proxy Host**
4. กรอกข้อมูล:
- **Domain Names**: `ai.sriphat.com` (หรือ domain ของคุณ)
- **Scheme**: `http`
- **Forward Hostname/IP**: ดูจากตารางด้านบน
- **Forward Port**: ดูจากตารางด้านบน
5. ไปที่ tab **Advanced**
6. Copy config จากไฟล์ที่เกี่ยวข้อง (เช่น `apiservice.conf`) ไปวางใน **Custom Nginx Configuration**
7. กด **Save**
### วิธีที่ 2: Import Config Files โดยตรง
**⚠️ วิธีนี้ต้องการ access ไปยัง Nginx Proxy Manager data directory**
```bash
# 1. Copy config files ไปยัง Nginx Proxy Manager
cd /path/to/01-infra
docker cp nginx-configs/. nginx-proxy-manager:/data/nginx/custom/
# 2. Restart Nginx Proxy Manager
docker restart nginx-proxy-manager
# 3. ตรวจสอบ logs
docker logs nginx-proxy-manager -f
```
## 📝 Config Files
### `apiservice.conf`
FastAPI service with Keycloak authentication
- Handles `/apiservice/*` paths
- Preserves session cookies
- WebSocket support
### `supabase-studio.conf`
Supabase Studio UI
- Handles `/supabase/*` paths
- Rewrites paths for Studio
### `supabase-kong.conf`
Supabase REST API (Kong Gateway)
- Handles `/supabase-api/*` paths
- API key authentication
### `keycloak.conf`
Keycloak SSO
- Handles `/keycloak/*` paths
- Preserves authentication headers
### `superset.conf`
Apache Superset BI
- Handles `/superset/*` paths
- Session management
### `airflow.conf`
Apache Airflow (if deployed)
- Handles `/airflow/*` paths
- WebServer UI
### `dbt.conf`
DBT Documentation (if deployed)
- Handles `/dbt/*` paths
- Static documentation
## 🔧 การปรับแต่ง
### เปลี่ยน Domain
แก้ไข `server_name` ในแต่ละ config file:
```nginx
server_name ai.sriphat.com; # เปลี่ยนเป็น domain ของคุณ
```
### เปลี่ยน Backend Host/Port
แก้ไข `proxy_pass` directive:
```nginx
proxy_pass http://apiservice:8000; # เปลี่ยนตาม service ของคุณ
```
### เพิ่ม SSL/HTTPS
ใช้ Nginx Proxy Manager UI:
1. ไปที่ Proxy Host ที่ต้องการ
2. ไปที่ tab **SSL**
3. เลือก **Request a new SSL Certificate**
4. เลือก **Force SSL**
## 🐛 Troubleshooting
### 502 Bad Gateway
- ตรวจสอบว่า backend service ทำงานอยู่: `docker ps`
- ตรวจสอบ network: `docker network inspect shared_data_network`
- ดู logs: `docker logs <service-name>`
### 404 Not Found
- ตรวจสอบ path rewriting ใน config
- ดู nginx logs: `docker logs nginx-proxy-manager`
### Session/Cookie Issues
- ตรวจสอบ `proxy_cookie_path` directive
- ตรวจสอบ `X-Forwarded-*` headers
### WebSocket Connection Failed
- ตรวจสอบว่ามี WebSocket headers:
```nginx
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
```
## 📚 เอกสารเพิ่มเติม
- [Nginx Proxy Manager Documentation](https://nginxproxymanager.com/guide/)
- [Nginx Reverse Proxy Guide](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/)
- [Nginx Subpath Configuration](https://www.nginx.com/blog/creating-nginx-rewrite-rules/)
## 🔐 Security Notes
1. **ใช้ HTTPS ใน Production** - Request SSL certificate ผ่าน Nginx Proxy Manager
2. **ตั้งค่า Access Lists** - จำกัดการเข้าถึงบาง services (เช่น Keycloak Admin)
3. **Enable Rate Limiting** - ป้องกัน DDoS attacks
4. **Update Regularly** - อัพเดท Nginx Proxy Manager เป็นประจำ
## 📞 Support
หากมีปัญหาหรือข้อสงสัย:
1. ตรวจสอบ logs: `docker logs nginx-proxy-manager -f`
2. ดู Nginx Proxy Manager UI → **Logs**
3. ตรวจสอบ backend service logs

