events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; access_log /dev/stdout; error_log /dev/stderr; # Increase Body Size Limit for Large Payloads (Knowledge Base + Audits) client_max_body_size 50M; # Increase Timeouts for Long-Running AI Tasks proxy_read_timeout 1200s; proxy_connect_timeout 1200s; proxy_send_timeout 1200s; send_timeout 1200s; # Resolver ist wichtig für Docker resolver 127.0.0.11 valid=30s ipv6=off; server { listen 80; # Basic Auth wieder aktiviert auth_basic "Restricted Access - Local AI Suite"; auth_basic_user_file /etc/nginx/.htpasswd; location / { proxy_pass http://dashboard:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } location /b2b/ { # Der Trailing Slash am Ende ist wichtig! proxy_pass http://b2b-app:3002/; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Explicit timeouts for this location proxy_read_timeout 1200s; proxy_connect_timeout 1200s; proxy_send_timeout 1200s; } location /market/ { # Der Trailing Slash am Ende ist wichtig! proxy_pass http://market-frontend:80/; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Explicit timeouts for this location proxy_read_timeout 1200s; proxy_connect_timeout 1200s; proxy_send_timeout 1200s; } location /gtm/ { # Der Trailing Slash am Ende ist wichtig! proxy_pass http://gtm-app:3005/; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Explicit timeouts for this location proxy_read_timeout 1200s; proxy_connect_timeout 1200s; proxy_send_timeout 1200s; } location /content/ { # Content Engine # Der Trailing Slash am Ende ist wichtig! proxy_pass http://content-app:3006/; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Explicit timeouts for this location proxy_read_timeout 1200s; proxy_connect_timeout 1200s; proxy_send_timeout 1200s; } location /ce/ { # Company Explorer (Robotics Edition) # Trailing Slash STRIPS the /ce/ prefix! proxy_pass http://company-explorer:8000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Explicit timeouts proxy_read_timeout 1200s; proxy_connect_timeout 1200s; proxy_send_timeout 1200s; } location /ca/ { # Competitor Analysis Agent # Der Trailing Slash am Ende ist wichtig! proxy_pass http://competitor-analysis:8000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Explicit timeouts proxy_read_timeout 1200s; proxy_connect_timeout 1200s; proxy_send_timeout 1200s; } location /tr/ { # Transcription Tool (Meeting Assistant) # KEIN Trailing Slash, damit der /tr/ Pfad erhalten bleibt! proxy_pass http://transcription-app:8001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Increase limit for large MP3 uploads client_max_body_size 500M; # Explicit timeouts proxy_read_timeout 1800s; proxy_connect_timeout 1800s; proxy_send_timeout 1800s; } location ~ ^/heatmap/api/(.*)$ { proxy_pass http://heatmap-backend:8000/api/$1$is_args$args; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /heatmap/ { # Heatmap Tool proxy_pass http://heatmap-frontend:5173; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /lead/ { # Lead Engine (TradingTwins) # Proxying external service on host proxy_pass http://192.168.178.6:8501/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Websocket support for Streamlit proxy_http_version 1.1; # Explicit timeouts proxy_read_timeout 86400; # Long timeout for stream } location /connector/ { # SuperOffice Connector Webhook & Dashboard # Auth enabled for dashboard access (webhook endpoint might need exclusion if public, # but current webhook_app checks token param so maybe basic auth is fine for /dashboard?) # For now, let's keep it open or use token. # Ideally: /connector/webhook -> open, /connector/dashboard -> protected. # Nginx doesn't support nested locations well for auth_basic override without duplicating. # Simplified: Auth off globally for /connector/, rely on App logic or obscurity for now. auth_basic off; # Forward to FastAPI app # Trailing Slash STRIPS the /connector/ prefix! # So /connector/dashboard -> /dashboard proxy_pass http://connector-superoffice:8000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } }