Files
jigoong a587be08bd feat: MinIO integration — bucket finance, API service upload, Nginx routing
- 01-infra/nginx-configs: add MinIO /minio/ and /minio-console/ location blocks
  (port 9000 S3 API, port 9001 Console UI, path stripping via rewrite)
- 03-apiservice: integrate MinIO minio-python SDK for file upload
  - requirements.txt: add minio==7.2.11
  - app/core/config.py: add MINIO_ENDPOINT, ACCESS_KEY, SECRET_KEY, BUCKET_FINANCE, USE_SSL
  - app/services/minio_client.py: new — upload_file(), get_presigned_url(), delete_file()
  - app/routes/pages.py: replace local /data/uploads/ write with MinIO upload to finance bucket
  - docker-compose.yml: pass MinIO env vars to container
  - .env.example: document MinIO vars
- 07-minio/.env.example: add MINIO_SVC_ACCESS_KEY/SECRET_KEY section
- 07-minio/README.md: add Python minio SDK and Airflow DAG usage guide
- CLAUDE.md: project context (servers, SSH, paths, service distribution)
- document-obsidiant/: initial Obsidian docs for all services
2026-05-20 17:42:39 +07:00

410 lines
15 KiB
Plaintext

server {
listen 80;
server_name dev.sriphat.com;
client_max_body_size 100M;
# redirect to ai web while wait for main protal web in the future
location = / {
return 301 /ai/;
}
location /keycloak/ {
#rewrite ^/keycloak/(.*)$ /$1 break;
proxy_pass http://keycloak:8080;
# Add WebSocket support (Necessary for version 0.5.0 and up)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# (Optional) Disable proxy buffering for better streaming response from models
proxy_buffering off;
# (Optional) Increase max request size for large attachments and long audio messages
#client_max_body_size 20M;
proxy_read_timeout 10m;
}
# location /supabase2/ {
# #rewrite ^/supabase2/(.*)$ /$1 break;
# proxy_pass http://sdp-kong:8000;
# # Add WebSocket support (Necessary for version 0.5.0 and up)
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # (Optional) Disable proxy buffering for better streaming response from models
# proxy_buffering off;
# # (Optional) Increase max request size for large attachments and long audio messages
# #client_max_body_size 20M;
# proxy_read_timeout 10m;
# }
# location /ai/ {
# proxy_pass http://localhost:3001/ai/;
# # Add WebSocket support (Necessary for version 0.5.0 and up)
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # (Optional) Disable proxy buffering for better streaming response from models
# proxy_buffering off;
# # (Optional) Increase max request size for large attachments and long audio messages
# #client_max_body_size 20M;
# proxy_read_timeout 10m;
# }
# location /dashboard/ {
# proxy_pass http://localhost:8800;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
# }
# location /dashboard-dev/ {
# proxy_pass http://localhost:8801;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
# }
# location /realtime/ {
# proxy_pass http://sdp-kong:8000/realtime/; # ส่งไปที่ endpoint ของ backend supabase
# # คอนฟิกสำหรับ WebSocket
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# # Header สำคัญอื่นๆ
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# # ป้องกันแชทหลุด (Timeout 1 ชั่วโมง)
# proxy_read_timeout 3600s;
# proxy_send_timeout 3600s;
# }
location /apiservice/ {
# ส่งต่อ Request ไปยัง Backend
proxy_pass http://apiservice:8040;
# การตั้งค่า Header มาตรฐาน
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Ensure the sub-path is handled correctly
proxy_set_header X-Forwarded-Prefix /apiservice;
# รองรับการ Upload ไฟล์ขนาดใหญ่ (ป้องกัน Timeout ระหว่างส่งข้อมูล)
proxy_read_timeout 300s;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
# ปิดการพักข้อมูลใน Buffer ของ Nginx ชั่วคราวเพื่อให้การ Upload ลื่นไหลขึ้น
proxy_request_buffering off;
proxy_buffering off;
# เพิ่มเติม: รองรับ WebSocket (เผื่อ Doc หรือ API มีการใช้ Real-time)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
# # Superset Analytics Dashboard -- notwork
location /superset {
proxy_pass http://superset:8088;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Standard headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Superset-specific headers for sub-path support
proxy_set_header X-Forwarded-Prefix /superset;
proxy_set_header X-Script-Name /superset;
# ตัวนี้จะช่วยให้ Superset เข้าใจเรื่อง Path ในการสร้างลิงก์ Static
proxy_set_header X-Forwarded-Host $host;
# Timeout settings (for long-running queries and dashboard loading)
proxy_read_timeout 300s;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
# Disable buffering for better streaming
proxy_buffering off;
proxy_request_buffering off;
}
location /dozzle {
# Forward to Dozzle
proxy_pass http://dozzle:8080;
# Preserve headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# WebSocket support for real-time logs
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts for long-running log streams
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# Disable buffering for real-time streaming
proxy_buffering off;
proxy_request_buffering off;
}
# Static assets
location /dozzle/assets {
proxy_pass http://dozzle:8080;
proxy_set_header Host $host;
proxy_cache_valid 200 1d;
add_header Cache-Control "public, immutable";
}
# API endpoints
location /dozzle/api {
proxy_pass http://dozzle:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
}
# Health check
location /dozzle/healthcheck {
proxy_pass http://dozzle:8080;
proxy_set_header Host $host;
access_log off;
