origin-logseq-AR/nginx.conf at main · DreamLab-AI/origin-logseq-AR · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
# Use a standard, writable path for the PID file
pid /tmp/nginx.pid;
error_log /var/log/nginx/error.log debug;

events {
    worker_connections 1024;
    multi_accept on;
    use epoll;
}

http {
    # Basic settings
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    charset utf-8;

    # Override TypeScript MIME type (overriding video/mp2t from mime.types)
    types {
        application/typescript ts;
    }

    # Logging
    log_format debug_format '$remote_addr - $remote_user [$time_local] '
                          '"$request" $status $body_bytes_sent '
                          '"$http_referer" "$http_user_agent" '
                          'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"'
                          ' ws_status="$upstream_http_upgrade"';  # Added WebSocket status logging

    access_log /var/log/nginx/access.log debug_format;

    # Optimization
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 120;  # Increased to match cloudflared keepAliveTimeout
    keepalive_requests 100;

    # Gzip settings
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    # WebSocket configuration
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    # Upstream backend definition for the Rust server
    upstream backend {
        server 127.0.0.1:3001;  # Use localhost since both services are in same container
        keepalive 32;  # Keep connections alive
    }

    # Main server configuration
    server {
        listen 4000 default_server;  # Listen on port 4000 for external connections
        server_name _;  # Accept any server name
        root /app/client/dist;  # Set root to built client files directory

        # Security headers
        add_header Cross-Origin-Opener-Policy "same-origin" always;
        add_header Cross-Origin-Embedder-Policy "require-corp" always;
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-XSS-Protection "1; mode=block";
        add_header Referrer-Policy "same-origin" always;
        add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' ws: wss: http: https: *.visionflow.info; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://getalby.com; frame-src 'self' https://getalby.com" always;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

        # WebSocket endpoint
        location /wss {
            proxy_pass http://backend;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;

            # Pass through Cloudflare headers
            proxy_set_header CF-Connecting-IP $http_cf_connecting_ip;
            proxy_set_header CF-Ray $http_cf_ray;
            proxy_set_header CF-Visitor $http_cf_visitor;

            # Standard proxy headers
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;

            # WebSocket timeouts
            proxy_read_timeout 600m;  # Increased from 3600s to 600m (10 hours) to match websocketIdleTimeout
            proxy_send_timeout 3600s;
            proxy_connect_timeout 75s;
            proxy_buffering off;
            proxy_cache off;

            # Debug logging
            access_log /var/log/nginx/websocket.log debug_format;
            error_log /var/log/nginx/websocket-error.log debug;
        }

        # Voice WebSocket endpoint
        location /ws/speech {
            proxy_pass http://backend;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;

            # Pass through Cloudflare headers
            proxy_set_header CF-Connecting-IP $http_cf_connecting_ip;
            proxy_set_header CF-Ray $http_cf_ray;
            proxy_set_header CF-Visitor $http_cf_visitor;

            # Standard proxy headers
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;

            # WebSocket timeouts
            proxy_read_timeout 600m;
            proxy_send_timeout 3600s;
            proxy_connect_timeout 75s;
            proxy_buffering off;
            proxy_cache off;

            # Debug logging
            access_log /var/log/nginx/websocket.log debug_format;
            error_log /var/log/nginx/websocket-error.log debug;
        }

        # API endpoints
        location /api {
            proxy_pass http://backend;
            proxy_http_version 1.1;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            # API specific settings
            proxy_read_timeout 120s;  # Increased for larger graph data
            proxy_send_timeout 120s;  # Increased for larger graph data
            proxy_connect_timeout 60s;
            proxy_buffering on;       # Enable buffering for API responses
            proxy_buffer_size 256k;   # Increased for larger responses
            proxy_buffers 8 256k;     # Increased number of buffers
            proxy_busy_buffers_size 512k;  # Increased for larger responses
            proxy_max_temp_file_size 2048m;  # Allow larger temporary files
            add_header Cache-Control "no-store" always;  # Prevent caching of dynamic data
        }

        # Static files
        location / {
            try_files $uri $uri/ /index.html =404;
            expires 1h;
            add_header Cache-Control "public, no-transform";
            # error_page 404 = @backend;  # Remove fallback for root, let try_files handle index.html
        }

        # Static files with proper MIME types
        location /assets/ {
            expires 7d;
            add_header Cache-Control "public, no-transform" always;
            try_files $uri =404;
            access_log off;
        }

        # Fallback location for static files
        location @backend {
            proxy_pass http://backend;
            proxy_http_version 1.1;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        # Error pages
        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root /usr/share/nginx/html;
        }
    }
}