View File

@@ -0,0 +1,67 @@
# Apache Airflow - Workflow Orchestration
# Subpath: /airflow
# Backend: airflow-webserver:8080
location /airflow {
# Remove /airflow prefix before forwarding
rewrite ^/airflow(/.*)$ $1 break;
# Forward to Airflow Webserver
proxy_pass http://airflow-webserver:8080;
# Preserve headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# Important for Airflow subpath
proxy_set_header X-Script-Name /airflow;
# Session cookie handling
proxy_cookie_path / /airflow/;
# WebSocket support for real-time logs
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts (DAG runs can take time)
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# Buffer settings
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
# API endpoints
location /airflow/api {
rewrite ^/airflow(/.*)$ $1 break;
proxy_pass http://airflow-webserver:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Script-Name /airflow;
proxy_cookie_path / /airflow/;
}
# Static files
location /airflow/static {
rewrite ^/airflow(/.*)$ $1 break;
proxy_pass http://airflow-webserver:8080;
proxy_set_header Host $host;
proxy_cache_valid 200 1d;
add_header Cache-Control "public, immutable";
}
# Health check
location /airflow/health {
rewrite ^/airflow(/.*)$ $1 break;
proxy_pass http://airflow-webserver:8080;
proxy_set_header Host $host;
}

View File

@@ -0,0 +1,58 @@
# API Service - FastAPI with Keycloak Authentication
# Subpath: /apiservice
# Backend: apiservice:8000
location /apiservice {
# Remove /apiservice prefix before forwarding to backend
rewrite ^/apiservice(/.*)$ $1 break;
# Forward to FastAPI backend
proxy_pass http://apiservice:8000;
# Preserve original host and protocol
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Important: Tell FastAPI about the subpath
proxy_set_header X-Script-Name /apiservice;
# Session cookie handling
proxy_cookie_path / /apiservice/;
# WebSocket support (for future use)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Static files (if any)
location /apiservice/static {
rewrite ^/apiservice/static(/.*)$ /static$1 break;
proxy_pass http://apiservice:8000;
proxy_set_header Host $host;
}
# Admin panel
location /apiservice/admin {
rewrite ^/apiservice(/.*)$ $1 break;
proxy_pass http://apiservice:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Script-Name /apiservice;
proxy_cookie_path / /apiservice/;
}

View File

@@ -0,0 +1,144 @@
# Complete Nginx Configuration Example
# สำหรับ Nginx Proxy Manager - Custom Nginx Configuration
#
# วิธีใช้:
# 1. ไปที่ Nginx Proxy Manager UI (http://your-server:8021)
# 2. สร้าง Proxy Host ใหม่
# 3. กรอก Domain Names: ai.sriphat.com (หรือ domain ของคุณ)
# 4. กรอก Forward Hostname/IP: localhost (dummy, จะใช้ config ด้านล่าง)
# 5. กรอก Forward Port: 80 (dummy)
# 6. ไปที่ tab "Advanced"
# 7. Copy config ด้านล่างนี้ทั้งหมดไปวางใน "Custom Nginx Configuration"
# 8. กด Save
# ============================================================================
# API Service - FastAPI with Keycloak
# ============================================================================
location /apiservice {
rewrite ^/apiservice(/.*)$ $1 break;
proxy_pass http://apiservice:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Script-Name /apiservice;
proxy_cookie_path / /apiservice/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
}
# ============================================================================
# Supabase Studio - Database Management UI
# ============================================================================
location /supabase {
rewrite ^/supabase(/.*)$ $1 break;
proxy_pass http://sdp-studio:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
}
# ============================================================================
# Supabase Kong API - REST API Gateway
# ============================================================================
location /supabase-api {
rewrite ^/supabase-api(/.*)$ $1 break;
proxy_pass http://sdp-kong:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Authorization $http_authorization;
proxy_set_header apikey $http_apikey;
proxy_buffering off;
}
# ============================================================================
# Keycloak - Single Sign-On (SSO)
# ============================================================================
location /keycloak {
rewrite ^/keycloak(/.*)$ $1 break;
proxy_pass http://keycloak:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Prefix /keycloak;
proxy_cookie_path / /keycloak/;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
# ============================================================================
# Apache Superset - Business Intelligence
# ============================================================================
location /superset {
rewrite ^/superset(/.*)$ $1 break;
proxy_pass http://superset:8088;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Script-Name /superset;
proxy_cookie_path / /superset/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
# ============================================================================
# Apache Airflow - Workflow Orchestration (Optional)
# ============================================================================
location /airflow {
rewrite ^/airflow(/.*)$ $1 break;
proxy_pass http://airflow-webserver:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Script-Name /airflow;
proxy_cookie_path / /airflow/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# ============================================================================
# DBT Documentation (Optional)
# ============================================================================
location /dbt {
rewrite ^/dbt(/.*)$ $1 break;
proxy_pass http://dbt-docs:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# ============================================================================
# Dozzle - Docker Log Viewer & Monitoring
# ============================================================================
location /dozzle {
proxy_pass http://dozzle:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
proxy_read_timeout 300s;
}

