root/Remote-Control-Center
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Remote-Control-Center/guacamole_test_11_26/nginx/mc.exbytestudios.com.conf
root 60792735ad add api
2025-11-25 10:11:32 +03:00

186 lines
6.9 KiB
Plaintext
Executable File
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Docker Nginx конфигурация для mc.exbytestudios.com
# Внутренний nginx в Docker контейнере
# Принимает HTTP от внешнего nginx, проксирует в сервисы
# WebSocket upgrade mapping
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Upstream definitions (using Docker service names)
upstream remote_access_api {
server remote_access_api:8000;
keepalive 32;
}
upstream guacamole_web {
server guacamole:8080;
keepalive 32;
}
# Main server block - слушает на порту 8443 для внешнего nginx
server {
listen 8443;
server_name _; # Принимаем любой Host от внешнего nginx
# Logging (внутренние логи Docker)
access_log /var/log/nginx/docker.access.log;
error_log /var/log/nginx/docker.error.log;
# General settings
client_max_body_size 10M;
client_body_timeout 60s;
client_header_timeout 60s;
keepalive_timeout 65s;
# Root location - redirect to API docs
location = / {
return 302 /api/docs;
}
# =========================================================================
# API Endpoints - Все бизнес-эндпоинты с префиксом /api/
# =========================================================================
# FastAPI endpoints: /api/auth/*, /api/connections, /api/machines/*,
# /api/bulk/*, /api/security/*
# CORS headers добавляются в Gateway nginx для избежания дубликатов
location /api/ {
proxy_pass http://remote_access_api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Передача Content-Type и Content-Length для POST/PUT
proxy_set_header Content-Type $content_type;
proxy_set_header Content-Length $content_length;
# Timeouts
proxy_connect_timeout 30s;
proxy_send_timeout 120s;
proxy_read_timeout 120s;
# Buffering для POST body
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 10M;
# Cache control
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
add_header Pragma "no-cache" always;
add_header Expires "0" always;
}
# ✅ WebSocket Notifications - специальная обработка для WebSocket
# КРИТИЧНО: Длинные таймауты и отключение буферизации для WebSocket
location /ws/ {
proxy_pass http://remote_access_api;
proxy_http_version 1.1;
# ✅ WebSocket upgrade headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# Standard proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# ✅ КРИТИЧНО: Длинные таймауты для WebSocket (до 2 часов)
proxy_connect_timeout 60s;
proxy_send_timeout 7200s;
proxy_read_timeout 7200s;
# ✅ КРИТИЧНО: Отключаем буферизацию для WebSocket
proxy_buffering off;
proxy_request_buffering off;
# Cache control
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
}
# Guacamole Web Application
location /guacamole/ {
proxy_pass http://guacamole_web/guacamole/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support for Guacamole
proxy_read_timeout 7200s;
proxy_send_timeout 7200s;
# Buffer settings for WebSocket
proxy_buffering off;
proxy_request_buffering off;
# Allow iframe embedding for Guacamole client (desktop/electron apps)
proxy_hide_header X-Frame-Options;
proxy_hide_header Content-Security-Policy;
# Cache control
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
}
# Guacamole WebSocket tunnel
location /guacamole/websocket-tunnel {
proxy_pass http://guacamole_web/guacamole/websocket-tunnel;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket specific settings
proxy_read_timeout 7200s;
proxy_send_timeout 7200s;
proxy_buffering off;
proxy_request_buffering off;
# Allow iframe embedding and WebSocket in iframe
proxy_hide_header X-Frame-Options;
proxy_hide_header Content-Security-Policy;
}
# Guacamole static assets
location ~ ^/guacamole/(.*\.(js|css|json|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot))$ {
proxy_pass http://guacamole_web/guacamole/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
# Cache static assets for 1 hour
add_header Cache-Control "public, max-age=3600";
expires 1h;
}
# Custom error pages
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /404.html {
return 404 '{"error": "Not Found", "message": "The requested resource was not found"}';
add_header Content-Type application/json always;
}
location = /50x.html {
return 500 '{"error": "Internal Server Error", "message": "Please try again later"}';
add_header Content-Type application/json always;
}
}
Reference in New Issue View Git Blame Copy Permalink