}
# =============================================
# Superset Analytics Dashboard
# Superset routes are at root level (no single prefix)
# We proxy ALL Superset paths directly to port 8088
# =============================================
# # Redirect /superset/ and /superset to welcome page
# location = /superset/ {
# return 302 /superset/welcome/;
# }
# location = /superset {
# return 302 /superset/welcome/;
# }
# Superset views (welcome, dashboard view, explore, etc.)
# location /superset {
# proxy_pass http://localhost:8088;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Accept-Encoding "";
# proxy_read_timeout 300s;
# proxy_connect_timeout 300s;
# proxy_send_timeout 300s;
# # Rewrite logo brand link in HTML
# sub_filter_once off;
# sub_filter '"path":"/"' '"path":"/superset/welcome/"';
# sub_filter '"path": "/"' '"path": "/superset/welcome/"';
# }
# # Superset API, static files, auth, and all other root-level routes
# # NOTE: /dashboard/ is NOT included here - it's handled by sriphat-dashboard on port 8800
# location ~ ^/(api|static|login|logout|chart|explore|sqllab|savedqueryview|tablemodelview|tableschemaview|tabstateview|tagview|datasource|dataset|databaseview|annotationlayer|csstemplatemodelview|rowlevelsecurity|embedded|dynamic-plugins|lang|theme|healthcheck|ping|roles|users|user_info|userinfoeditview|register|registrations|resetpassword|resetmypassword|groups|list_groups|back|swagger|alert|report|actionlog)(/|$) {
# proxy_pass http://localhost:8088;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Accept-Encoding "";
# proxy_read_timeout 300s;
# proxy_connect_timeout 300s;
# proxy_send_timeout 300s;
# # Rewrite logo href in HTML/JS responses
# sub_filter_once off;
# sub_filter_types application/javascript;
# sub_filter '"path":"/"' '"path":"/superset/welcome/"';
# sub_filter "'path':'/'" "'path':'/superset/welcome/'";
# }
# location /aiflow/ {
# proxy_pass http://airflow-webserver:8080;
# # WebSocket support
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# # Standard headers
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # Superset-specific headers for sub-path support
# proxy_set_header X-Forwarded-Prefix /superset;
# proxy_set_header X-Script-Name /superset;
# # Timeout settings (for long-running queries and dashboard loading)
# proxy_read_timeout 300s;
# proxy_connect_timeout 300s;
# proxy_send_timeout 300s;
# # Disable buffering for better streaming
# proxy_buffering off;
# proxy_request_buffering off;
# }
# location /dbt/ {
# proxy_pass http://dbt:8080;
# # WebSocket support
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# # Standard headers
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # Superset-specific headers for sub-path support
# proxy_set_header X-Forwarded-Prefix /superset;
# proxy_set_header X-Script-Name /superset;
# # Timeout settings (for long-running queries and dashboard loading)
# proxy_read_timeout 300s;
# proxy_connect_timeout 300s;
# proxy_send_timeout 300s;
# # Disable buffering for better streaming
# proxy_buffering off;
# proxy_request_buffering off;
# }
# =============================================
# MinIO Object Storage (Server 2: 192.168.100.9)
# =============================================
# MinIO S3 API — port 9000
# Path MUST be stripped before passing to MinIO
location /minio/ {
proxy_pass http://192.168.100.9:9000/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
client_max_body_size 1G;
proxy_request_buffering off;
proxy_buffering off;
}
# MinIO Console UI — port 9001 (NOT 9000!)
# Path MUST be stripped: /minio-console/foo → /foo
location /minio-console/ {
rewrite ^/minio-console/(.*) /$1 break;
proxy_pass http://192.168.100.9:9001;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# WebSocket support (Console uses WebSocket for real-time updates)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
chunked_transfer_encoding off;
}
# Redirect /minio-console → /minio-console/
location = /minio-console {
return 301 $scheme://$http_host/minio-console/;
}
#listen 443 ssl; # managed by sriphat
#ssl_certificate /etc/letsencrypt/live/ai.bda.co.th/fullchain.pem; # managed by Certbot
#ssl_certificate_key /etc/letsencrypt/live/ai.bda.co.th/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
#server {
# listen 80 default_server;
# server_name ai.bda.co.th;
# #rewrite ^/[old-page]$ https://[domain]/[new-page] permanent;
# return 301 https://$host$request_uri;
#}