server { listen 80; server_name dev.sriphat.com; client_max_body_size 100M; # redirect to ai web while wait for main protal web in the future location = / { return 301 /ai/; } location /keycloak/ { #rewrite ^/keycloak/(.*)$ /$1 break; proxy_pass http://keycloak:8080; # Add WebSocket support (Necessary for version 0.5.0 and up) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # (Optional) Disable proxy buffering for better streaming response from models proxy_buffering off; # (Optional) Increase max request size for large attachments and long audio messages #client_max_body_size 20M; proxy_read_timeout 10m; } # location /supabase2/ { # #rewrite ^/supabase2/(.*)$ /$1 break; # proxy_pass http://sdp-kong:8000; # # Add WebSocket support (Necessary for version 0.5.0 and up) # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # # (Optional) Disable proxy buffering for better streaming response from models # proxy_buffering off; # # (Optional) Increase max request size for large attachments and long audio messages # #client_max_body_size 20M; # proxy_read_timeout 10m; # } # location /ai/ { # proxy_pass http://localhost:3001/ai/; # # Add WebSocket support (Necessary for version 0.5.0 and up) # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # # (Optional) Disable proxy buffering for better streaming response from models # proxy_buffering off; # # (Optional) Increase max request size for large attachments and long audio messages # #client_max_body_size 20M; # proxy_read_timeout 10m; # } # location /dashboard/ { # proxy_pass http://localhost:8800; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection 'upgrade'; # proxy_set_header Host $host; # proxy_cache_bypass $http_upgrade; # } # location /dashboard-dev/ { # proxy_pass http://localhost:8801; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection 'upgrade'; # proxy_set_header Host $host; # proxy_cache_bypass $http_upgrade; # } # location /realtime/ { # proxy_pass http://sdp-kong:8000/realtime/; # ส่งไปที่ endpoint ของ backend supabase # # คอนฟิกสำหรับ WebSocket # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "Upgrade"; # # Header สำคัญอื่นๆ # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # # ป้องกันแชทหลุด (Timeout 1 ชั่วโมง) # proxy_read_timeout 3600s; # proxy_send_timeout 3600s; # } location /apiservice/ { # ส่งต่อ Request ไปยัง Backend proxy_pass http://apiservice:8040; # การตั้งค่า Header มาตรฐาน proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Ensure the sub-path is handled correctly proxy_set_header X-Forwarded-Prefix /apiservice; # รองรับการ Upload ไฟล์ขนาดใหญ่ (ป้องกัน Timeout ระหว่างส่งข้อมูล) proxy_read_timeout 300s; proxy_connect_timeout 300s; proxy_send_timeout 300s; # ปิดการพักข้อมูลใน Buffer ของ Nginx ชั่วคราวเพื่อให้การ Upload ลื่นไหลขึ้น proxy_request_buffering off; proxy_buffering off; # เพิ่มเติม: รองรับ WebSocket (เผื่อ Doc หรือ API มีการใช้ Real-time) proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } # # Superset Analytics Dashboard -- notwork location /superset { proxy_pass http://superset:8088; # WebSocket support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Standard headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Superset-specific headers for sub-path support proxy_set_header X-Forwarded-Prefix /superset; proxy_set_header X-Script-Name /superset; # ตัวนี้จะช่วยให้ Superset เข้าใจเรื่อง Path ในการสร้างลิงก์ Static proxy_set_header X-Forwarded-Host $host; # Timeout settings (for long-running queries and dashboard loading) proxy_read_timeout 300s; proxy_connect_timeout 300s; proxy_send_timeout 300s; # Disable buffering for better streaming proxy_buffering off; proxy_request_buffering off; } location /dozzle { # Forward to Dozzle proxy_pass http://dozzle:8080; # Preserve headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; # WebSocket support for real-time logs proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Timeouts for long-running log streams proxy_connect_timeout 300s; proxy_send_timeout 300s; proxy_read_timeout 300s; # Disable buffering for real-time streaming proxy_buffering off; proxy_request_buffering off; } # Static assets location /dozzle/assets { proxy_pass http://dozzle:8080; proxy_set_header Host $host; proxy_cache_valid 200 1d; add_header Cache-Control "public, immutable"; } # API endpoints location /dozzle/api { proxy_pass http://dozzle:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_buffering off; } # Health check location /dozzle/healthcheck { proxy_pass http://dozzle:8080; proxy_set_header Host $host; access_log off; } # ============================================= # Superset Analytics Dashboard # Superset routes are at root