update configuration docker setup for data platform
This commit is contained in:
@@ -1,51 +1,76 @@
|
||||
x-common-configs: &common-config
|
||||
extra_hosts:
|
||||
- "dev.sriphat.com:192.168.100.9"
|
||||
pull_policy: ${DOCKER_PULL_POLICY:-missing}
|
||||
|
||||
services:
|
||||
# nginx-proxy:
|
||||
# image: jc21/nginx-proxy-manager:latest
|
||||
# container_name: nginx-proxy-manager
|
||||
# ports:
|
||||
# - "8020:80"
|
||||
# - "8043:443"
|
||||
# - "8021:81"
|
||||
# volumes:
|
||||
# - ./data:/data
|
||||
# - ./letsencrypt:/etc/letsencrypt
|
||||
# environment:
|
||||
# - TZ=${TZ:-Asia/Bangkok}
|
||||
# env_file:
|
||||
# - ../.env
|
||||
# networks:
|
||||
# - shared_data_network
|
||||
# restart: unless-stopped
|
||||
|
||||
nginx-proxy:
|
||||
image: jc21/nginx-proxy-manager:latest
|
||||
image: nginx:latest
|
||||
container_name: nginx-proxy-manager
|
||||
ports:
|
||||
- "8020:80"
|
||||
- "8043:443"
|
||||
- "8021:81"
|
||||
volumes:
|
||||
- ./data:/data
|
||||
- ./letsencrypt:/etc/letsencrypt
|
||||
environment:
|
||||
- TZ=${TZ:-Asia/Bangkok}
|
||||
env_file:
|
||||
- ../.env.global
|
||||
volumes:
|
||||
- ./nginx-configs/default-all.conf:/etc/nginx/conf.d/default.conf:ro
|
||||
networks:
|
||||
- shared_data_network
|
||||
restart: unless-stopped
|
||||
<<: *common-config
|
||||
|
||||
keycloak:
|
||||
image: quay.io/keycloak/keycloak:23.0
|
||||
container_name: keycloak
|
||||
command: start-dev
|
||||
#command: start-dev
|
||||
command: start-dev --http-relative-path /keycloak
|
||||
env_file:
|
||||
- ../.env.global
|
||||
- ../.env
|
||||
environment:
|
||||
KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN}
|
||||
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
|
||||
KC_DB: postgres
|
||||
KC_DB_URL: jdbc:postgresql://postgres:5432/${KEYCLOAK_DB_NAME}
|
||||
KC_DB_URL: jdbc:postgresql://postgres:${DB_PORT:-5432}/${KEYCLOAK_DB_NAME}
|
||||
KC_DB_USERNAME: ${DB_USER}
|
||||
KC_DB_PASSWORD: ${DB_PASSWORD}
|
||||
KC_HOSTNAME_STRICT: "false"
|
||||
KC_HTTP_ENABLED: "true"
|
||||
KC_PROXY: edge
|
||||
# passthrough
|
||||
KC_HTTP_RELATIVE_PATH: "/keycloak"
|
||||
KC_HOSTNAME_PATH: "/keycloak"
|
||||
KC_HOSTNAME_STRICT_HTTPS: "true"
|
||||
ports:
|
||||
- "8080:8080"
|
||||
- "8085:8080"
|
||||
networks:
|
||||
- shared_data_network
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- postgres
|
||||
|
||||
<<: *common-config
|
||||
|
||||
postgres:
|
||||
image: postgres:15-alpine
|
||||
container_name: postgres
|
||||
env_file:
|
||||
- ../.env.global
|
||||
- ../.env
|
||||
environment:
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||
POSTGRES_USER: ${DB_USER}
|
||||
@@ -58,13 +83,57 @@ services:
|
||||
- shared_data_network
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "0.0.0.0:5435:5432"
|
||||
- "0.0.0.0:${DB_PORT_EXPOSE:-5435}:5432"
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U ${DB_USER}"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
redis:
|
||||
# Redis is limited to 7.2-bookworm due to licencing change
|
||||
# https://redis.io/blog/redis-adopts-dual-source-available-licensing/
|
||||
image: redis:7.2-bookworm
|
||||
expose:
|
||||
- 6379
|
||||
healthcheck:
|
||||
test: ["CMD", "redis-cli", "ping"]
|
||||
interval: 10s
|
||||
timeout: 30s
|
||||
retries: 50
|
||||
start_period: 30s
|
||||
restart: always
|
||||
networks:
|
||||
- shared_data_network
|
||||
|
||||
dozzle:
|
||||
image: amir20/dozzle:latest
|
||||
container_name: dozzle
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ./data/dozzle:/data
|
||||
ports:
|
||||
- "${DOZZLE_PORT:-9999}:8080"
|
||||
environment:
|
||||
DOZZLE_LEVEL: ${DOZZLE_LEVEL:-info}
|
||||
DOZZLE_BASE: ${DOZZLE_BASE:-/dozzle}
|
||||
DOZZLE_HOSTNAME: ${DOZZLE_HOSTNAME:-Sriphat Main Server}
|
||||
DOZZLE_NO_ANALYTICS: "true"
|
||||
DOZZLE_ENABLE_ACTIONS: "true"
|
||||
DOZZLE_AUTH_PROVIDER: ${DOZZLE_AUTH_PROVIDER:-none}
|
||||
DOZZLE_REMOTE_AGENT: ${DOZZLE_REMOTE_AGENT:-}
|
||||
TZ: ${TZ:-Asia/Bangkok}
|
||||
networks:
|
||||
- shared_data_network
|
||||
restart: ${DOZZLE_RESTART_POLICY:-unless-stopped}
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/dozzle/healthcheck"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 10s
|
||||
<<: *common-config
|
||||
|
||||
networks:
|
||||
shared_data_network:
|
||||
external: true
|
||||
|
||||
5
01-infra/init/00-create-keycloak-database.sql
Normal file
5
01-infra/init/00-create-keycloak-database.sql
Normal file
@@ -0,0 +1,5 @@
|
||||
-- Create Keycloak database
|
||||
CREATE DATABASE keycloak;
|
||||
|
||||
-- Grant privileges to postgres user
|
||||
GRANT ALL PRIVILEGES ON DATABASE keycloak TO postgres;
|
||||
8
01-infra/init/03-create-airflow-databases.sql
Normal file
8
01-infra/init/03-create-airflow-databases.sql
Normal file
@@ -0,0 +1,8 @@
|
||||
-- Create databases for Airbyte OSS
|
||||
-- These databases will be used by the Airbyte deployment in 04-ingestion
|
||||
|
||||
-- Main Airbyte database
|
||||
CREATE DATABASE airflow_db;
|
||||
|
||||
-- Grant permissions to postgres user
|
||||
GRANT ALL PRIVILEGES ON DATABASE airflow_db TO postgres;
|
||||
149
01-infra/nginx-configs/README.md
Normal file
149
01-infra/nginx-configs/README.md
Normal file
@@ -0,0 +1,149 @@
|
||||
# Nginx Proxy Manager - Site Configurations
|
||||
|
||||
Nginx site configurations สำหรับ handle subpath routing ของทุก service ใน Sriphat Data Platform
|
||||
|
||||
## 📋 Services และ Subpaths
|
||||
|
||||
| Service | Subpath | Backend | Port |
|
||||
|---------|---------|---------|------|
|
||||
| API Service | `/apiservice` | apiservice:8000 | 8040 |
|
||||
| Supabase Studio | `/supabase` | sdp-studio:3000 | - |
|
||||
| Supabase Kong API | `/supabase-api` | sdp-kong:8000 | - |
|
||||
| Keycloak | `/keycloak` | keycloak:8080 | 8085 |
|
||||
| Superset | `/superset` | superset:8088 | 8088 |
|
||||
| Airflow | `/airflow` | airflow-webserver:8080 | - |
|
||||
| DBT Docs | `/dbt` | dbt-docs:8080 | - |
|
||||
| Dozzle | `/dozzle` | dozzle:8080 | 9999 |
|
||||
|
||||
## 🚀 การใช้งาน
|
||||
|
||||
### วิธีที่ 1: ใช้ Nginx Proxy Manager UI (แนะนำ)
|
||||
|
||||
1. เข้า Nginx Proxy Manager: `http://your-server:8021`
|
||||
2. Login (default: admin@example.com / changeme)
|
||||
3. ไปที่ **Proxy Hosts** → **Add Proxy Host**
|
||||
4. กรอกข้อมูล:
|
||||
