events { worker_connections 1024; } pid /tmp/nginx.pid; http { # Basic settings sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # Logging access_log /dev/stdout; error_log /dev/stderr; # Docker internal DNS (for resolving k3s hostname) resolver 127.0.0.11 valid=10s ipv6=off; # ── Main server (path-based routing) ───────────────────────────────── server { listen 2026 default_server; listen [::]:2026 default_server; server_name _; # Resolve Docker service names at request time to avoid stale upstream # IPs when containers restart and receive new addresses. set $gateway_upstream gateway:8001; set $frontend_upstream frontend:3000; # Keep the unified nginx endpoint same-origin by default. When split # frontend/backend or port-forwarded deployments need browser CORS, # configure the Gateway allowlist with GATEWAY_CORS_ORIGINS so CORS and # CSRF origin checks stay aligned instead of approving every origin at # the proxy layer. # LangGraph-compatible API routes served by Gateway. # Rewrites /api/langgraph/* to /api/* before proxying to Gateway. location /api/langgraph/ { rewrite ^/api/langgraph/(.*) /api/$1 break; proxy_pass http://$gateway_upstream; proxy_http_version 1.1; # Headers proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Connection ''; # SSE/Streaming support proxy_buffering off; proxy_cache off; proxy_set_header X-Accel-Buffering no; # Timeouts for long-running requests proxy_connect_timeout 600s; proxy_send_timeout 600s; proxy_read_timeout 600s; # Chunked transfer encoding chunked_transfer_encoding on; } # Custom API: Models endpoint location /api/models { proxy_pass http://$gateway_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Custom API: Memory endpoint location /api/memory { proxy_pass http://$gateway_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Custom API: MCP configuration endpoint location /api/mcp { proxy_pass http://$gateway_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Custom API: Skills configuration endpoint location /api/skills { proxy_pass http://$gateway_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Custom API: Agents endpoint location /api/agents { proxy_pass http://$gateway_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Custom API: Uploads endpoint location ~ ^/api/threads/[^/]+/uploads { proxy_pass http://$gateway_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Large file upload support client_max_body_size 100M; proxy_request_buffering off; } # Custom API: Other endpoints under /api/threads location ~ ^/api/threads { proxy_pass http://$gateway_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # API Documentation: Swagger UI location /docs { proxy_pass http://$gateway_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # API Documentation: ReDoc location /redoc { proxy_pass http://$gateway_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # API Documentation: OpenAPI Schema location /openapi.json { proxy_pass http://$gateway_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Health check endpoint (gateway) location /health { proxy_pass http://$gateway_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ── Provisioner API (sandbox management) ──────────────────────── # Use a variable so nginx resolves provisioner at request time (not startup). # This allows nginx to start even when provisioner container is not running. location /api/sandboxes { set $provisioner_upstream provisioner:8002; proxy_pass http://$provisioner_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Catch-all for /api/ routes not covered above (e.g. /api/v1/auth/*). # More specific prefix and regex locations above still take precedence. location /api/ { proxy_pass http://$gateway_upstream; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # All other requests go to frontend location / { proxy_pass http://$frontend_upstream; proxy_http_version 1.1; # Headers proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_cache_bypass $http_upgrade; # Timeouts proxy_connect_timeout 600s; proxy_send_timeout 600s; proxy_read_timeout 600s; } } }