View File

@@ -0,0 +1,44 @@
# DBT Documentation - Data Transformation Docs
# Subpath: /dbt
# Backend: dbt-docs:8080
location /dbt {
# Remove /dbt prefix before forwarding
rewrite ^/dbt(/.*)$ $1 break;
# Forward to DBT docs server
proxy_pass http://dbt-docs:8080;
# Preserve headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# Static documentation files
location /dbt/static {
rewrite ^/dbt(/.*)$ $1 break;
proxy_pass http://dbt-docs:8080;
proxy_set_header Host $host;
proxy_cache_valid 200 1d;
add_header Cache-Control "public, immutable";
}
# Catalog and manifest files
location /dbt/catalog.json {
rewrite ^/dbt(/.*)$ $1 break;
proxy_pass http://dbt-docs:8080;
proxy_set_header Host $host;
}
location /dbt/manifest.json {
rewrite ^/dbt(/.*)$ $1 break;
proxy_pass http://dbt-docs:8080;
proxy_set_header Host $host;
}

View File

@@ -0,0 +1,359 @@
server {
listen 80;
server_name dev.sriphat.com;
client_max_body_size 100M;
# redirect to ai web while wait for main protal web in the future
location = / {
return 301 /ai/;
}
location /keycloak/ {
#rewrite ^/keycloak/(.*)$ /$1 break;
proxy_pass http://keycloak:8080;
# Add WebSocket support (Necessary for version 0.5.0 and up)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# (Optional) Disable proxy buffering for better streaming response from models
proxy_buffering off;
# (Optional) Increase max request size for large attachments and long audio messages
#client_max_body_size 20M;
proxy_read_timeout 10m;
}
# location /supabase2/ {
# #rewrite ^/supabase2/(.*)$ /$1 break;
# proxy_pass http://sdp-kong:8000;
# # Add WebSocket support (Necessary for version 0.5.0 and up)
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # (Optional) Disable proxy buffering for better streaming response from models
# proxy_buffering off;
# # (Optional) Increase max request size for large attachments and long audio messages
# #client_max_body_size 20M;
# proxy_read_timeout 10m;
# }
# location /ai/ {
# proxy_pass http://localhost:3001/ai/;
# # Add WebSocket support (Necessary for version 0.5.0 and up)
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # (Optional) Disable proxy buffering for better streaming response from models
# proxy_buffering off;
# # (Optional) Increase max request size for large attachments and long audio messages
# #client_max_body_size 20M;
# proxy_read_timeout 10m;
# }
# location /dashboard/ {
# proxy_pass http://localhost:8800;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
# }
# location /dashboard-dev/ {
# proxy_pass http://localhost:8801;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
# }
# location /realtime/ {
# proxy_pass http://sdp-kong:8000/realtime/; # ส่งไปที่ endpoint ของ backend supabase
# # คอนฟิกสำหรับ WebSocket
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# # Header สำคัญอื่นๆ
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# # ป้องกันแชทหลุด (Timeout 1 ชั่วโมง)
# proxy_read_timeout 3600s;
# proxy_send_timeout 3600s;
# }
location /apiservice/ {
# ส่งต่อ Request ไปยัง Backend
proxy_pass http://apiservice:8040;
# การตั้งค่า Header มาตรฐาน
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Ensure the sub-path is handled correctly
proxy_set_header X-Forwarded-Prefix /apiservice;
# รองรับการ Upload ไฟล์ขนาดใหญ่ (ป้องกัน Timeout ระหว่างส่งข้อมูล)
proxy_read_timeout 300s;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
# ปิดการพักข้อมูลใน Buffer ของ Nginx ชั่วคราวเพื่อให้การ Upload ลื่นไหลขึ้น
proxy_request_buffering off;
proxy_buffering off;
# เพิ่มเติม: รองรับ WebSocket (เผื่อ Doc หรือ API มีการใช้ Real-time)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
# # Superset Analytics Dashboard -- notwork
location /superset {
proxy_pass http://superset:8088;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Standard headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Superset-specific headers for sub-path support
proxy_set_header X-Forwarded-Prefix /superset;
proxy_set_header X-Script-Name /superset;
# ตัวนี้จะช่วยให้ Superset เข้าใจเรื่อง Path ในการสร้างลิงก์ Static
proxy_set_header X-Forwarded-Host $host;
# Timeout settings (for long-running queries and dashboard loading)
proxy_read_timeout 300s;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
# Disable buffering for better streaming
proxy_buffering off;
proxy_request_buffering off;
