- 01-infra/nginx-configs: add MinIO /minio/ and /minio-console/ location blocks (port 9000 S3 API, port 9001 Console UI, path stripping via rewrite) - 03-apiservice: integrate MinIO minio-python SDK for file upload - requirements.txt: add minio==7.2.11 - app/core/config.py: add MINIO_ENDPOINT, ACCESS_KEY, SECRET_KEY, BUCKET_FINANCE, USE_SSL - app/services/minio_client.py: new — upload_file(), get_presigned_url(), delete_file() - app/routes/pages.py: replace local /data/uploads/ write with MinIO upload to finance bucket - docker-compose.yml: pass MinIO env vars to container - .env.example: document MinIO vars - 07-minio/.env.example: add MINIO_SVC_ACCESS_KEY/SECRET_KEY section - 07-minio/README.md: add Python minio SDK and Airflow DAG usage guide - CLAUDE.md: project context (servers, SSH, paths, service distribution) - document-obsidiant/: initial Obsidian docs for all services
410 lines
15 KiB
Plaintext
410 lines
15 KiB
Plaintext
server {
|
|
listen 80;
|
|
server_name dev.sriphat.com;
|
|
|
|
client_max_body_size 100M;
|
|
|
|
# redirect to ai web while wait for main protal web in the future
|
|
location = / {
|
|
return 301 /ai/;
|
|
}
|
|
|
|
|
|
location /keycloak/ {
|
|
#rewrite ^/keycloak/(.*)$ /$1 break;
|
|
proxy_pass http://keycloak:8080;
|
|
|
|
# Add WebSocket support (Necessary for version 0.5.0 and up)
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# (Optional) Disable proxy buffering for better streaming response from models
|
|
proxy_buffering off;
|
|
|
|
# (Optional) Increase max request size for large attachments and long audio messages
|
|
#client_max_body_size 20M;
|
|
proxy_read_timeout 10m;
|
|
}
|
|
|
|
|
|
# location /supabase2/ {
|
|
# #rewrite ^/supabase2/(.*)$ /$1 break;
|
|
# proxy_pass http://sdp-kong:8000;
|
|
|
|
# # Add WebSocket support (Necessary for version 0.5.0 and up)
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# # (Optional) Disable proxy buffering for better streaming response from models
|
|
# proxy_buffering off;
|
|
|
|
# # (Optional) Increase max request size for large attachments and long audio messages
|
|
# #client_max_body_size 20M;
|
|
# proxy_read_timeout 10m;
|
|
# }
|
|
|
|
|
|
# location /ai/ {
|
|
# proxy_pass http://localhost:3001/ai/;
|
|
|
|
# # Add WebSocket support (Necessary for version 0.5.0 and up)
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# # (Optional) Disable proxy buffering for better streaming response from models
|
|
# proxy_buffering off;
|
|
|
|
# # (Optional) Increase max request size for large attachments and long audio messages
|
|
# #client_max_body_size 20M;
|
|
# proxy_read_timeout 10m;
|
|
# }
|
|
|
|
# location /dashboard/ {
|
|
# proxy_pass http://localhost:8800;
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection 'upgrade';
|
|
# proxy_set_header Host $host;
|
|
# proxy_cache_bypass $http_upgrade;
|
|
# }
|
|
|
|
# location /dashboard-dev/ {
|
|
# proxy_pass http://localhost:8801;
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection 'upgrade';
|
|
# proxy_set_header Host $host;
|
|
# proxy_cache_bypass $http_upgrade;
|
