events { worker_connections 1024; } pid /tmp/nginx.pid; http { # Basic settings sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # Logging access_log /dev/stdout; error_log /dev/stderr; # Docker internal DNS (for resolving k3s hostname) resolver 127.0.0.11 valid=10s ipv6=off; # Upstream servers (using Docker service names) upstream gateway { server gateway:8001; } upstream langgraph { server langgraph:2024; } upstream frontend { server frontend:3000; } upstream provisioner { server provisioner:8002; } # ── Main server (path-based routing) ───────────────────────────────── server { listen 2026 default_server; listen [::]:2026 default_server; server_name _; # Hide CORS headers from upstream to prevent duplicates proxy_hide_header 'Access-Control-Allow-Origin'; proxy_hide_header 'Access-Control-Allow-Methods'; proxy_hide_header 'Access-Control-Allow-Headers'; proxy_hide_header 'Access-Control-Allow-Credentials'; # CORS headers for all responses (nginx handles CORS centrally) add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; add_header 'Access-Control-Allow-Headers' '*' always; # Handle OPTIONS requests (CORS preflight) if ($request_method = 'OPTIONS') { return 204; } # LangGraph API routes # Rewrites /api/langgraph/* to /* before proxying location /api/langgraph/ { rewrite ^/api/langgraph/(.*) /$1 break; proxy_pass http://langgraph; proxy_http_version 1.1; # Headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Connection ''; # SSE/Streaming support proxy_buffering off; proxy_cache off; proxy_set_header X-Accel-Buffering no; # Timeouts for long-running requests proxy_connect_timeout 600s; proxy_send_timeout 600s; proxy_read_timeout 600s; # Chunked transfer encoding chunked_transfer_encoding on; } # Custom API: Models endpoint location /api/models { proxy_pass http://gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Custom API: Memory endpoint location /api/memory { proxy_pass http://gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Custom API: MCP configuration endpoint location /api/mcp { proxy_pass http://gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Custom API: Skills configuration endpoint location /api/skills { proxy_pass http://gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Custom API: Artifacts endpoint location ~ ^/api/threads/[^/]+/artifacts { proxy_pass http://gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Custom API: Uploads endpoint location ~ ^/api/threads/[^/]+/uploads { proxy_pass http://gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Large file upload support client_max_body_size 100M; proxy_request_buffering off; } # API Documentation: Swagger UI location /docs { proxy_pass http://gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # API Documentation: ReDoc location /redoc { proxy_pass http://gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # API Documentation: OpenAPI Schema location /openapi.json { proxy_pass http://gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Health check endpoint (gateway) location /health { proxy_pass http://gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ── Provisioner API (sandbox management) ──────────────────────── location /api/sandboxes { proxy_pass http://provisioner; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # All other requests go to frontend location / { proxy_pass http://frontend; proxy_http_version 1.1; # Headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_cache_bypass $http_upgrade; # Timeouts proxy_connect_timeout 600s; proxy_send_timeout 600s; proxy_read_timeout 600s; } } }