- **Domain Names**: `ai.sriphat.com` (หรือ domain ของคุณ)
|
||||
- **Scheme**: `http`
|
||||
- **Forward Hostname/IP**: ดูจากตารางด้านบน
|
||||
- **Forward Port**: ดูจากตารางด้านบน
|
||||
5. ไปที่ tab **Advanced**
|
||||
6. Copy config จากไฟล์ที่เกี่ยวข้อง (เช่น `apiservice.conf`) ไปวางใน **Custom Nginx Configuration**
|
||||
7. กด **Save**
|
||||
|
||||
### วิธีที่ 2: Import Config Files โดยตรง
|
||||
|
||||
**⚠️ วิธีนี้ต้องการ access ไปยัง Nginx Proxy Manager data directory**
|
||||
|
||||
```bash
|
||||
# 1. Copy config files ไปยัง Nginx Proxy Manager
|
||||
cd /path/to/01-infra
|
||||
docker cp nginx-configs/. nginx-proxy-manager:/data/nginx/custom/
|
||||
|
||||
# 2. Restart Nginx Proxy Manager
|
||||
docker restart nginx-proxy-manager
|
||||
|
||||
# 3. ตรวจสอบ logs
|
||||
docker logs nginx-proxy-manager -f
|
||||
```
|
||||
|
||||
## 📝 Config Files
|
||||
|
||||
### `apiservice.conf`
|
||||
FastAPI service with Keycloak authentication
|
||||
- Handles `/apiservice/*` paths
|
||||
- Preserves session cookies
|
||||
- WebSocket support
|
||||
|
||||
### `supabase-studio.conf`
|
||||
Supabase Studio UI
|
||||
- Handles `/supabase/*` paths
|
||||
- Rewrites paths for Studio
|
||||
|
||||
### `supabase-kong.conf`
|
||||
Supabase REST API (Kong Gateway)
|
||||
- Handles `/supabase-api/*` paths
|
||||
- API key authentication
|
||||
|
||||
### `keycloak.conf`
|
||||
Keycloak SSO
|
||||
- Handles `/keycloak/*` paths
|
||||
- Preserves authentication headers
|
||||
|
||||
### `superset.conf`
|
||||
Apache Superset BI
|
||||
- Handles `/superset/*` paths
|
||||
- Session management
|
||||
|
||||
### `airflow.conf`
|
||||
Apache Airflow (if deployed)
|
||||
- Handles `/airflow/*` paths
|
||||
- WebServer UI
|
||||
|
||||
### `dbt.conf`
|
||||
DBT Documentation (if deployed)
|
||||
- Handles `/dbt/*` paths
|
||||
- Static documentation
|
||||
|
||||
## 🔧 การปรับแต่ง
|
||||
|
||||
### เปลี่ยน Domain
|
||||
แก้ไข `server_name` ในแต่ละ config file:
|
||||
```nginx
|
||||
server_name ai.sriphat.com; # เปลี่ยนเป็น domain ของคุณ
|
||||
```
|
||||
|
||||
### เปลี่ยน Backend Host/Port
|
||||
แก้ไข `proxy_pass` directive:
|
||||
```nginx
|
||||
proxy_pass http://apiservice:8000; # เปลี่ยนตาม service ของคุณ
|
||||
```
|
||||
|
||||
### เพิ่ม SSL/HTTPS
|
||||
ใช้ Nginx Proxy Manager UI:
|
||||
1. ไปที่ Proxy Host ที่ต้องการ
|
||||
2. ไปที่ tab **SSL**
|
||||
3. เลือก **Request a new SSL Certificate**
|
||||
4. เลือก **Force SSL**
|
||||
|
||||
## 🐛 Troubleshooting
|
||||
|
||||
### 502 Bad Gateway
|
||||
- ตรวจสอบว่า backend service ทำงานอยู่: `docker ps`
|
||||
- ตรวจสอบ network: `docker network inspect shared_data_network`
|
||||
- ดู logs: `docker logs <service-name>`
|
||||
|
||||
### 404 Not Found
|
||||
- ตรวจสอบ path rewriting ใน config
|
||||
- ดู nginx logs: `docker logs nginx-proxy-manager`
|
||||
|
||||
### Session/Cookie Issues
|
||||
- ตรวจสอบ `proxy_cookie_path` directive
|
||||
- ตรวจสอบ `X-Forwarded-*` headers
|
||||
|
||||
### WebSocket Connection Failed
|
||||
- ตรวจสอบว่ามี WebSocket headers:
|
||||
```nginx
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
```
|
||||
|
||||
## 📚 เอกสารเพิ่มเติม
|
||||
|
||||
- [Nginx Proxy Manager Documentation](https://nginxproxymanager.com/guide/)
|
||||
- [Nginx Reverse Proxy Guide](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/)
|
||||
- [Nginx Subpath Configuration](https://www.nginx.com/blog/creating-nginx-rewrite-rules/)
|
||||
|
||||
## 🔐 Security Notes
|
||||
|
||||
1. **ใช้ HTTPS ใน Production** - Request SSL certificate ผ่าน Nginx Proxy Manager
|
||||
2. **ตั้งค่า Access Lists** - จำกัดการเข้าถึงบาง services (เช่น Keycloak Admin)
|
||||
3. **Enable Rate Limiting** - ป้องกัน DDoS attacks
|
||||
4. **Update Regularly** - อัพเดท Nginx Proxy Manager เป็นประจำ
|
||||
|
||||
## 📞 Support
|
||||
|
||||
หากมีปัญหาหรือข้อสงสัย:
|
||||
1. ตรวจสอบ logs: `docker logs nginx-proxy-manager -f`
|
||||
2. ดู Nginx Proxy Manager UI → **Logs**
|
||||
3. ตรวจสอบ backend service logs
|
||||
67
01-infra/nginx-configs/airflow.conf
Normal file
67
01-infra/nginx-configs/airflow.conf
Normal file
@@ -0,0 +1,67 @@
|
||||
# Apache Airflow - Workflow Orchestration
|
||||
# Subpath: /airflow
|
||||
# Backend: airflow-webserver:8080
|
||||
|
||||
location /airflow {
|
||||
# Remove /airflow prefix before forwarding
|
||||
rewrite ^/airflow(/.*)$ $1 break;
|
||||
|
||||
# Forward to Airflow Webserver
|
||||
proxy_pass http://airflow-webserver:8080;
|
||||
|
||||
# Preserve headers
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
# Important for Airflow subpath
|
||||
proxy_set_header X-Script-Name /airflow;
|
||||
|
||||
# Session cookie handling
|
||||
proxy_cookie_path / /airflow/;
|
||||
|
||||
# WebSocket support for real-time logs
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
# Timeouts (DAG runs can take time)
|
||||
proxy_connect_timeout 300s;
|
||||
proxy_send_timeout 300s;
|
||||
proxy_read_timeout 300s;
|
||||
|
||||
# Buffer settings
|
||||
proxy_buffer_size 128k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
}
|
||||
|
||||
# API endpoints
|
||||
location /airflow/api {
|
||||
rewrite ^/airflow(/.*)$ $1 break;
|
||||
proxy_pass http://airflow-webserver:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Script-Name /airflow;
|
||||
proxy_cookie_path / /airflow/;
|
||||
}
|
||||
|
||||
# Static files
|
||||
location /airflow/static {
|
||||
rewrite ^/airflow(/.*)$ $1 break;
|
||||
proxy_pass http://airflow-webserver:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_cache_valid 200 1d;
|
||||
add_header Cache-Control "public, immutable";
|
||||
}
|
||||
|
||||
# Health check
|
||||
location /airflow/health {
|
||||
rewrite ^/airflow(/.*)$ $1 break;
|
||||
proxy_pass http://airflow-webserver:8080;
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
58
01-infra/nginx-configs/apiservice.conf
Normal file
58
01-infra/nginx-configs/apiservice.conf
Normal file
@@ -0,0 +1,58 @@
|
||||
# API Service - FastAPI with Keycloak Authentication
|
||||
# Subpath: /apiservice
|
||||
# Backend: apiservice:8000
|
||||
|
||||
location /apiservice {
|
||||
# Remove /apiservice prefix before forwarding to backend
|
||||
rewrite ^/apiservice(/.*)$ $1 break;
|
||||
|
||||
# Forward to FastAPI backend
|
||||
proxy_pass http://apiservice:8000;
|
||||
|
||||
