root/srvrevproxy02_nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: root:6e3d46b57df39e56dc46f9abeba76421e4eeca13
Branches Tags
root:master root:main
...
compare: root:main
Branches Tags
root:main root:master

3 Commits
6e3d46b57d ... main

Author SHA1 Message Date
root
62d24a96af Add ki.egonetix.de config and fix n8n WebSocket support for flow.egonetix.de 2025-12-13 17:27:36 +01:00
root
366e6bf7bd änderung portal seite damit kidsai richtig dargestellt wird 2025-06-29 12:36:39 +02:00
root
05f6571aa8 element grundkonfig hinzugefügt 2025-06-26 14:48:14 +02:00
8 changed files with 184 additions and 6 deletions
Expand all files Collapse all files

51
sites-available/element.conf Normal file
View File

@@ -0,0 +1,51 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/element/ levels=1:2 keys_zone=my_cache_element:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name element.egonetix.de;
return 301 https://$server_name/element$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/element.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/element.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name element.egonetix.de;
access_log /var/log/nginx/element-access_log;
error_log /var/log/nginx/element-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_element;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8097;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

52
sites-available/flow.conf Normal file
View File

@@ -0,0 +1,52 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/flow/ levels=1:2 keys_zone=my_cache_flow:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name flow.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https:; base-uri 'self';";
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/flow.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/flow.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name flow.egonetix.de;
access_log /var/log/nginx/flow-access_log;
error_log /var/log/nginx/flow-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_flow;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:8098;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

51
sites-available/ki.conf Normal file
View File

@@ -0,0 +1,51 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
proxy_cache_path /tmp/ki/ levels=1:2 keys_zone=my_cache_ki:10m max_size=10g
inactive=60m use_temp_path=off;
server{
listen 80;
server_name ki.egonetix.de;
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# SSL config
ssl on;
ssl_certificate /etc/letsencrypt/live/ki.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ki.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Make site accessible from http://localhost/
server_name ki.egonetix.de;
access_log /var/log/nginx/ki-access_log;
error_log /var/log/nginx/ki-error_log;
set $upstream 10.0.0.48;
location / {
proxy_cache my_cache_ki;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass_header Authorization;
proxy_pass http://$upstream:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}

32
sites-available/portal.conf
View File

@@ -12,7 +12,7 @@ server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;" always;
add_header Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data:;" always;
# Remove or update unsupported origin trial features.
# For example, comment out or remove these if not using them:
@@ -55,16 +55,36 @@ server {
fastcgi_intercept_errors on;
}
# Reverse proxy for API calls.
# If your backend expects the API without the "/api" prefix, use the proxy_pass below.
# Reverse proxy for API calls to KidsAI Explorer backend
# Proxy all /api/ requests to the Node.js server running on port 3002
location /api/ {
proxy_pass http://127.0.0.1:3000;
# If your backend requires the /api prefix, change to:
# proxy_pass http://127.0.0.1:3000/api/;
proxy_pass http://127.0.0.1:3002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Additional headers for better compatibility
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
# Increase timeouts for AI processing
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
# Serve KidsAI Explorer static files
location /kidsai/ {
alias /var/www/html/kidsai/;
try_files $uri $uri/ /kidsai/index.html;
# Cache static assets
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
}
}

1
sites-enabled/element.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/element.conf

1
sites-enabled/flow.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/flow.conf

1
sites-enabled/ki.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/ki.conf

1
sites-enabled/matrix.conf Symbolic link
View File

@@ -0,0 +1 @@
/etc/nginx/sites-available/matrix.conf