}
location /dozzle {
# Forward to Dozzle
proxy_pass http://dozzle:8080;
# Preserve headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# WebSocket support for real-time logs
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts for long-running log streams
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# Disable buffering for real-time streaming
proxy_buffering off;
proxy_request_buffering off;
}
# Static assets
location /dozzle/assets {
proxy_pass http://dozzle:8080;
proxy_set_header Host $host;
proxy_cache_valid 200 1d;
add_header Cache-Control "public, immutable";
}
# API endpoints
location /dozzle/api {
proxy_pass http://dozzle:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
}
# Health check
location /dozzle/healthcheck {
proxy_pass http://dozzle:8080;
proxy_set_header Host $host;
access_log off;
}
# =============================================
# Superset Analytics Dashboard
# Superset routes are at root level (no single prefix)
# We proxy ALL Superset paths directly to port 8088
# =============================================
# # Redirect /superset/ and /superset to welcome page
# location = /superset/ {
# return 302 /superset/welcome/;
# }
# location = /superset {
# return 302 /superset/welcome/;
# }
# Superset views (welcome, dashboard view, explore, etc.)
# location /superset {
# proxy_pass http://localhost:8088;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Accept-Encoding "";
# proxy_read_timeout 300s;
# proxy_connect_timeout 300s;
# proxy_send_timeout 300s;
# # Rewrite logo brand link in HTML
# sub_filter_once off;
# sub_filter '"path":"/"' '"path":"/superset/welcome/"';
# sub_filter '"path": "/"' '"path": "/superset/welcome/"';
# }
# # Superset API, static files, auth, and all other root-level routes
# # NOTE: /dashboard/ is NOT included here - it's handled by sriphat-dashboard on port 8800
# location ~ ^/(api|static|login|logout|chart|explore|sqllab|savedqueryview|tablemodelview|tableschemaview|tabstateview|tagview|datasource|dataset|databaseview|annotationlayer|csstemplatemodelview|rowlevelsecurity|embedded|dynamic-plugins|lang|theme|healthcheck|ping|roles|users|user_info|userinfoeditview|register|registrations|resetpassword|resetmypassword|groups|list_groups|back|swagger|alert|report|actionlog)(/|$) {
# proxy_pass http://localhost:8088;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Accept-Encoding "";
# proxy_read_timeout 300s;
# proxy_connect_timeout 300s;
# proxy_send_timeout 300s;
# # Rewrite logo href in HTML/JS responses
# sub_filter_once off;
# sub_filter_types application/javascript;
# sub_filter '"path":"/"' '"path":"/superset/welcome/"';
# sub_filter "'path':'/'" "'path':'/superset/welcome/'";
# }
# location /aiflow/ {
# proxy_pass http://airflow-webserver:8080;
# # WebSocket support
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# # Standard headers
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # Superset-specific headers for sub-path support
# proxy_set_header X-Forwarded-Prefix /superset;
# proxy_set_header X-Script-Name /superset;
# # Timeout settings (for long-running queries and dashboard loading)
# proxy_read_timeout 300s;
# proxy_connect_timeout 300s;
# proxy_send_timeout 300s;
# # Disable buffering for better streaming
# proxy_buffering off;
# proxy_request_buffering off;
# }
# location /dbt/ {
# proxy_pass http://dbt:8080;
# # WebSocket support
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# # Standard headers
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # Superset-specific headers for sub-path support
# proxy_set_header X-Forwarded-Prefix /superset;
# proxy_set_header X-Script-Name /superset;
# # Timeout settings (for long-running queries and dashboard loading)
# proxy_read_timeout 300s;
# proxy_connect_timeout 300s;
# proxy_send_timeout 300s;
# # Disable buffering for better streaming
# proxy_buffering off;
# proxy_request_buffering off;
# }
#listen 443 ssl; # managed by sriphat
#ssl_certificate /etc/letsencrypt/live/ai.bda.co.th/fullchain.pem; # managed by Certbot
#ssl_certificate_key /etc/letsencrypt/live/ai.bda.co.th/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
#server {
# listen 80 default_server;
# server_name ai.bda.co.th;
# #rewrite ^/[old-page]$ https://[domain]/[new-page] permanent;
# return 301 https://$host$request_uri;
#}