# Preserve original host and protocol
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
|
||||
# Important: Tell FastAPI about the subpath
|
||||
proxy_set_header X-Script-Name /apiservice;
|
||||
|
||||
# Session cookie handling
|
||||
proxy_cookie_path / /apiservice/;
|
||||
|
||||
# WebSocket support (for future use)
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
# Timeouts
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
||||
|
||||
# Buffer settings
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
# Static files (if any)
|
||||
location /apiservice/static {
|
||||
rewrite ^/apiservice/static(/.*)$ /static$1 break;
|
||||
proxy_pass http://apiservice:8000;
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
# Admin panel
|
||||
location /apiservice/admin {
|
||||
rewrite ^/apiservice(/.*)$ $1 break;
|
||||
proxy_pass http://apiservice:8000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Script-Name /apiservice;
|
||||
proxy_cookie_path / /apiservice/;
|
||||
}
|
||||
144
01-infra/nginx-configs/complete-example.conf
Normal file
144
01-infra/nginx-configs/complete-example.conf
Normal file
@@ -0,0 +1,144 @@
|
||||
# Complete Nginx Configuration Example
|
||||
# สำหรับ Nginx Proxy Manager - Custom Nginx Configuration
|
||||
#
|
||||
# วิธีใช้:
|
||||
# 1. ไปที่ Nginx Proxy Manager UI (http://your-server:8021)
|
||||
# 2. สร้าง Proxy Host ใหม่
|
||||
# 3. กรอก Domain Names: ai.sriphat.com (หรือ domain ของคุณ)
|
||||
# 4. กรอก Forward Hostname/IP: localhost (dummy, จะใช้ config ด้านล่าง)
|
||||
# 5. กรอก Forward Port: 80 (dummy)
|
||||
# 6. ไปที่ tab "Advanced"
|
||||
# 7. Copy config ด้านล่างนี้ทั้งหมดไปวางใน "Custom Nginx Configuration"
|
||||
# 8. กด Save
|
||||
|
||||
# ============================================================================
|
||||
# API Service - FastAPI with Keycloak
|
||||
# ============================================================================
|
||||
location /apiservice {
|
||||
rewrite ^/apiservice(/.*)$ $1 break;
|
||||
proxy_pass http://apiservice:8000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Script-Name /apiservice;
|
||||
proxy_cookie_path / /apiservice/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_buffering off;
|
||||
}
|
||||
|
||||
# ============================================================================
|
||||
# Supabase Studio - Database Management UI
|
||||
# ============================================================================
|
||||
location /supabase {
|
||||
rewrite ^/supabase(/.*)$ $1 break;
|
||||
proxy_pass http://sdp-studio:3000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_buffering off;
|
||||
}
|
||||
|
||||
# ============================================================================
|
||||
# Supabase Kong API - REST API Gateway
|
||||
# ============================================================================
|
||||
location /supabase-api {
|
||||
rewrite ^/supabase-api(/.*)$ $1 break;
|
||||
proxy_pass http://sdp-kong:8000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
proxy_set_header apikey $http_apikey;
|
||||
proxy_buffering off;
|
||||
}
|
||||
|
||||
# ============================================================================
|
||||
# Keycloak - Single Sign-On (SSO)
|
||||
# ============================================================================
|
||||
location /keycloak {
|
||||
rewrite ^/keycloak(/.*)$ $1 break;
|
||||
proxy_pass http://keycloak:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Prefix /keycloak;
|
||||
proxy_cookie_path / /keycloak/;
|
||||
proxy_buffer_size 128k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
}
|
||||
|
||||
# ============================================================================
|
||||
# Apache Superset - Business Intelligence
|
||||
# ============================================================================
|
||||
location /superset {
|
||||
rewrite ^/superset(/.*)$ $1 break;
|
||||
proxy_pass http://superset:8088;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Script-Name /superset;
|
||||
proxy_cookie_path / /superset/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_connect_timeout 300s;
|
||||
proxy_send_timeout 300s;
|
||||
proxy_read_timeout 300s;
|
||||
}
|
||||
|
||||
# ============================================================================
|
||||
# Apache Airflow - Workflow Orchestration (Optional)
|
||||
# ============================================================================
|
||||
location /airflow {
|
||||
rewrite ^/airflow(/.*)$ $1 break;
|
||||
proxy_pass http://airflow-webserver:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Script-Name /airflow;
|
||||
proxy_cookie_path / /airflow/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
|
||||
# ============================================================================
|
||||
# DBT Documentation (Optional)
|
||||
# ============================================================================
|
||||
location /dbt {
|
||||
rewrite ^/dbt(/.*)$ $1 break;
|
||||
proxy_pass http://dbt-docs:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# ============================================================================
|
||||
# Dozzle - Docker Log Viewer & Monitoring
|
||||
# ============================================================================
|
||||
location /dozzle {
|
||||
proxy_pass http://dozzle:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_buffering off;
|
||||
proxy_read_timeout 300s;
|
||||
}
|
||||
44
01-infra/nginx-configs/dbt.conf
Normal file
44
01-infra/nginx-configs/dbt.conf
Normal file
@@ -0,0 +1,44 @@
|
||||
# DBT Documentation - Data Transformation Docs
|
||||
# Subpath: /dbt
|
||||
# Backend: dbt-docs:8080
|
||||
|
||||
location /dbt {
|
||||
# Remove /dbt prefix before forwarding
|
||||
rewrite ^/dbt(/.*)$ $1 break;
|
||||
|
||||
# Forward to DBT docs server
|
||||
proxy_pass http://dbt-docs:8080;
|
||||
|
||||
# Preserve headers
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Timeouts
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
||||
}
|
||||
|
||||
# Static documentation files
|
||||
location /dbt/static {
|
||||
rewrite ^/dbt(/.*)$ $1 break;
|
||||
proxy_pass http://dbt-docs:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_cache_valid 200 1d;
|
||||