|
# }
|
|
|
|
# location /realtime/ {
|
|
# proxy_pass http://sdp-kong:8000/realtime/; # ส่งไปที่ endpoint ของ backend supabase
|
|
|
|
# # คอนฟิกสำหรับ WebSocket
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "Upgrade";
|
|
|
|
# # Header สำคัญอื่นๆ
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
# # ป้องกันแชทหลุด (Timeout 1 ชั่วโมง)
|
|
# proxy_read_timeout 3600s;
|
|
# proxy_send_timeout 3600s;
|
|
# }
|
|
|
|
|
|
location /apiservice/ {
|
|
# ส่งต่อ Request ไปยัง Backend
|
|
proxy_pass http://apiservice:8040;
|
|
|
|
# การตั้งค่า Header มาตรฐาน
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
# Ensure the sub-path is handled correctly
|
|
proxy_set_header X-Forwarded-Prefix /apiservice;
|
|
|
|
# รองรับการ Upload ไฟล์ขนาดใหญ่ (ป้องกัน Timeout ระหว่างส่งข้อมูล)
|
|
proxy_read_timeout 300s;
|
|
proxy_connect_timeout 300s;
|
|
proxy_send_timeout 300s;
|
|
|
|
# ปิดการพักข้อมูลใน Buffer ของ Nginx ชั่วคราวเพื่อให้การ Upload ลื่นไหลขึ้น
|
|
proxy_request_buffering off;
|
|
proxy_buffering off;
|
|
|
|
# เพิ่มเติม: รองรับ WebSocket (เผื่อ Doc หรือ API มีการใช้ Real-time)
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
}
|
|
|
|
# # Superset Analytics Dashboard -- notwork
|
|
location /superset {
|
|
proxy_pass http://superset:8088;
|
|
|
|
# WebSocket support
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
# Standard headers
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# Superset-specific headers for sub-path support
|
|
proxy_set_header X-Forwarded-Prefix /superset;
|
|
proxy_set_header X-Script-Name /superset;
|
|
# ตัวนี้จะช่วยให้ Superset เข้าใจเรื่อง Path ในการสร้างลิงก์ Static
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
|
|
# Timeout settings (for long-running queries and dashboard loading)
|
|
proxy_read_timeout 300s;
|
|
proxy_connect_timeout 300s;
|
|
proxy_send_timeout 300s;
|
|
|
|
# Disable buffering for better streaming
|
|
proxy_buffering off;
|
|
proxy_request_buffering off;
|
|
}
|
|
|
|
location /dozzle {
|
|
# Forward to Dozzle
|
|
proxy_pass http://dozzle:8080;
|
|
|
|
# Preserve headers
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
|
|
# WebSocket support for real-time logs
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
# Timeouts for long-running log streams
|
|
proxy_connect_timeout 300s;
|
|
proxy_send_timeout 300s;
|
|
proxy_read_timeout 300s;
|
|
|
|
# Disable buffering for real-time streaming
|
|
proxy_buffering off;
|
|
proxy_request_buffering off;
|
|
}
|
|
|
|
# Static assets
|
|
location /dozzle/assets {
|
|
proxy_pass http://dozzle:8080;
|
|
proxy_set_header Host $host;
|
|
proxy_cache_valid 200 1d;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
|
|
# API endpoints
|
|
location /dozzle/api {
|
|
proxy_pass http://dozzle:8080;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# WebSocket support
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_buffering off;
|
|
}
|
|
|
|
# Health check
|
|
location /dozzle/healthcheck {
|
|
proxy_pass http://dozzle:8080;
|
|
proxy_set_header Host $host;
|
|
access_log off;