View File

@@ -0,0 +1,59 @@
# Dozzle - Docker Log Viewer & Monitoring
# Subpath: /dozzle
# Backend: dozzle:8080
location /dozzle {
# Forward to Dozzle
proxy_pass http://dozzle:8080;
# Preserve headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# WebSocket support for real-time logs
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts for long-running log streams
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# Disable buffering for real-time streaming
proxy_buffering off;
proxy_request_buffering off;
}
# Static assets
location /dozzle/assets {
proxy_pass http://dozzle:8080;
proxy_set_header Host $host;
proxy_cache_valid 200 1d;
add_header Cache-Control "public, immutable";
}
# API endpoints
location /dozzle/api {
proxy_pass http://dozzle:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
}
# Health check
location /dozzle/healthcheck {
proxy_pass http://dozzle:8080;
proxy_set_header Host $host;
access_log off;
}

View File

@@ -0,0 +1,68 @@
# Keycloak - Single Sign-On (SSO)
# Subpath: /keycloak
# Backend: keycloak:8080
location /keycloak {
# Remove /keycloak prefix before forwarding
rewrite ^/keycloak(/.*)$ $1 break;
# Forward to Keycloak
proxy_pass http://keycloak:8080;
# Preserve headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Important for Keycloak
proxy_set_header X-Forwarded-Prefix /keycloak;
# Session and cookie handling
proxy_cookie_path / /keycloak/;
# Buffer settings
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# Admin console
location /keycloak/admin {
rewrite ^/keycloak(/.*)$ $1 break;
proxy_pass http://keycloak:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Prefix /keycloak;
proxy_cookie_path / /keycloak/;
}
# Realms
location /keycloak/realms {
rewrite ^/keycloak(/.*)$ $1 break;
proxy_pass http://keycloak:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Prefix /keycloak;
proxy_cookie_path / /keycloak/;
}
# Resources (CSS, JS, images)
location /keycloak/resources {
rewrite ^/keycloak(/.*)$ $1 break;
proxy_pass http://keycloak:8080;
proxy_set_header Host $host;
proxy_cache_valid 200 1d;
add_header Cache-Control "public, immutable";
}