add_header Cache-Control "public, immutable";
|
||||
}
|
||||
|
||||
# Catalog and manifest files
|
||||
location /dbt/catalog.json {
|
||||
rewrite ^/dbt(/.*)$ $1 break;
|
||||
proxy_pass http://dbt-docs:8080;
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
location /dbt/manifest.json {
|
||||
rewrite ^/dbt(/.*)$ $1 break;
|
||||
proxy_pass http://dbt-docs:8080;
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
359
01-infra/nginx-configs/default-all.conf
Normal file
359
01-infra/nginx-configs/default-all.conf
Normal file
@@ -0,0 +1,359 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name dev.sriphat.com;
|
||||
|
||||
client_max_body_size 100M;
|
||||
|
||||
# redirect to ai web while wait for main protal web in the future
|
||||
location = / {
|
||||
return 301 /ai/;
|
||||
}
|
||||
|
||||
|
||||
location /keycloak/ {
|
||||
#rewrite ^/keycloak/(.*)$ /$1 break;
|
||||
proxy_pass http://keycloak:8080;
|
||||
|
||||
# Add WebSocket support (Necessary for version 0.5.0 and up)
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# (Optional) Disable proxy buffering for better streaming response from models
|
||||
proxy_buffering off;
|
||||
|
||||
# (Optional) Increase max request size for large attachments and long audio messages
|
||||
#client_max_body_size 20M;
|
||||
proxy_read_timeout 10m;
|
||||
}
|
||||
|
||||
|
||||
# location /supabase2/ {
|
||||
# #rewrite ^/supabase2/(.*)$ /$1 break;
|
||||
# proxy_pass http://sdp-kong:8000;
|
||||
|
||||
# # Add WebSocket support (Necessary for version 0.5.0 and up)
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "upgrade";
|
||||
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# # (Optional) Disable proxy buffering for better streaming response from models
|
||||
# proxy_buffering off;
|
||||
|
||||
# # (Optional) Increase max request size for large attachments and long audio messages
|
||||
# #client_max_body_size 20M;
|
||||
# proxy_read_timeout 10m;
|
||||
# }
|
||||
|
||||
|
||||
# location /ai/ {
|
||||
# proxy_pass http://localhost:3001/ai/;
|
||||
|
||||
# # Add WebSocket support (Necessary for version 0.5.0 and up)
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "upgrade";
|
||||
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# # (Optional) Disable proxy buffering for better streaming response from models
|
||||
# proxy_buffering off;
|
||||
|
||||
# # (Optional) Increase max request size for large attachments and long audio messages
|
||||
# #client_max_body_size 20M;
|
||||
# proxy_read_timeout 10m;
|
||||
# }
|
||||
|
||||
# location /dashboard/ {
|
||||
# proxy_pass http://localhost:8800;
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection 'upgrade';
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_cache_bypass $http_upgrade;
|
||||
# }
|
||||
|
||||
# location /dashboard-dev/ {
|
||||
# proxy_pass http://localhost:8801;
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection 'upgrade';
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_cache_bypass $http_upgrade;
|
||||
# }
|
||||
|
||||
# location /realtime/ {
|
||||
# proxy_pass http://sdp-kong:8000/realtime/; # ส่งไปที่ endpoint ของ backend supabase
|
||||
|
||||
# # คอนฟิกสำหรับ WebSocket
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
|
||||
# # Header สำคัญอื่นๆ
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
# # ป้องกันแชทหลุด (Timeout 1 ชั่วโมง)
|
||||
# proxy_read_timeout 3600s;
|
||||
# proxy_send_timeout 3600s;
|
||||
# }
|
||||
|
||||
|
||||
location /apiservice/ {
|
||||
# ส่งต่อ Request ไปยัง Backend
|
||||
proxy_pass http://apiservice:8040;
|
||||
|
||||
# การตั้งค่า Header มาตรฐาน
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
# Ensure the sub-path is handled correctly
|
||||
proxy_set_header X-Forwarded-Prefix /apiservice;
|
||||
|
||||
# รองรับการ Upload ไฟล์ขนาดใหญ่ (ป้องกัน Timeout ระหว่างส่งข้อมูล)
|
||||
proxy_read_timeout 300s;
|
||||
proxy_connect_timeout 300s;
|
||||
proxy_send_timeout 300s;
|
||||
|
||||
# ปิดการพักข้อมูลใน Buffer ของ Nginx ชั่วคราวเพื่อให้การ Upload ลื่นไหลขึ้น
|
||||
proxy_request_buffering off;
|
||||
proxy_buffering off;
|
||||
|
||||
# เพิ่มเติม: รองรับ WebSocket (เผื่อ Doc หรือ API มีการใช้ Real-time)
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
|
||||
# # Superset Analytics Dashboard -- notwork
|
||||
location /superset {
|
||||
proxy_pass http://superset:8088;
|
||||
|
||||
# WebSocket support
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
# Standard headers
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Superset-specific headers for sub-path support
|
||||
proxy_set_header X-Forwarded-Prefix /superset;
|
||||
proxy_set_header X-Script-Name /superset;
|
||||
# ตัวนี้จะช่วยให้ Superset เข้าใจเรื่อง Path ในการสร้างลิงก์ Static
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
# Timeout settings (for long-running queries and dashboard loading)
|
||||
proxy_read_timeout 300s;
|
||||
proxy_connect_timeout 300s;
|
||||
proxy_send_timeout 300s;
|
||||
|
||||
# Disable buffering for better streaming
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /dozzle {
|
||||
# Forward to Dozzle
|
||||
proxy_pass http://dozzle:8080;
|
||||
|
||||
# Preserve headers
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
# WebSocket support for real-time logs
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
# Timeouts for long-running log streams
|
||||
proxy_connect_timeout 300s;
|
||||
proxy_send_timeout 300s;
|
||||
proxy_read_timeout 300s;
|
||||
|
||||
# Disable buffering for real-time streaming
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
# Static assets
|
||||
location /dozzle/assets {
|
||||
proxy_pass http://dozzle:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_cache_valid 200 1d;
|
||||
add_header Cache-Control "public, immutable";
|
||||
}
|
||||
|
||||
# API endpoints
|
||||
location /dozzle/api {
|
||||
proxy_pass http://dozzle:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# WebSocket support
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_buffering off;
|
||||
}
|
||||
|
||||
# Health check
|
||||
location /dozzle/healthcheck {
|
||||
proxy_pass http://dozzle:8080;
|
||||
proxy_set_header Host $host;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# =============================================