|
|
}
|
|
|
|
# =============================================
|
|
# Superset Analytics Dashboard
|
|
# Superset routes are at root level (no single prefix)
|
|
# We proxy ALL Superset paths directly to port 8088
|
|
# =============================================
|
|
|
|
# # Redirect /superset/ and /superset to welcome page
|
|
# location = /superset/ {
|
|
# return 302 /superset/welcome/;
|
|
# }
|
|
# location = /superset {
|
|
# return 302 /superset/welcome/;
|
|
# }
|
|
|
|
# Superset views (welcome, dashboard view, explore, etc.)
|
|
# location /superset {
|
|
# proxy_pass http://localhost:8088;
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection 'upgrade';
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
# proxy_set_header Accept-Encoding "";
|
|
# proxy_read_timeout 300s;
|
|
# proxy_connect_timeout 300s;
|
|
# proxy_send_timeout 300s;
|
|
|
|
# # Rewrite logo brand link in HTML
|
|
# sub_filter_once off;
|
|
# sub_filter '"path":"/"' '"path":"/superset/welcome/"';
|
|
# sub_filter '"path": "/"' '"path": "/superset/welcome/"';
|
|
# }
|
|
|
|
# # Superset API, static files, auth, and all other root-level routes
|
|
# # NOTE: /dashboard/ is NOT included here - it's handled by sriphat-dashboard on port 8800
|
|
# location ~ ^/(api|static|login|logout|chart|explore|sqllab|savedqueryview|tablemodelview|tableschemaview|tabstateview|tagview|datasource|dataset|databaseview|annotationlayer|csstemplatemodelview|rowlevelsecurity|embedded|dynamic-plugins|lang|theme|healthcheck|ping|roles|users|user_info|userinfoeditview|register|registrations|resetpassword|resetmypassword|groups|list_groups|back|swagger|alert|report|actionlog)(/|$) {
|
|
# proxy_pass http://localhost:8088;
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection 'upgrade';
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
# proxy_set_header Accept-Encoding "";
|
|
# proxy_read_timeout 300s;
|
|
# proxy_connect_timeout 300s;
|
|
# proxy_send_timeout 300s;
|
|
|
|
# # Rewrite logo href in HTML/JS responses
|
|
# sub_filter_once off;
|
|
# sub_filter_types application/javascript;
|
|
# sub_filter '"path":"/"' '"path":"/superset/welcome/"';
|
|
# sub_filter "'path':'/'" "'path':'/superset/welcome/'";
|
|
# }
|
|
|
|
# location /aiflow/ {
|
|
# proxy_pass http://airflow-webserver:8080;
|
|
|
|
# # WebSocket support
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
|
|
# # Standard headers
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# # Superset-specific headers for sub-path support
|
|
# proxy_set_header X-Forwarded-Prefix /superset;
|
|
# proxy_set_header X-Script-Name /superset;
|
|
|
|
# # Timeout settings (for long-running queries and dashboard loading)
|
|
# proxy_read_timeout 300s;
|
|
# proxy_connect_timeout 300s;
|
|
# proxy_send_timeout 300s;
|
|
|
|
# # Disable buffering for better streaming
|
|
# proxy_buffering off;
|
|
# proxy_request_buffering off;
|
|
# }
|
|
|
|
# location /dbt/ {
|
|
# proxy_pass http://dbt:8080;
|
|
|
|
# # WebSocket support
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
|
|
# # Standard headers
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# # Superset-specific headers for sub-path support
|
|
# proxy_set_header X-Forwarded-Prefix /superset;
|
|
# proxy_set_header X-Script-Name /superset;
|
|
|
|
# # Timeout settings (for long-running queries and dashboard loading)
|
|
# proxy_read_timeout 300s;
|
|
# proxy_connect_timeout 300s;
|
|
# proxy_send_timeout 300s;
|
|
|
|
# # Disable buffering for better streaming
|
|
# proxy_buffering off;
|
|
# proxy_request_buffering off;
|
|
# }
|
|
|
|
# =============================================
|
|
# MinIO Object Storage (Server 2: 192.168.100.9)
|
|
# =============================================
|
|
|
|
# MinIO S3 API — port 9000
|
|
# Path MUST be stripped before passing to MinIO
|
|
location /minio/ {
|
|
proxy_pass http://192.168.100.9:9000/;
|
|
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-NginX-Proxy true;
|
|
|
|
proxy_connect_timeout 300;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
chunked_transfer_encoding off;
|
|
|
|
client_max_body_size 1G;
|
|
proxy_request_buffering off;
|
|
proxy_buffering off;
|
|
}
|
|
|
|
# MinIO Console UI — port 9001 (NOT 9000!)
|
|
# Path MUST be stripped: /minio-console/foo → /foo
|
|
location /minio-console/ {
|
|
rewrite ^/minio-console/(.*) /$1 break;
|
|
proxy_pass http://192.168.100.9:9001;
|
|
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-NginX-Proxy true;
|
|
|
|
# WebSocket support (Console uses WebSocket for real-time updates)
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_buffering off;
|
|
chunked_transfer_encoding off;
|
|
}
|
|
|
|
# Redirect /minio-console → /minio-console/
|
|
location = /minio-console {
|
|
return 301 $scheme://$http_host/minio-console/;
|
|
}
|
|
|
|
#listen 443 ssl; # managed by sriphat
|
|
#ssl_certificate /etc/letsencrypt/live/ai.bda.co.th/fullchain.pem; # managed by Certbot
|
|
#ssl_certificate_key /etc/letsencrypt/live/ai.bda.co.th/privkey.pem; # managed by Certbot
|
|
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
}
|
|
|
|
#server {
|
|
# listen 80 default_server;
|
|
# server_name ai.bda.co.th;
|
|
# #rewrite ^/[old-page]$ https://[domain]/[new-page] permanent;
|
|
# return 301 https://$host$request_uri;
|
|
#} |