View File

@@ -0,0 +1,391 @@
# Nginx Proxy Manager - Setup Guide
คู่มือการตั้งค่า Nginx Proxy Manager สำหรับ Sriphat Data Platform
## 📋 ข้อมูล Services
| Service | Subpath | Container Name | Port | Status |
|---------|---------|----------------|------|--------|
| API Service | `/apiservice` | apiservice | 8000 | ✅ Active |
| Supabase Studio | `/supabase` | sdp-studio | 3000 | ✅ Active |
| Supabase API | `/supabase-api` | sdp-kong | 8000 | ✅ Active |
| Keycloak | `/keycloak` | keycloak | 8080 | ✅ Active |
| Superset | `/superset` | superset | 8088 | ✅ Active |
| Airflow | `/airflow` | airflow-webserver | 8080 | ⚠️ Optional |
| DBT Docs | `/dbt` | dbt-docs | 8080 | ⚠️ Optional |
## 🚀 Quick Start
### 1. เข้า Nginx Proxy Manager
```
URL: http://192.168.100.9:8021
Default Login:
Email: admin@example.com
Password: changeme
```
**⚠️ เปลี่ยน password ทันทีหลัง login ครั้งแรก!**
### 2. สร้าง Proxy Host
1. คลิก **Proxy Hosts****Add Proxy Host**
2. กรอกข้อมูล:
**Tab: Details**
```
Domain Names: ai.sriphat.com
Scheme: http
Forward Hostname/IP: localhost
Forward Port: 80
```
**Tab: Advanced**
- Copy config จาก `complete-example.conf` ทั้งหมด
- Paste ลงใน **Custom Nginx Configuration**
3. กด **Save**
### 3. ตั้งค่า SSL (Production)
**Tab: SSL**
```
☑ Request a new SSL Certificate with Let's Encrypt
☑ Force SSL
☑ HTTP/2 Support
☑ HSTS Enabled
Email: your-email@example.com
```
กด **Save**
## 📝 การใช้งานแบบละเอียด
### วิธีที่ 1: ใช้ Complete Config (แนะนำ)
**ข้อดี:**
- ตั้งค่าครั้งเดียว ได้ทุก service
- ง่ายต่อการจัดการ
- Consistent configuration
**ขั้นตอน:**
1. สร้าง Proxy Host ตาม Quick Start
2. Copy `complete-example.conf` ไปวางใน Advanced tab
3. Save
### วิธีที่ 2: แยก Config แต่ละ Service
**ข้อดี:**
- ควบคุมแต่ละ service ได้อิสระ
- ง่ายต่อการ debug
- สามารถตั้งค่า SSL แยกกันได้
**ขั้นตอน:**
#### API Service
```
Domain: api.sriphat.com
Forward: apiservice:8000
Advanced: ใช้ config จาก apiservice.conf
```
#### Supabase Studio
```
Domain: supabase.sriphat.com
Forward: sdp-studio:3000
Advanced: ใช้ config จาก supabase-studio.conf
```
#### Keycloak
```
Domain: auth.sriphat.com
Forward: keycloak:8080
Advanced: ใช้ config จาก keycloak.conf
```
#### Superset
```
Domain: bi.sriphat.com
Forward: superset:8088
Advanced: ใช้ config จาก superset.conf
```
## 🔧 Configuration Details
### API Service (`/apiservice`)
**สิ่งสำคัญ:**
```nginx
proxy_set_header X-Script-Name /apiservice;
proxy_cookie_path / /apiservice/;
```
**ทำไม:**
- FastAPI ต้องรู้ว่าทำงานภายใต้ subpath
- Session cookies ต้อง scope ถูกต้อง
### Keycloak (`/keycloak`)
**สิ่งสำคัญ:**
```nginx
proxy_set_header X-Forwarded-Prefix /keycloak;
proxy_cookie_path / /keycloak/;
```
**ทำไม:**
- Keycloak ใช้ X-Forwarded-Prefix สำหรับ redirect URLs
- Authentication flow ต้องการ cookie path ที่ถูกต้อง
### Supabase Studio (`/supabase`)
**สิ่งสำคัญ:**
```nginx
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
```
**ทำไม:**
- Supabase Studio ใช้ WebSocket สำหรับ real-time features
- ต้อง support HTTP/1.1 upgrade
### Superset (`/superset`)
**สิ่งสำคัญ:**
```nginx
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
```
**ทำไม:**
- Dashboard queries อาจใช้เวลานาน
- ต้องการ timeout ที่สูงกว่าปกติ
## 🐛 Troubleshooting
### 502 Bad Gateway
**สาเหตุ:**
- Backend service ไม่ทำงาน
- Network configuration ผิด
**วิธีแก้:**
```bash
# ตรวจสอบ service
docker ps | grep <service-name>
# ตรวจสอบ network
docker network inspect shared_data_network
# ดู logs
docker logs <service-name>
docker logs nginx-proxy-manager
```
### 404 Not Found
**สาเหตุ:**
- Path rewriting ไม่ถูกต้อง
- Backend ไม่ support subpath
**วิธีแก้:**
```nginx
# ตรวจสอบ rewrite rule
rewrite ^/apiservice(/.*)$ $1 break;