|
||||
# Superset Analytics Dashboard
|
||||
# Superset routes are at root level (no single prefix)
|
||||
# We proxy ALL Superset paths directly to port 8088
|
||||
# =============================================
|
||||
|
||||
# # Redirect /superset/ and /superset to welcome page
|
||||
# location = /superset/ {
|
||||
# return 302 /superset/welcome/;
|
||||
# }
|
||||
# location = /superset {
|
||||
# return 302 /superset/welcome/;
|
||||
# }
|
||||
|
||||
# Superset views (welcome, dashboard view, explore, etc.)
|
||||
# location /superset {
|
||||
# proxy_pass http://localhost:8088;
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection 'upgrade';
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
# proxy_set_header Accept-Encoding "";
|
||||
# proxy_read_timeout 300s;
|
||||
# proxy_connect_timeout 300s;
|
||||
# proxy_send_timeout 300s;
|
||||
|
||||
# # Rewrite logo brand link in HTML
|
||||
# sub_filter_once off;
|
||||
# sub_filter '"path":"/"' '"path":"/superset/welcome/"';
|
||||
# sub_filter '"path": "/"' '"path": "/superset/welcome/"';
|
||||
# }
|
||||
|
||||
# # Superset API, static files, auth, and all other root-level routes
|
||||
# # NOTE: /dashboard/ is NOT included here - it's handled by sriphat-dashboard on port 8800
|
||||
# location ~ ^/(api|static|login|logout|chart|explore|sqllab|savedqueryview|tablemodelview|tableschemaview|tabstateview|tagview|datasource|dataset|databaseview|annotationlayer|csstemplatemodelview|rowlevelsecurity|embedded|dynamic-plugins|lang|theme|healthcheck|ping|roles|users|user_info|userinfoeditview|register|registrations|resetpassword|resetmypassword|groups|list_groups|back|swagger|alert|report|actionlog)(/|$) {
|
||||
# proxy_pass http://localhost:8088;
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection 'upgrade';
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
# proxy_set_header Accept-Encoding "";
|
||||
# proxy_read_timeout 300s;
|
||||
# proxy_connect_timeout 300s;
|
||||
# proxy_send_timeout 300s;
|
||||
|
||||
# # Rewrite logo href in HTML/JS responses
|
||||
# sub_filter_once off;
|
||||
# sub_filter_types application/javascript;
|
||||
# sub_filter '"path":"/"' '"path":"/superset/welcome/"';
|
||||
# sub_filter "'path':'/'" "'path':'/superset/welcome/'";
|
||||
# }
|
||||
|
||||
# location /aiflow/ {
|
||||
# proxy_pass http://airflow-webserver:8080;
|
||||
|
||||
# # WebSocket support
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "upgrade";
|
||||
|
||||
# # Standard headers
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# # Superset-specific headers for sub-path support
|
||||
# proxy_set_header X-Forwarded-Prefix /superset;
|
||||
# proxy_set_header X-Script-Name /superset;
|
||||
|
||||
# # Timeout settings (for long-running queries and dashboard loading)
|
||||
# proxy_read_timeout 300s;
|
||||
# proxy_connect_timeout 300s;
|
||||
# proxy_send_timeout 300s;
|
||||
|
||||
# # Disable buffering for better streaming
|
||||
# proxy_buffering off;
|
||||
# proxy_request_buffering off;
|
||||
# }
|
||||
|
||||
# location /dbt/ {
|
||||
# proxy_pass http://dbt:8080;
|
||||
|
||||
# # WebSocket support
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "upgrade";
|
||||
|
||||
# # Standard headers
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# # Superset-specific headers for sub-path support
|
||||
# proxy_set_header X-Forwarded-Prefix /superset;
|
||||
# proxy_set_header X-Script-Name /superset;
|
||||
|
||||
# # Timeout settings (for long-running queries and dashboard loading)
|
||||
# proxy_read_timeout 300s;
|
||||
# proxy_connect_timeout 300s;
|
||||
# proxy_send_timeout 300s;
|
||||
|
||||
# # Disable buffering for better streaming
|
||||
# proxy_buffering off;
|
||||
# proxy_request_buffering off;
|
||||
# }
|
||||
|
||||
#listen 443 ssl; # managed by sriphat
|
||||
#ssl_certificate /etc/letsencrypt/live/ai.bda.co.th/fullchain.pem; # managed by Certbot
|
||||
#ssl_certificate_key /etc/letsencrypt/live/ai.bda.co.th/privkey.pem; # managed by Certbot
|
||||
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
|
||||
#server {
|
||||
# listen 80 default_server;
|
||||
# server_name ai.bda.co.th;
|
||||
# #rewrite ^/[old-page]$ https://[domain]/[new-page] permanent;
|
||||
# return 301 https://$host$request_uri;
|
||||
#}
|
||||
59
01-infra/nginx-configs/dozzle.conf
Normal file
59
01-infra/nginx-configs/dozzle.conf
Normal file
@@ -0,0 +1,59 @@
|
||||
# Dozzle - Docker Log Viewer & Monitoring
|
||||
# Subpath: /dozzle
|
||||
# Backend: dozzle:8080
|
||||
|
||||
location /dozzle {
|
||||
# Forward to Dozzle
|
||||
proxy_pass http://dozzle:8080;
|
||||
|
||||
# Preserve headers
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
# WebSocket support for real-time logs
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
# Timeouts for long-running log streams
|
||||
proxy_connect_timeout 300s;
|
||||
proxy_send_timeout 300s;
|
||||
proxy_read_timeout 300s;
|
||||
|
||||
# Disable buffering for real-time streaming
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
# Static assets
|
||||
location /dozzle/assets {
|
||||
proxy_pass http://dozzle:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_cache_valid 200 1d;
|
||||
add_header Cache-Control "public, immutable";
|
||||
}
|
||||
|
||||
# API endpoints
|
||||
location /dozzle/api {
|
||||
proxy_pass http://dozzle:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# WebSocket support
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_buffering off;
|
||||
}
|
||||
|
||||
# Health check
|
||||
location /dozzle/healthcheck {
|
||||
proxy_pass http://dozzle:8080;
|
||||
proxy_set_header Host $host;
|
||||
access_log off;
|
||||
}
|
||||
68
01-infra/nginx-configs/keycloak.conf
Normal file
68
01-infra/nginx-configs/keycloak.conf
Normal file
@@ -0,0 +1,68 @@
|
||||
