root/Remote-Control-Center
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init_guac

Browse Source
This commit is contained in:
root
2025-11-25 09:58:37 +03:00
parent 68c8f0e80d
commit 9d5bdd57a7
57 changed files with 18272 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

185
guacamole_test_11_26/nginx/mc.exbytestudios.com.conf Executable file
View File

@ -0,0 +1,185 @@
# Docker Nginx конфигурация для mc.exbytestudios.com
# Внутренний nginx в Docker контейнере
# Принимает HTTP от внешнего nginx, проксирует в сервисы
# WebSocket upgrade mapping
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Upstream definitions (using Docker service names)
upstream remote_access_api {
server remote_access_api:8000;
keepalive 32;
}
upstream guacamole_web {
server guacamole:8080;
keepalive 32;
}
# Main server block - слушает на порту 8443 для внешнего nginx
server {
listen 8443;
server_name _; # Принимаем любой Host от внешнего nginx
# Logging (внутренние логи Docker)
access_log /var/log/nginx/docker.access.log;
error_log /var/log/nginx/docker.error.log;
# General settings
client_max_body_size 10M;
client_body_timeout 60s;
client_header_timeout 60s;
keepalive_timeout 65s;
# Root location - redirect to API docs
location = / {
return 302 /api/docs;
}
# =========================================================================
# API Endpoints - Все бизнес-эндпоинты с префиксом /api/
# =========================================================================
# FastAPI endpoints: /api/auth/*, /api/connections, /api/machines/*,
# /api/bulk/*, /api/security/*
# CORS headers добавляются в Gateway nginx для избежания дубликатов
location /api/ {
proxy_pass http://remote_access_api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Передача Content-Type и Content-Length для POST/PUT
proxy_set_header Content-Type $content_type;
proxy_set_header Content-Length $content_length;
# Timeouts
proxy_connect_timeout 30s;
proxy_send_timeout 120s;
proxy_read_timeout 120s;
# Buffering для POST body
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 10M;
# Cache control
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
add_header Pragma "no-cache" always;
add_header Expires "0" always;
}
# ✅ WebSocket Notifications - специальная обработка для WebSocket
# КРИТИЧНО: Длинные таймауты и отключение буферизации для WebSocket
location /ws/ {
proxy_pass http://remote_access_api;
proxy_http_version 1.1;
# ✅ WebSocket upgrade headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# Standard proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# ✅ КРИТИЧНО: Длинные таймауты для WebSocket (до 2 часов)
proxy_connect_timeout 60s;
proxy_send_timeout 7200s;
proxy_read_timeout 7200s;
# ✅ КРИТИЧНО: Отключаем буферизацию для WebSocket
proxy_buffering off;
proxy_request_buffering off;
# Cache control
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
}
# Guacamole Web Application
location /guacamole/ {
proxy_pass http://guacamole_web/guacamole/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support for Guacamole
proxy_read_timeout 7200s;
proxy_send_timeout 7200s;
# Buffer settings for WebSocket
proxy_buffering off;
proxy_request_buffering off;
# Allow iframe embedding for Guacamole client (desktop/electron apps)
proxy_hide_header X-Frame-Options;
proxy_hide_header Content-Security-Policy;
# Cache control
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
}
# Guacamole WebSocket tunnel
location /guacamole/websocket-tunnel {
proxy_pass http://guacamole_web/guacamole/websocket-tunnel;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket specific settings
proxy_read_timeout 7200s;
proxy_send_timeout 7200s;
proxy_buffering off;
proxy_request_buffering off;
# Allow iframe embedding and WebSocket in iframe
proxy_hide_header X-Frame-Options;
proxy_hide_header Content-Security-Policy;
}
# Guacamole static assets
location ~ ^/guacamole/(.*\.(js|css|json|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot))$ {
proxy_pass http://guacamole_web/guacamole/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
# Cache static assets for 1 hour
add_header Cache-Control "public, max-age=3600";
expires 1h;
}
# Custom error pages
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /404.html {
return 404 '{"error": "Not Found", "message": "The requested resource was not found"}';
add_header Content-Type application/json always;
}
location = /50x.html {
return 500 '{"error": "Internal Server Error", "message": "Please try again later"}';
add_header Content-Type application/json always;
}
}