# ดู nginx logs
docker exec nginx-proxy-manager tail -f /data/logs/proxy-host-*.log
```
### Redirect Loop
**สาเหตุ:**
- Cookie path ไม่ถูกต้อง
- X-Forwarded-* headers ขาดหาย
**วิธีแก้:**
```nginx
# เพิ่ม headers
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# ตั้งค่า cookie path
proxy_cookie_path / /apiservice/;
```
### WebSocket Connection Failed
**สาเหตุ:**
- ไม่มี WebSocket headers
- HTTP version ไม่ถูกต้อง
**วิธีแก้:**
```nginx
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
```
### Session Lost After Refresh
**สาเหตุ:**
- Cookie path ไม่ match กับ URL path
- SameSite cookie policy
**วิธีแก้:**
```nginx
proxy_cookie_path / /apiservice/;
proxy_cookie_flags ~ secure samesite=lax;
```
## 🔐 Security Best Practices
### 1. เปลี่ยน Default Password
```
Settings → Users → Edit admin user
```
### 2. ใช้ HTTPS ใน Production
```
SSL Tab → Request a new SSL Certificate
☑ Force SSL
☑ HSTS Enabled
```
### 3. ตั้งค่า Access Lists
```
Access Lists → Add Access List
- Whitelist IP addresses
- Basic authentication
- Apply to sensitive services (Keycloak Admin, Superset)
```
### 4. Enable Rate Limiting
```nginx
# ใน Custom Nginx Configuration
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
limit_req zone=api_limit burst=20 nodelay;
```
### 5. Hide Nginx Version
```nginx
# ใน Custom Nginx Configuration
server_tokens off;
```
## 📊 Monitoring
### ดู Logs
**ใน Nginx Proxy Manager UI:**
```
Proxy Hosts → Click on host → Logs tab
```
**ใน Docker:**
```bash
# Nginx Proxy Manager logs
docker logs nginx-proxy-manager -f
# Access logs
docker exec nginx-proxy-manager tail -f /data/logs/proxy-host-*.log
# Error logs
docker exec nginx-proxy-manager tail -f /data/logs/error.log
```
### Health Checks
```bash
# ตรวจสอบ Nginx Proxy Manager
curl http://192.168.100.9:8021
# ตรวจสอบ services ผ่าน proxy
curl http://ai.sriphat.com/apiservice/docs
curl http://ai.sriphat.com/supabase
curl http://ai.sriphat.com/keycloak
```
## 🔄 Backup & Restore
### Backup Configuration
```bash
# Backup Nginx Proxy Manager data
cd /path/to/01-infra
tar -czf npm-backup-$(date +%Y%m%d).tar.gz data/
# Backup specific configs
docker exec nginx-proxy-manager tar -czf /tmp/configs.tar.gz /data/nginx
docker cp nginx-proxy-manager:/tmp/configs.tar.gz ./npm-configs-backup.tar.gz
```
### Restore Configuration
```bash
# Stop Nginx Proxy Manager
docker compose down
# Restore data
tar -xzf npm-backup-YYYYMMDD.tar.gz
# Start Nginx Proxy Manager
docker compose up -d
```
## 📚 Additional Resources
- [Nginx Proxy Manager Docs](https://nginxproxymanager.com/guide/)
- [Nginx Reverse Proxy Guide](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/)
- [Let's Encrypt SSL](https://letsencrypt.org/getting-started/)
## 💡 Tips & Tricks
### 1. Test Config Before Applying
```bash
# Test nginx config
docker exec nginx-proxy-manager nginx -t
```
### 2. Reload Without Restart
```bash
# Reload nginx (no downtime)
docker exec nginx-proxy-manager nginx -s reload
```
### 3. View Current Config
```bash
# View active nginx config
docker exec nginx-proxy-manager cat /etc/nginx/nginx.conf
```
### 4. Debug Mode
```nginx
# เพิ่มใน Custom Nginx Configuration
error_log /data/logs/error.log debug;
```
### 5. Custom Error Pages
```nginx
# เพิ่มใน Custom Nginx Configuration
error_page 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
```
## 🎯 Production Checklist
- [ ] เปลี่ยน default admin password
- [ ] ตั้งค่า SSL certificate (Let's Encrypt)
- [ ] Enable Force SSL
- [ ] Enable HSTS
- [ ] ตั้งค่า Access Lists สำหรับ admin panels
- [ ] Enable rate limiting
- [ ] Hide server tokens
- [ ] ตั้งค่า backup schedule
- [ ] Test all services ผ่าน proxy
- [ ] Monitor logs สำหรับ errors
- [ ] Document custom configurations