# Keycloak - Single Sign-On (SSO)
|
||||
# Subpath: /keycloak
|
||||
# Backend: keycloak:8080
|
||||
|
||||
location /keycloak {
|
||||
# Remove /keycloak prefix before forwarding
|
||||
rewrite ^/keycloak(/.*)$ $1 break;
|
||||
|
||||
# Forward to Keycloak
|
||||
proxy_pass http://keycloak:8080;
|
||||
|
||||
# Preserve headers
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
|
||||
# Important for Keycloak
|
||||
proxy_set_header X-Forwarded-Prefix /keycloak;
|
||||
|
||||
# Session and cookie handling
|
||||
proxy_cookie_path / /keycloak/;
|
||||
|
||||
# Buffer settings
|
||||
proxy_buffer_size 128k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
|
||||
# Timeouts
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
||||
}
|
||||
|
||||
# Admin console
|
||||
location /keycloak/admin {
|
||||
rewrite ^/keycloak(/.*)$ $1 break;
|
||||
proxy_pass http://keycloak:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Prefix /keycloak;
|
||||
proxy_cookie_path / /keycloak/;
|
||||
}
|
||||
|
||||
# Realms
|
||||
location /keycloak/realms {
|
||||
rewrite ^/keycloak(/.*)$ $1 break;
|
||||
proxy_pass http://keycloak:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Prefix /keycloak;
|
||||
proxy_cookie_path / /keycloak/;
|
||||
}
|
||||
|
||||
# Resources (CSS, JS, images)
|
||||
location /keycloak/resources {
|
||||
rewrite ^/keycloak(/.*)$ $1 break;
|
||||
proxy_pass http://keycloak:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_cache_valid 200 1d;
|
||||
add_header Cache-Control "public, immutable";
|
||||
}
|
||||
391
01-infra/nginx-configs/nginx-proxy-manager-guide.md
Normal file
391
01-infra/nginx-configs/nginx-proxy-manager-guide.md
Normal file
@@ -0,0 +1,391 @@
|
||||
# Nginx Proxy Manager - Setup Guide
|
||||
|
||||
คู่มือการตั้งค่า Nginx Proxy Manager สำหรับ Sriphat Data Platform
|
||||
|
||||
## 📋 ข้อมูล Services
|
||||
|
||||
| Service | Subpath | Container Name | Port | Status |
|
||||
|---------|---------|----------------|------|--------|
|
||||
| API Service | `/apiservice` | apiservice | 8000 | ✅ Active |
|
||||
| Supabase Studio | `/supabase` | sdp-studio | 3000 | ✅ Active |
|
||||
| Supabase API | `/supabase-api` | sdp-kong | 8000 | ✅ Active |
|
||||
| Keycloak | `/keycloak` | keycloak | 8080 | ✅ Active |
|
||||
| Superset | `/superset` | superset | 8088 | ✅ Active |
|
||||
| Airflow | `/airflow` | airflow-webserver | 8080 | ⚠️ Optional |
|
||||
| DBT Docs | `/dbt` | dbt-docs | 8080 | ⚠️ Optional |
|
||||
|
||||
## 🚀 Quick Start
|
||||
|
||||
### 1. เข้า Nginx Proxy Manager
|
||||
|
||||
```
|
||||
URL: http://192.168.100.9:8021
|
||||
Default Login:
|
||||
Email: admin@example.com
|
||||
Password: changeme
|
||||
```
|
||||
|
||||
**⚠️ เปลี่ยน password ทันทีหลัง login ครั้งแรก!**
|
||||
|
||||
### 2. สร้าง Proxy Host
|
||||
|
||||
1. คลิก **Proxy Hosts** → **Add Proxy Host**
|
||||
2. กรอกข้อมูล:
|
||||
|
||||
**Tab: Details**
|
||||
```
|
||||
Domain Names: ai.sriphat.com
|
||||
Scheme: http
|
||||
Forward Hostname/IP: localhost
|
||||
Forward Port: 80
|
||||
```
|
||||
|
||||
**Tab: Advanced**
|
||||
- Copy config จาก `complete-example.conf` ทั้งหมด
|
||||
- Paste ลงใน **Custom Nginx Configuration**
|
||||
|
||||
3. กด **Save**
|
||||
|
||||
### 3. ตั้งค่า SSL (Production)
|
||||
|
||||
**Tab: SSL**
|
||||
```
|
||||
☑ Request a new SSL Certificate with Let's Encrypt
|
||||
☑ Force SSL
|
||||
☑ HTTP/2 Support
|
||||
☑ HSTS Enabled
|
||||
|
||||
Email: your-email@example.com
|
||||
```
|
||||
|
||||
กด **Save**
|
||||
|
||||
## 📝 การใช้งานแบบละเอียด
|
||||
|
||||
### วิธีที่ 1: ใช้ Complete Config (แนะนำ)
|
||||
|
||||
**ข้อดี:**
|
||||
- ตั้งค่าครั้งเดียว ได้ทุก service
|
||||
- ง่ายต่อการจัดการ
|
||||
- Consistent configuration
|
||||
|
||||
**ขั้นตอน:**
|
||||
1. สร้าง Proxy Host ตาม Quick Start
|
||||
2. Copy `complete-example.conf` ไปวางใน Advanced tab
|
||||
3. Save
|
||||
|
||||
### วิธีที่ 2: แยก Config แต่ละ Service
|
||||
|
||||
**ข้อดี:**
|
||||
- ควบคุมแต่ละ service ได้อิสระ
|
||||
- ง่ายต่อการ debug
|
||||
- สามารถตั้งค่า SSL แยกกันได้
|
||||
|
||||
**ขั้นตอน:**
|
||||
|
||||
#### API Service
|
||||
```
|
||||
Domain: api.sriphat.com
|
||||
Forward: apiservice:8000
|
||||
Advanced: ใช้ config จาก apiservice.conf
|
||||
```
|
||||
|
||||
#### Supabase Studio
|
||||
```
|
||||
Domain: supabase.sriphat.com
|
||||
Forward: sdp-studio:3000
|
||||
Advanced: ใช้ config จาก supabase-studio.conf
|
||||
```
|
||||
|
||||
#### Keycloak
|
||||
```
|
||||
Domain: auth.sriphat.com
|
||||
Forward: keycloak:8080
|
||||
Advanced: ใช้ config จาก keycloak.conf
|
||||
```
|
||||
|
||||
#### Superset
|
||||
```
|
||||
Domain: bi.sriphat.com
|
||||
Forward: superset:8088
|
||||
Advanced: ใช้ config จาก superset.conf
|
||||
```
|
||||
|
||||
## 🔧 Configuration Details
|
||||
|
||||
### API Service (`/apiservice`)
|
||||
|
||||
**สิ่งสำคัญ:**
|
||||
```nginx
|
||||
proxy_set_header X-Script-Name /apiservice;
|
||||
proxy_cookie_path / /apiservice/;
|
||||
```
|
||||
|
||||
**ทำไม:**
|
||||
- FastAPI ต้องรู้ว่าทำงานภายใต้ subpath
|
||||
- Session cookies ต้อง scope ถูกต้อง
|
||||
|
||||
### Keycloak (`/keycloak`)
|
||||
|
||||
**สิ่งสำคัญ:**
|
||||
```nginx
|
||||
proxy_set_header X-Forwarded-Prefix /keycloak;
|
||||
proxy_cookie_path / /keycloak/;
|
||||
```
|
||||
|
||||
**ทำไม:**
|
||||
- Keycloak ใช้ X-Forwarded-Prefix สำหรับ redirect URLs
|
||||
- Authentication flow ต้องการ cookie path ที่ถูกต้อง
|
||||
|
||||
### Supabase Studio (`/supabase`)
|
||||
|
||||
**สิ่งสำคัญ:**
|
||||
```nginx
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
```
|
||||
|
||||
**ทำไม:**
|
||||
- Supabase Studio ใช้ WebSocket สำหรับ real-time features
|
||||
- ต้อง support HTTP/1.1 upgrade
|
||||
|
||||
### Superset (`/superset`)
|
||||
|
||||
**สิ่งสำคัญ:**
|
||||
```nginx
|
||||
proxy_connect_timeout 300s;
|
||||
proxy_send_timeout 300s;
