# Docker Nginx конфигурация для mc.exbytestudios.com # Внутренний nginx в Docker контейнере # Принимает HTTP от внешнего nginx, проксирует в сервисы # WebSocket upgrade mapping map $http_upgrade $connection_upgrade { default upgrade; '' close; } # Upstream definitions (using Docker service names) upstream remote_access_api { server remote_access_api:8000; keepalive 32; } upstream guacamole_web { server guacamole:8080; keepalive 32; } # Main server block - слушает на порту 8443 для внешнего nginx server { listen 8443; server_name _; # Принимаем любой Host от внешнего nginx # Logging (внутренние логи Docker) access_log /var/log/nginx/docker.access.log; error_log /var/log/nginx/docker.error.log; # General settings client_max_body_size 10M; client_body_timeout 60s; client_header_timeout 60s; keepalive_timeout 65s; # Root location - redirect to API docs location = / { return 302 /api/docs; } # ========================================================================= # API Endpoints - Все бизнес-эндпоинты с префиксом /api/ # ========================================================================= # FastAPI endpoints: /api/auth/*, /api/connections, /api/machines/*, # /api/bulk/*, /api/security/* # CORS headers добавляются в Gateway nginx для избежания дубликатов location /api/ { proxy_pass http://remote_access_api; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; # Передача Content-Type и Content-Length для POST/PUT proxy_set_header Content-Type $content_type; proxy_set_header Content-Length $content_length; # Timeouts proxy_connect_timeout 30s; proxy_send_timeout 120s; proxy_read_timeout 120s; # Buffering для POST body proxy_buffering off; proxy_request_buffering off; client_max_body_size 10M; # Cache control add_header Cache-Control "no-cache, no-store, must-revalidate" always; add_header Pragma "no-cache" always; add_header Expires "0" always; } # ✅ WebSocket Notifications - специальная обработка для WebSocket # КРИТИЧНО: Длинные таймауты и отключение буферизации для WebSocket location /ws/ { proxy_pass http://remote_access_api; proxy_http_version 1.1; # ✅ WebSocket upgrade headers proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; # Standard proxy headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; # ✅ КРИТИЧНО: Длинные таймауты для WebSocket (до 2 часов) proxy_connect_timeout 60s; proxy_send_timeout 7200s; proxy_read_timeout 7200s; # ✅ КРИТИЧНО: Отключаем буферизацию для WebSocket proxy_buffering off; proxy_request_buffering off; # Cache control add_header Cache-Control "no-cache, no-store, must-revalidate" always; } # Guacamole Web Application location /guacamole/ { proxy_pass http://guacamole_web/guacamole/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket support for Guacamole proxy_read_timeout 7200s; proxy_send_timeout 7200s; # Buffer settings for WebSocket proxy_buffering off; proxy_request_buffering off; # Allow iframe embedding for Guacamole client (desktop/electron apps) proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; # Cache control add_header Cache-Control "no-cache, no-store, must-revalidate" always; } # Guacamole WebSocket tunnel location /guacamole/websocket-tunnel { proxy_pass http://guacamole_web/guacamole/websocket-tunnel; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket specific settings proxy_read_timeout 7200s; proxy_send_timeout 7200s; proxy_buffering off; proxy_request_buffering off; # Allow iframe embedding and WebSocket in iframe proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; } # Guacamole static assets location ~ ^/guacamole/(.*\.(js|css|json|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot))$ { proxy_pass http://guacamole_web/guacamole/$1; proxy_http_version 1.1; proxy_set_header Host $host; # Cache static assets for 1 hour add_header Cache-Control "public, max-age=3600"; expires 1h; } # Custom error pages error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /404.html { return 404 '{"error": "Not Found", "message": "The requested resource was not found"}'; add_header Content-Type application/json always; } location = /50x.html { return 500 '{"error": "Internal Server Error", "message": "Please try again later"}'; add_header Content-Type application/json always; } }