View File

@@ -0,0 +1,88 @@
# Supabase Kong API Gateway - REST API
# Subpath: /supabase-api
# Backend: sdp-kong:8000
location /supabase-api {
# Remove /supabase-api prefix before forwarding
rewrite ^/supabase-api(/.*)$ $1 break;
# Forward to Kong Gateway
proxy_pass http://sdp-kong:8000;
# Preserve headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# API key and authorization headers
proxy_set_header Authorization $http_authorization;
proxy_set_header apikey $http_apikey;
# CORS headers (if needed)
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, PATCH, OPTIONS" always;
add_header Access-Control-Allow-Headers "Authorization, Content-Type, apikey, X-Client-Info" always;
# Handle preflight requests
if ($request_method = 'OPTIONS') {
return 204;
}
# Timeouts for API calls
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
# Disable buffering for streaming responses
proxy_buffering off;
}
# REST API endpoints
location /supabase-api/rest {
rewrite ^/supabase-api(/.*)$ $1 break;
proxy_pass http://sdp-kong:8000;
proxy_set_header Host $host;
proxy_set_header Authorization $http_authorization;
proxy_set_header apikey $http_apikey;
}
# Auth endpoints
location /supabase-api/auth {
rewrite ^/supabase-api(/.*)$ $1 break;
proxy_pass http://sdp-kong:8000;
proxy_set_header Host $host;
proxy_set_header Authorization $http_authorization;
proxy_set_header apikey $http_apikey;
}
# Storage endpoints
location /supabase-api/storage {
rewrite ^/supabase-api(/.*)$ $1 break;
proxy_pass http://sdp-kong:8000;
proxy_set_header Host $host;
proxy_set_header Authorization $http_authorization;
proxy_set_header apikey $http_apikey;
# Larger timeouts for file uploads
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
client_max_body_size 100M;
}
# Realtime endpoints (WebSocket)
location /supabase-api/realtime {
rewrite ^/supabase-api(/.*)$ $1 break;
proxy_pass http://sdp-kong:8000;
proxy_set_header Host $host;
proxy_set_header Authorization $http_authorization;
proxy_set_header apikey $http_apikey;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}

View File

@@ -0,0 +1,50 @@
# Supabase Studio - Database Management UI
# Subpath: /supabase
# Backend: sdp-studio:3000
location /supabase {
# Remove /supabase prefix before forwarding
rewrite ^/supabase(/.*)$ $1 break;
# Forward to Supabase Studio
proxy_pass http://sdp-studio:3000;
# Preserve headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# WebSocket support for real-time features
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Disable buffering for real-time updates
proxy_buffering off;
}
# API endpoints for Studio
location /supabase/api {
rewrite ^/supabase(/.*)$ $1 break;
proxy_pass http://sdp-studio:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Static assets
location /supabase/_next {
rewrite ^/supabase(/.*)$ $1 break;
proxy_pass http://sdp-studio:3000;
proxy_set_header Host $host;
proxy_cache_valid 200 1d;
add_header Cache-Control "public, immutable";
}

View File

@@ -0,0 +1,68 @@
# Apache Superset - Business Intelligence
# Subpath: /superset
# Backend: superset:8088
location /superset {
# Remove /superset prefix before forwarding
rewrite ^/superset(/.*)$ $1 break;
# Forward to Superset
proxy_pass http://superset:8088;
# Preserve headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# Important for Superset subpath
proxy_set_header X-Script-Name /superset;
# Session cookie handling
proxy_cookie_path / /superset/;
# WebSocket support for real-time dashboards
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts (dashboards can take time to load)
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# Buffer settings for large responses
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
# API endpoints
location /superset/api {
rewrite ^/superset(/.*)$ $1 break;
proxy_pass http://superset:8088;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Script-Name /superset;
proxy_cookie_path / /superset/;
}
# Static files
location /superset/static {
rewrite ^/superset(/.*)$ $1 break;
proxy_pass http://superset:8088;
proxy_set_header Host $host;
proxy_cache_valid 200 1d;
add_header Cache-Control "public, immutable";
}
# Superset assets
location /superset/superset {
rewrite ^/superset(/.*)$ $1 break;
proxy_pass http://superset:8088;
proxy_set_header Host $host;
proxy_set_header X-Script-Name /superset;
}