110 lines
3.1 KiB
Smarty
110 lines
3.1 KiB
Smarty
upstream kong_upstream {
|
|
server kong:8000;
|
|
keepalive 2;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
http2 on;
|
|
|
|
server_name ${PROXY_DOMAIN};
|
|
server_tokens off;
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $http_host;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/${PROXY_DOMAIN}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/${PROXY_DOMAIN}/privkey.pem;
|
|
ssl_trusted_certificate /etc/letsencrypt/live/${PROXY_DOMAIN}/chain.pem;
|
|
|
|
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
|
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 10m;
|
|
|
|
# Prevent 502 errors from large Supabase auth cookies
|
|
large_client_header_buffers 4 16k;
|
|
proxy_buffer_size 128k;
|
|
proxy_buffers 4 256k;
|
|
proxy_busy_buffers_size 256k;
|
|
|
|
location / {
|
|
auth_basic "supabase";
|
|
auth_basic_user_file /etc/nginx/user_conf.d/dashboard-passwd;
|
|
|
|
proxy_pass http://studio:3000;
|
|
}
|
|
|
|
location /auth {
|
|
proxy_pass http://kong_upstream;
|
|
}
|
|
|
|
location /rest {
|
|
proxy_pass http://kong_upstream;
|
|
}
|
|
|
|
location /realtime/v1/ {
|
|
proxy_pass http://kong_upstream;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $http_host;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
|
|
location /storage/v1/ {
|
|
proxy_pass http://storage:5000/;
|
|
proxy_buffering off;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $http_host;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
|
|
# Required for TUS resumable upload Location headers and S3 signature verification.
|
|
proxy_set_header X-Forwarded-Prefix /storage/v1;
|
|
|
|
client_max_body_size 0;
|
|
|
|
# CORS headers for Storage (bypasses Kong, which normally handles CORS)
|
|
if ($request_method = OPTIONS) {
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
add_header 'Access-Control-Allow-Methods' 'GET, HEAD, PUT, PATCH, POST, DELETE, OPTIONS';
|
|
add_header 'Access-Control-Allow-Headers' '*';
|
|
add_header 'Content-Length' 0;
|
|
add_header 'Content-Type' 'text/plain charset=UTF-8';
|
|
return 204;
|
|
}
|
|
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
}
|
|
|
|
location /functions {
|
|
proxy_pass http://kong_upstream;
|
|
}
|
|
|
|
location /graphql {
|
|
proxy_pass http://kong_upstream;
|
|
}
|
|
|
|
location /mcp {
|
|
proxy_pass http://kong_upstream;
|
|
}
|
|
}
|