level (no single prefix) # We proxy ALL Superset paths directly to port 8088 # ============================================= # # Redirect /superset/ and /superset to welcome page # location = /superset/ { # return 302 /superset/welcome/; # } # location = /superset { # return 302 /superset/welcome/; # } # Superset views (welcome, dashboard view, explore, etc.) # location /superset { # proxy_pass http://localhost:8088; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection 'upgrade'; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header Accept-Encoding ""; # proxy_read_timeout 300s; # proxy_connect_timeout 300s; # proxy_send_timeout 300s; # # Rewrite logo brand link in HTML # sub_filter_once off; # sub_filter '"path":"/"' '"path":"/superset/welcome/"'; # sub_filter '"path": "/"' '"path": "/superset/welcome/"'; # } # # Superset API, static files, auth, and all other root-level routes # # NOTE: /dashboard/ is NOT included here - it's handled by sriphat-dashboard on port 8800 # location ~ ^/(api|static|login|logout|chart|explore|sqllab|savedqueryview|tablemodelview|tableschemaview|tabstateview|tagview|datasource|dataset|databaseview|annotationlayer|csstemplatemodelview|rowlevelsecurity|embedded|dynamic-plugins|lang|theme|healthcheck|ping|roles|users|user_info|userinfoeditview|register|registrations|resetpassword|resetmypassword|groups|list_groups|back|swagger|alert|report|actionlog)(/|$) { # proxy_pass http://localhost:8088; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection 'upgrade'; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header Accept-Encoding ""; # proxy_read_timeout 300s; # proxy_connect_timeout 300s; # proxy_send_timeout 300s; # # Rewrite logo href in HTML/JS responses # sub_filter_once off; # sub_filter_types application/javascript; # sub_filter '"path":"/"' '"path":"/superset/welcome/"'; # sub_filter "'path':'/'" "'path':'/superset/welcome/'"; # } # location /aiflow/ { # proxy_pass http://airflow-webserver:8080; # # WebSocket support # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # # Standard headers # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # # Superset-specific headers for sub-path support # proxy_set_header X-Forwarded-Prefix /superset; # proxy_set_header X-Script-Name /superset; # # Timeout settings (for long-running queries and dashboard loading) # proxy_read_timeout 300s; # proxy_connect_timeout 300s; # proxy_send_timeout 300s; # # Disable buffering for better streaming # proxy_buffering off; # proxy_request_buffering off; # } # location /dbt/ { # proxy_pass http://dbt:8080; # # WebSocket support # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # # Standard headers # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # # Superset-specific headers for sub-path support # proxy_set_header X-Forwarded-Prefix /superset; # proxy_set_header X-Script-Name /superset; # # Timeout settings (for long-running queries and dashboard loading) # proxy_read_timeout 300s; # proxy_connect_timeout 300s; # proxy_send_timeout 300s; # # Disable buffering for better streaming # proxy_buffering off; # proxy_request_buffering off; # } # ============================================= # MinIO Object Storage (Server 2: 192.168.100.9) # ============================================= # MinIO S3 API — port 9000 # Path MUST be stripped before passing to MinIO location /minio/ { proxy_pass http://192.168.100.9:9000/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-NginX-Proxy true; proxy_connect_timeout 300; proxy_http_version 1.1; proxy_set_header Connection ""; chunked_transfer_encoding off; client_max_body_size 1G; proxy_request_buffering off; proxy_buffering off; } # MinIO Console UI — port 9001 (NOT 9000!) # Path MUST be stripped: /minio-console/foo → /foo location /minio-console/ { rewrite ^/minio-console/(.*) /$1 break; proxy_pass http://192.168.100.9:9001; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-NginX-Proxy true; # WebSocket support (Console uses WebSocket for real-time updates) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_buffering off; chunked_transfer_encoding off; } # Redirect /minio-console → /minio-console/ location = /minio-console { return 301 $scheme://$http_host/minio-console/; } #listen 443 ssl; # managed by sriphat #ssl_certificate /etc/letsencrypt/live/ai.bda.co.th/fullchain.pem; # managed by Certbot #ssl_certificate_key /etc/letsencrypt/live/ai.bda.co.th/privkey.pem; # managed by Certbot #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } #server { # listen 80 default_server; # server_name ai.bda.co.th; # #rewrite ^/[old-page]$ https://[domain]/[new-page] permanent; # return 301 https://$host$request_uri; #}