|
||||
proxy_read_timeout 300s;
|
||||
```
|
||||
|
||||
**ทำไม:**
|
||||
- Dashboard queries อาจใช้เวลานาน
|
||||
- ต้องการ timeout ที่สูงกว่าปกติ
|
||||
|
||||
## 🐛 Troubleshooting
|
||||
|
||||
### 502 Bad Gateway
|
||||
|
||||
**สาเหตุ:**
|
||||
- Backend service ไม่ทำงาน
|
||||
- Network configuration ผิด
|
||||
|
||||
**วิธีแก้:**
|
||||
```bash
|
||||
# ตรวจสอบ service
|
||||
docker ps | grep <service-name>
|
||||
|
||||
# ตรวจสอบ network
|
||||
docker network inspect shared_data_network
|
||||
|
||||
# ดู logs
|
||||
docker logs <service-name>
|
||||
docker logs nginx-proxy-manager
|
||||
```
|
||||
|
||||
### 404 Not Found
|
||||
|
||||
**สาเหตุ:**
|
||||
- Path rewriting ไม่ถูกต้อง
|
||||
- Backend ไม่ support subpath
|
||||
|
||||
**วิธีแก้:**
|
||||
```nginx
|
||||
# ตรวจสอบ rewrite rule
|
||||
rewrite ^/apiservice(/.*)$ $1 break;
|
||||
|
||||
# ดู nginx logs
|
||||
docker exec nginx-proxy-manager tail -f /data/logs/proxy-host-*.log
|
||||
```
|
||||
|
||||
### Redirect Loop
|
||||
|
||||
**สาเหตุ:**
|
||||
- Cookie path ไม่ถูกต้อง
|
||||
- X-Forwarded-* headers ขาดหาย
|
||||
|
||||
**วิธีแก้:**
|
||||
```nginx
|
||||
# เพิ่ม headers
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
# ตั้งค่า cookie path
|
||||
proxy_cookie_path / /apiservice/;
|
||||
```
|
||||
|
||||
### WebSocket Connection Failed
|
||||
|
||||
**สาเหตุ:**
|
||||
- ไม่มี WebSocket headers
|
||||
- HTTP version ไม่ถูกต้อง
|
||||
|
||||
**วิธีแก้:**
|
||||
```nginx
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
```
|
||||
|
||||
### Session Lost After Refresh
|
||||
|
||||
**สาเหตุ:**
|
||||
- Cookie path ไม่ match กับ URL path
|
||||
- SameSite cookie policy
|
||||
|
||||
**วิธีแก้:**
|
||||
```nginx
|
||||
proxy_cookie_path / /apiservice/;
|
||||
proxy_cookie_flags ~ secure samesite=lax;
|
||||
```
|
||||
|
||||
## 🔐 Security Best Practices
|
||||
|
||||
### 1. เปลี่ยน Default Password
|
||||
```
|
||||
Settings → Users → Edit admin user
|
||||
```
|
||||
|
||||
### 2. ใช้ HTTPS ใน Production
|
||||
```
|
||||
SSL Tab → Request a new SSL Certificate
|
||||
☑ Force SSL
|
||||
☑ HSTS Enabled
|
||||
```
|
||||
|
||||
### 3. ตั้งค่า Access Lists
|
||||
```
|
||||
Access Lists → Add Access List
|
||||
- Whitelist IP addresses
|
||||
- Basic authentication
|
||||
- Apply to sensitive services (Keycloak Admin, Superset)
|
||||
```
|
||||
|
||||
### 4. Enable Rate Limiting
|
||||
```nginx
|
||||
# ใน Custom Nginx Configuration
|
||||
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
|
||||
limit_req zone=api_limit burst=20 nodelay;
|
||||
```
|
||||
|
||||
### 5. Hide Nginx Version
|
||||
```nginx
|
||||
# ใน Custom Nginx Configuration
|
||||
server_tokens off;
|
||||
```
|
||||
|
||||
## 📊 Monitoring
|
||||
|
||||
### ดู Logs
|
||||
|
||||
**ใน Nginx Proxy Manager UI:**
|
||||
```
|
||||
Proxy Hosts → Click on host → Logs tab
|
||||
```
|
||||
|
||||
**ใน Docker:**
|
||||
```bash
|
||||
# Nginx Proxy Manager logs
|
||||
docker logs nginx-proxy-manager -f
|
||||
|
||||
# Access logs
|
||||
docker exec nginx-proxy-manager tail -f /data/logs/proxy-host-*.log
|
||||
|
||||
# Error logs
|
||||
docker exec nginx-proxy-manager tail -f /data/logs/error.log
|
||||
```
|
||||
|
||||
### Health Checks
|
||||
|
||||
```bash
|
||||
# ตรวจสอบ Nginx Proxy Manager
|
||||
curl http://192.168.100.9:8021
|
||||
|
||||
# ตรวจสอบ services ผ่าน proxy
|
||||
curl http://ai.sriphat.com/apiservice/docs
|
||||
curl http://ai.sriphat.com/supabase
|
||||
curl http://ai.sriphat.com/keycloak
|
||||
```
|
||||
|
||||
## 🔄 Backup & Restore
|
||||
|
||||
### Backup Configuration
|
||||
|
||||
```bash
|
||||
# Backup Nginx Proxy Manager data
|
||||
cd /path/to/01-infra
|
||||
tar -czf npm-backup-$(date +%Y%m%d).tar.gz data/
|
||||
|
||||
# Backup specific configs
|
||||
docker exec nginx-proxy-manager tar -czf /tmp/configs.tar.gz /data/nginx
|
||||
docker cp nginx-proxy-manager:/tmp/configs.tar.gz ./npm-configs-backup.tar.gz
|
||||
```
|
||||
|
||||
### Restore Configuration
|
||||
|
||||
```bash
|
||||
# Stop Nginx Proxy Manager
|
||||
docker compose down
|
||||
|
||||
# Restore data
|
||||
tar -xzf npm-backup-YYYYMMDD.tar.gz
|
||||
|
||||
# Start Nginx Proxy Manager
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
## 📚 Additional Resources
|
||||
|
||||
- [Nginx Proxy Manager Docs](https://nginxproxymanager.com/guide/)
|
||||
- [Nginx Reverse Proxy Guide](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/)
|
||||
- [Let's Encrypt SSL](https://letsencrypt.org/getting-started/)
|
||||
|
||||
## 💡 Tips & Tricks
|
||||
|
||||
### 1. Test Config Before Applying
|
||||
```bash
|
||||
# Test nginx config
|
||||
docker exec nginx-proxy-manager nginx -t
|
||||
```
|
||||
|
||||
### 2. Reload Without Restart
|
||||
```bash
|
||||
# Reload nginx (no downtime)
|
||||
docker exec nginx-proxy-manager nginx -s reload
|
||||
```
|
||||
|
||||
### 3. View Current Config
|
||||
```bash
|
||||
# View active nginx config
|
||||
docker exec nginx-proxy-manager cat /etc/nginx/nginx.conf
|
||||
```
|
||||
|
||||
### 4. Debug Mode
|
||||
```nginx
|
||||
# เพิ่มใน Custom Nginx Configuration
|
||||
error_log /data/logs/error.log debug;
|
||||
```
|
||||
|
||||
### 5. Custom Error Pages
|
||||
```nginx
|
||||
# เพิ่มใน Custom Nginx Configuration
|
||||
error_page 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
```
|
||||
|
||||
## 🎯 Production Checklist
|
||||
|
||||
- [ ] เปลี่ยน default admin password
|
||||
- [ ] ตั้งค่า SSL certificate (Let's Encrypt)
|
||||
- [ ] Enable Force SSL
|
||||
- [ ] Enable HSTS
|
||||
- [ ] ตั้งค่า Access Lists สำหรับ admin panels
|
||||
- [ ] Enable rate limiting
|
||||
- [ ] Hide server tokens
|
||||
- [ ] ตั้งค่า backup schedule
|
||||
- [ ] Test all services ผ่าน proxy
|
||||
- [ ] Monitor logs สำหรับ errors
|
||||
- [ ] Document custom configurations
