events { worker_connections 1024; } http { server_tokens off; charset utf-8; upstream minioUI { least_conn; server minio:9001; } upstream minioAPI { least_conn; server minio:9000; } # upstream fastAPI { # least_conn; # server api:8080; # } #================App Server================ server { listen 80; server_name app.mzansi-innovation-hub.co.za; # #Web App # location / { # proxy_pass http://MIH-UX:83/; # } # location ~ /.well-known/acme-challenge/ { # root /var/www/certbot; # } return 301 https://app.mzansi-innovation-hub.co.za$request_uri; } server { listen 443 ssl; http2 on; # use the certificates ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; server_name app.mzansi-innovation-hub.co.za; root /var/www/html; index index.php index.html index.htm; # To allow special characters in headers ignore_invalid_headers off; # Allow any size file to be uploaded. # Set to a value such as 1000m; to restrict file size to a specific value client_max_body_size 0; # To disable buffering proxy_buffering off; proxy_request_buffering off; # Web App location / { proxy_pass http://MIH-UX:83/; } location ~ /.well-known/acme-challenge/ { root /var/www/certbot; } } #================API Server================ server { listen 80; server_name api.mzansi-innovation-hub.co.za; # # #Web App # location / { # proxy_pass http://MIH-API-Hub:8080/; # } # location ~ /.well-known/acme-challenge/ { # root /var/www/certbot; # } return 301 https://api.mzansi-innovation-hub.co.za$request_uri; } server { listen 443 ssl; http2 on; # use the certificates ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; server_name api.mzansi-innovation-hub.co.za; root /var/www/html; index index.php index.html index.htm; # To allow special characters in headers ignore_invalid_headers off; # Allow any size file to be uploaded. # Set to a value such as 1000m; to restrict file size to a specific value client_max_body_size 0; # To disable buffering proxy_buffering off; proxy_request_buffering off; # Web Api location / { proxy_pass http://MIH-API-Hub:80/; } location ~ /.well-known/acme-challenge/ { root /var/www/certbot; } } #================AI Server================ server { listen 80; server_name ai.mzansi-innovation-hub.co.za; # # #Web App # location / { # proxy_pass http://MIH-API-Hub:8080/; # } # location ~ /.well-known/acme-challenge/ { # root /var/www/certbot; # } return 301 https://ai.mzansi-innovation-hub.co.za$request_uri; } server { listen 443 ssl; http2 on; # use the certificates ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; server_name ai.mzansi-innovation-hub.co.za; root /var/www/html; index index.php index.html index.htm; # To allow special characters in headers ignore_invalid_headers off; # Allow any size file to be uploaded. # Set to a value such as 1000m; to restrict file size to a specific value client_max_body_size 0; # To disable buffering proxy_buffering off; proxy_request_buffering off; # Web Api location / { # Handle preflight OPTIONS requests # if ($request_method = OPTIONS ) { # # Add CORS headers for preflight request # add_header 'Access-Control-Allow-Origin' 'https://app.mzansi-innovation-hub.co.za' always; # # add_header 'Access-Control-Allow-Credentials' 'true' always; # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; # add_header 'Access-Control-Allow-Headers' '*'; # add_header 'Access-Control-Max-Age' 1728000; # return 204; # } # add_header 'Access-Control-Allow-Origin' 'https://app.mzansi-innovation-hub.co.za' always; # # add_header 'Access-Control-Allow-Credentials' 'true' always; # # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always # add_header 'Access-Control-Allow-Headers' '*'; proxy_pass http://MIH-AI:11434/; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; } location ~ /.well-known/acme-challenge/ { root /var/www/certbot; } } #================Monitor Server================ server { listen 80; server_name monitor.mzansi-innovation-hub.co.za; # # #Web App # location / { # proxy_pass http://MIH-Monitor:9443/; # } # location ~ /.well-known/acme-challenge/ { # root /var/www/certbot; # } return 301 https://monitor.mzansi-innovation-hub.co.za$request_uri; } server { listen 443 ssl; http2 on; # use the certificates ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; server_name monitor.mzansi-innovation-hub.co.za; root /var/www/html; index index.php index.html index.htm; # To allow special characters in headers ignore_invalid_headers off; # Allow any size file to be uploaded. # Set to a value such as 1000m; to restrict file size to a specific value client_max_body_size 0; # To disable buffering proxy_buffering off; proxy_request_buffering off; # Web Api location / { proxy_pass http://MIH-Monitor:9443/; } location ~ /.well-known/acme-challenge/ { root /var/www/certbot; } } #================File Server================ server { listen 80; server_name minio.mzansi-innovation-hub.co.za; # #Web App # location / { # proxy_pass https://minioAPI; # } # location ~ /.well-known/acme-challenge/ { # root /var/www/certbot; # } return 301 https://minio.mzansi-innovation-hub.co.za$request_uri; } server { listen 443 ssl; http2 on; # use the certificates ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; server_name minio.mzansi-innovation-hub.co.za; root /var/www/html; index index.php index.html index.htm; # To allow special characters in headers ignore_invalid_headers off; # Allow any size file to be uploaded. # Set to a value such as 1000m; to restrict file size to a specific value client_max_body_size 0; # To disable buffering proxy_buffering off; proxy_request_buffering off; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 300; # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 proxy_http_version 1.1; proxy_set_header Connection ""; chunked_transfer_encoding off; proxy_pass http://MIH-Minio:9000; # This uses the upstream directive definition to load balance } location /minio/ui/ { rewrite ^/minio/ui/(.*) /$1 break; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-NginX-Proxy true; # This is necessary to pass the correct IP to be hashed real_ip_header X-Real-IP; proxy_connect_timeout 300; # To support websockets in MinIO versions released after January 2023 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) # Uncomment the following line to set the Origin request to an empty string proxy_set_header Origin ''; chunked_transfer_encoding off; proxy_pass http://MIH-Minio:9001; # This uses the upstream directive definition to load balance } location ~ /.well-known/acme-challenge/ { root /var/www/certbot; } } }