Brancheneinstufung2/nginx-proxy.conf

events {
    worker_connections 1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    
    access_log /dev/stdout;
    error_log /dev/stderr;

    # Increase Body Size Limit for Large Payloads (Knowledge Base + Audits)
    client_max_body_size 50M;

    # Increase Timeouts for Long-Running AI Tasks
    proxy_read_timeout 1200s;
    proxy_connect_timeout 1200s;
    proxy_send_timeout 1200s;
    send_timeout 1200s;

    # Resolver ist wichtig für Docker
    resolver 127.0.0.11 valid=30s ipv6=off;

    server {
        listen 80;

        # Basic Auth wieder aktiviert
        auth_basic "Restricted Access - Local AI Suite";
        auth_basic_user_file /etc/nginx/.htpasswd;

        location / {
            proxy_pass http://dashboard:80;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        }

        location /b2b/ {
            # Der Trailing Slash am Ende ist wichtig!
            proxy_pass http://b2b-app:3002/;
            proxy_set_header Host $host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            
            # Explicit timeouts for this location
            proxy_read_timeout 1200s;
            proxy_connect_timeout 1200s;
            proxy_send_timeout 1200s;
        }

        location /market/ {
            # Der Trailing Slash am Ende ist wichtig!
            proxy_pass http://market-frontend:80/;
            proxy_set_header Host $host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            # Explicit timeouts for this location
            proxy_read_timeout 1200s;
            proxy_connect_timeout 1200s;
            proxy_send_timeout 1200s;
        }

        location /gtm/ {
            # Der Trailing Slash am Ende ist wichtig!
            proxy_pass http://gtm-app:3005/;
            proxy_set_header Host $host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            # Explicit timeouts for this location
            proxy_read_timeout 1200s;
            proxy_connect_timeout 1200s;
            proxy_send_timeout 1200s;
        }

        location /content/ {
            # Content Engine
            # Der Trailing Slash am Ende ist wichtig!
            proxy_pass http://content-app:3006/;
            proxy_set_header Host $host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            # Explicit timeouts for this location
            proxy_read_timeout 1200s;
            proxy_connect_timeout 1200s;
            proxy_send_timeout 1200s;
        }

        location /ce/ {
            # Company Explorer (Robotics Edition)
            # Trailing Slash STRIPS the /ce/ prefix!
            proxy_pass http://company-explorer:8000/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            # Explicit timeouts
            proxy_read_timeout 1200s;
            proxy_connect_timeout 1200s;
            proxy_send_timeout 1200s;
        }

        location /ca/ {
            # Competitor Analysis Agent
            # Der Trailing Slash am Ende ist wichtig!
            proxy_pass http://competitor-analysis:8000/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            # Explicit timeouts
            proxy_read_timeout 1200s;
            proxy_connect_timeout 1200s;
            proxy_send_timeout 1200s;
        }
        location /tr/ {
            # Transcription Tool (Meeting Assistant)
            # KEIN Trailing Slash, damit der /tr/ Pfad erhalten bleibt!
            proxy_pass http://transcription-app:8001;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            # Increase limit for large MP3 uploads
            client_max_body_size 500M;

            # Explicit timeouts
            proxy_read_timeout 1800s;
            proxy_connect_timeout 1800s;
            proxy_send_timeout 1800s;
        }

        location ~ ^/heatmap/api/(.*)$ {
            proxy_pass http://heatmap-backend:8000/api/$1$is_args$args;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /heatmap/ {
            # Heatmap Tool
            proxy_pass http://heatmap-frontend:5173;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }

        location /lead/ {
            # Lead Engine (TradingTwins)
            # Proxying external service on host
            proxy_pass http://192.168.178.6:8501/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            
            # Websocket support for Streamlit
            proxy_http_version 1.1; 
            
            # Explicit timeouts
            proxy_read_timeout 86400; # Long timeout for stream
        }

        location /connector/ {
            # SuperOffice Connector Webhook & Dashboard
            # Auth enabled for dashboard access (webhook endpoint might need exclusion if public, 
            # but current webhook_app checks token param so maybe basic auth is fine for /dashboard?)
            
            # For now, let's keep it open or use token. 
            # Ideally: /connector/webhook -> open, /connector/dashboard -> protected.
            # Nginx doesn't support nested locations well for auth_basic override without duplicating.
            # Simplified: Auth off globally for /connector/, rely on App logic or obscurity for now.
            auth_basic off;
            
            # Forward to FastAPI app
            # Trailing Slash STRIPS the /connector/ prefix!
            # So /connector/dashboard -> /dashboard
            proxy_pass http://connector-superoffice:8000/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
}