|
||||
88
01-infra/nginx-configs/supabase-kong.conf
Normal file
88
01-infra/nginx-configs/supabase-kong.conf
Normal file
@@ -0,0 +1,88 @@
|
||||
# Supabase Kong API Gateway - REST API
|
||||
# Subpath: /supabase-api
|
||||
# Backend: sdp-kong:8000
|
||||
|
||||
location /supabase-api {
|
||||
# Remove /supabase-api prefix before forwarding
|
||||
rewrite ^/supabase-api(/.*)$ $1 break;
|
||||
|
||||
# Forward to Kong Gateway
|
||||
proxy_pass http://sdp-kong:8000;
|
||||
|
||||
# Preserve headers
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
# API key and authorization headers
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
proxy_set_header apikey $http_apikey;
|
||||
|
||||
# CORS headers (if needed)
|
||||
add_header Access-Control-Allow-Origin * always;
|
||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, PATCH, OPTIONS" always;
|
||||
add_header Access-Control-Allow-Headers "Authorization, Content-Type, apikey, X-Client-Info" always;
|
||||
|
||||
# Handle preflight requests
|
||||
if ($request_method = 'OPTIONS') {
|
||||
return 204;
|
||||
}
|
||||
|
||||
# Timeouts for API calls
|
||||
proxy_connect_timeout 30s;
|
||||
proxy_send_timeout 30s;
|
||||
proxy_read_timeout 30s;
|
||||
|
||||
# Disable buffering for streaming responses
|
||||
proxy_buffering off;
|
||||
}
|
||||
|
||||
# REST API endpoints
|
||||
location /supabase-api/rest {
|
||||
rewrite ^/supabase-api(/.*)$ $1 break;
|
||||
proxy_pass http://sdp-kong:8000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
proxy_set_header apikey $http_apikey;
|
||||
}
|
||||
|
||||
# Auth endpoints
|
||||
location /supabase-api/auth {
|
||||
rewrite ^/supabase-api(/.*)$ $1 break;
|
||||
proxy_pass http://sdp-kong:8000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
proxy_set_header apikey $http_apikey;
|
||||
}
|
||||
|
||||
# Storage endpoints
|
||||
location /supabase-api/storage {
|
||||
rewrite ^/supabase-api(/.*)$ $1 break;
|
||||
proxy_pass http://sdp-kong:8000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
proxy_set_header apikey $http_apikey;
|
||||
|
||||
# Larger timeouts for file uploads
|
||||
proxy_connect_timeout 300s;
|
||||
proxy_send_timeout 300s;
|
||||
proxy_read_timeout 300s;
|
||||
client_max_body_size 100M;
|
||||
}
|
||||
|
||||
# Realtime endpoints (WebSocket)
|
||||
location /supabase-api/realtime {
|
||||
rewrite ^/supabase-api(/.*)$ $1 break;
|
||||
proxy_pass http://sdp-kong:8000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
proxy_set_header apikey $http_apikey;
|
||||
|
||||
# WebSocket support
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_read_timeout 86400;
|
||||
}
|
||||
50
01-infra/nginx-configs/supabase-studio.conf
Normal file
50
01-infra/nginx-configs/supabase-studio.conf
Normal file
@@ -0,0 +1,50 @@
|
||||
# Supabase Studio - Database Management UI
|
||||
# Subpath: /supabase
|
||||
# Backend: sdp-studio:3000
|
||||
|
||||
location /supabase {
|
||||
# Remove /supabase prefix before forwarding
|
||||
rewrite ^/supabase(/.*)$ $1 break;
|
||||
|
||||
# Forward to Supabase Studio
|
||||
proxy_pass http://sdp-studio:3000;
|
||||
|
||||
# Preserve headers
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
# WebSocket support for real-time features
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
# Timeouts
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
||||
|
||||
# Disable buffering for real-time updates
|
||||
proxy_buffering off;
|
||||
}
|
||||
|
||||
# API endpoints for Studio
|
||||
location /supabase/api {
|
||||
rewrite ^/supabase(/.*)$ $1 break;
|
||||
proxy_pass http://sdp-studio:3000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Static assets
|
||||
location /supabase/_next {
|
||||
rewrite ^/supabase(/.*)$ $1 break;
|
||||
proxy_pass http://sdp-studio:3000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_cache_valid 200 1d;
|
||||
add_header Cache-Control "public, immutable";
|
||||
}
|
||||
68
01-infra/nginx-configs/superset.conf
Normal file
68
01-infra/nginx-configs/superset.conf
Normal file
@@ -0,0 +1,68 @@
|
||||
# Apache Superset - Business Intelligence
|
||||
# Subpath: /superset
|
||||
# Backend: superset:8088
|
||||
|
||||
location /superset {
|
||||
# Remove /superset prefix before forwarding
|
||||
rewrite ^/superset(/.*)$ $1 break;
|
||||
|
||||
# Forward to Superset
|
||||
proxy_pass http://superset:8088;
|
||||
|
||||
# Preserve headers
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
|
||||
# Important for Superset subpath
|
||||
proxy_set_header X-Script-Name /superset;
|
||||
|
||||
# Session cookie handling
|
||||
proxy_cookie_path / /superset/;
|
||||
|
||||
# WebSocket support for real-time dashboards
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
# Timeouts (dashboards can take time to load)
|
||||
proxy_connect_timeout 300s;
|
||||
proxy_send_timeout 300s;
|
||||
proxy_read_timeout 300s;
|
||||
|
||||
# Buffer settings for large responses
|
||||
proxy_buffer_size 128k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
}
|
||||
|
||||
# API endpoints
|
||||
location /superset/api {
|
||||
rewrite ^/superset(/.*)$ $1 break;
|
||||
proxy_pass http://superset:8088;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Script-Name /superset;
|
||||
proxy_cookie_path / /superset/;
|
||||
}
|
||||
|
||||
# Static files
|
||||
location /superset/static {
|
||||
rewrite ^/superset(/.*)$ $1 break;
|
||||
proxy_pass http://superset:8088;
|
||||
proxy_set_header Host $host;
|
||||
proxy_cache_valid 200 1d;
|
||||
add_header Cache-Control "public, immutable";
|
||||
}
|
||||
|
||||
# Superset assets
|
||||
location /superset/superset {
|
||||
rewrite ^/superset(/.*)$ $1 break;
|
||||
proxy_pass http://superset:8088;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Script-Name /superset;
|
||||
}
|
||||
Reference in New Issue
Block a user