danswer/deployment/data/nginx/app.conf.template

# Log format to include request latency
log_format custom_main '$remote_addr - $remote_user [$time_local] "$request" '
                '$status $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for" '
                'rt=$request_time';

upstream api_server {
    # fail_timeout=0 means we always retry an upstream even if it failed
    # to return a good HTTP response

    # for UNIX domain socket setups
    #server unix:/tmp/gunicorn.sock fail_timeout=0;

    # for a TCP configuration
    # TODO: use gunicorn to manage multiple processes
    server api_server:8080 fail_timeout=0;
}

upstream web_server {
    server web_server:3000 fail_timeout=0;
}

server {
    listen 80;
    server_name ${DOMAIN};

    client_max_body_size 5G;    # Maximum upload size

    access_log /var/log/nginx/access.log custom_main;

    # Match both /api/* and /openapi.json in a single rule
    location ~ ^/(api|openapi.json)(/.*)?$ {
        # Rewrite /api prefixed matched paths
        rewrite ^/api(/.*)$ $1 break;

        # misc headers
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host; 
        proxy_set_header Host $host;

        # need to use 1.1 to support chunked transfers
        proxy_http_version 1.1;
        proxy_buffering off;

        # we don't want nginx trying to do something clever with
        # redirects, we set the Host: header above already.
        proxy_redirect off;
        proxy_pass http://api_server;
    }

    location / {
        # misc headers
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host; 
        proxy_set_header Host $host;

        proxy_http_version 1.1;

        # we don't want nginx trying to do something clever with
        # redirects, we set the Host: header above already.
        proxy_redirect off;
        proxy_pass http://web_server;
    }

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
}

server {
    listen 443 ssl;
    server_name ${DOMAIN};

    client_max_body_size 5G;    # Maximum upload size
    
    location / {
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_pass http://localhost:80;
    }

    ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
Latency logging 2024-06-01 14:55:36 -07:00			`# Log format to include request latency`
			`log_format custom_main '$remote_addr - $remote_user [$time_local] "$request" '`
			`'$status $body_bytes_sent "$http_referer" '`
			`'"$http_user_agent" "$http_x_forwarded_for" '`
			`'rt=$request_time';`

DAN-120 Kubernetes (#98) Sample Kubernetes deployment with Auth default on Also includes a bugfix for credentialed connectors with Auth turned on 2023-06-14 00:11:25 -07:00			`upstream api_server {`
Initial Commit 2023-04-28 22:40:46 -07:00			`# fail_timeout=0 means we always retry an upstream even if it failed`
			`# to return a good HTTP response`

			`# for UNIX domain socket setups`
			`#server unix:/tmp/gunicorn.sock fail_timeout=0;`

			`# for a TCP configuration`
Add arbitrary domain support + website hosting to onebox setup 2023-05-05 16:48:36 -07:00			`# TODO: use gunicorn to manage multiple processes`
DAN-80 Example Env files (#48) Also added alembic migrations running automatically 2023-05-16 01:18:08 -07:00			`server api_server:8080 fail_timeout=0;`
Initial Commit 2023-04-28 22:40:46 -07:00			`}`

Add arbitrary domain support + website hosting to onebox setup 2023-05-05 16:48:36 -07:00			`upstream web_server {`
DAN-80 Example Env files (#48) Also added alembic migrations running automatically 2023-05-16 01:18:08 -07:00			`server web_server:3000 fail_timeout=0;`
Add arbitrary domain support + website hosting to onebox setup 2023-05-05 16:48:36 -07:00			`}`

Initial Commit 2023-04-28 22:40:46 -07:00			`server {`
			`listen 80;`
Add arbitrary domain support + website hosting to onebox setup 2023-05-05 16:48:36 -07:00			`server_name ${DOMAIN};`
Initial Commit 2023-04-28 22:40:46 -07:00
Increase max upload size 2023-12-29 20:59:28 -08:00			`client_max_body_size 5G; # Maximum upload size`
Change max upload size setting (#410) --------- Co-authored-by: Gabriele Capitani <gabrielecapitani2005@gmail.com> 2023-09-10 02:01:44 +02:00
Latency logging 2024-06-01 14:55:36 -07:00			`access_log /var/log/nginx/access.log custom_main;`

fix(nginx): adjust config to correctly route /openapi.json and /api/* 2024-02-27 11:33:48 +01:00			`# Match both /api/* and /openapi.json in a single rule`
			`location ~ ^/(api\|openapi.json)(/.*)?$ {`
			`# Rewrite /api prefixed matched paths`
Use HTTP/1.1 with nginx for chunked transfers 2023-05-12 22:08:49 -07:00			`rewrite ^/api(/.*)$ $1 break;`

			`# misc headers`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Host $host;`
			`proxy_set_header Host $host;`

			`# need to use 1.1 to support chunked transfers`
			`proxy_http_version 1.1;`
			`proxy_buffering off;`

			`# we don't want nginx trying to do something clever with`
			`# redirects, we set the Host: header above already.`
			`proxy_redirect off;`
DAN-120 Kubernetes (#98) Sample Kubernetes deployment with Auth default on Also includes a bugfix for credentialed connectors with Auth turned on 2023-06-14 00:11:25 -07:00			`proxy_pass http://api_server;`
Initial Commit 2023-04-28 22:40:46 -07:00			`}`

Add arbitrary domain support + website hosting to onebox setup 2023-05-05 16:48:36 -07:00			`location / {`
Use HTTP/1.1 with nginx for chunked transfers 2023-05-12 22:08:49 -07:00			`# misc headers`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Forwarded-Host $host;`
			`proxy_set_header Host $host;`

			`proxy_http_version 1.1;`

			`# we don't want nginx trying to do something clever with`
			`# redirects, we set the Host: header above already.`
			`proxy_redirect off;`
			`proxy_pass http://web_server;`
Add arbitrary domain support + website hosting to onebox setup 2023-05-05 16:48:36 -07:00			`}`

Initial Commit 2023-04-28 22:40:46 -07:00			`location /.well-known/acme-challenge/ {`
			`root /var/www/certbot;`
			`}`
			`}`

			`server {`
			`listen 443 ssl;`
Add arbitrary domain support + website hosting to onebox setup 2023-05-05 16:48:36 -07:00			`server_name ${DOMAIN};`
Add max upload size to HTTPS NGINX listener 2023-10-15 12:29:22 -07:00
Increase max upload size 2023-12-29 20:59:28 -08:00			`client_max_body_size 5G; # Maximum upload size`
Initial Commit 2023-04-28 22:40:46 -07:00
			`location / {`
Use HTTP/1.1 with nginx for chunked transfers 2023-05-12 22:08:49 -07:00			`proxy_http_version 1.1;`
			`proxy_buffering off;`
Add support for non-letsencrypt-based https in docker compose setup (#628) 2023-10-25 20:35:47 -07:00			`proxy_pass http://localhost:80;`
Initial Commit 2023-04-28 22:40:46 -07:00			`}`

Add arbitrary domain support + website hosting to onebox setup 2023-05-05 16:48:36 -07:00			`ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;`
Initial Commit 2023-04-28 22:40:46 -07:00			`include /etc/letsencrypt/options-ssl-nginx.conf;`
			`ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;`
Change max upload size setting (#410) --------- Co-authored-by: Gabriele Capitani <gabrielecapitani2005@gmail.com> 2023-09-10 02:01:44 +02:00			`}`