Benjamin_Boenisch/breakpilot-pwa
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-02-15. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
902848ca24c4026b11faa332d4ae597ef4082d87
breakpilot-pwa/nginx/conf.d/default.conf
BreakPilot Dev eef650bf61 feat: Extract Developer Portal as standalone Next.js app on port 3006 
SDK customers can now access the documentation publicly without login.
The portal runs independently from admin-v2 on https://macmini:3006/.

- New developer-portal/ app with 26 pages, 2 components
- Docker service + nginx SSL reverse proxy on port 3006
- All /developers/* routes remapped to /* in the new app
- admin-v2 developer pages remain unchanged

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-09 17:15:54 +01:00

462 lines
16 KiB
Plaintext
Raw Blame History

# Breakpilot HTTPS Reverse Proxy (Hybrid Mode)
# HTTPS for Studio-v2 and all services it depends on
# Admin Website (port 3000) accessible via HTTP directly
# Docker internal DNS resolver (ipv6=off to avoid unreachable IPv6 addresses)
resolver 127.0.0.11 valid=10s ipv6=off;
# HTTP -> HTTPS redirect (only for root domain)
server {
listen 80;
server_name macmini localhost;
return 301 https://$host$request_uri;
}
# HTTPS - Admin Website on port 3000
server {
listen 3000 ssl;
http2 on;
server_name macmini localhost;
ssl_certificate /etc/nginx/certs/macmini.crt;
ssl_certificate_key /etc/nginx/certs/macmini.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
location / {
set $upstream_website website:3000;
proxy_pass http://$upstream_website;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# HTTPS - Studio v2 (Lehrer-Frontend) on port 443
# Access: https://macmini/
server {
listen 443 ssl;
http2 on;
server_name macmini localhost;
ssl_certificate /etc/nginx/certs/macmini.crt;
ssl_certificate_key /etc/nginx/certs/macmini.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
# Jitsi Meet - Videokonferenzen unter /jitsi/
# Jitsi lädt Assets mit absoluten Pfaden, daher müssen wir diese auch routen
# WebSocket für XMPP (Jitsi nutzt /xmpp-websocket)
location /xmpp-websocket {
set $upstream_jitsi jitsi-web:80;
proxy_pass http://$upstream_jitsi;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400;
proxy_send_timeout 86400;
}
# Colibri WebSocket für JVB
location /colibri-ws {
set $upstream_jvb jitsi-jvb:9090;
proxy_pass http://$upstream_jvb;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400;
proxy_send_timeout 86400;
}
# BOSH HTTP Binding
location /http-bind {
set $upstream_jitsi jitsi-web:80;
proxy_pass http://$upstream_jitsi;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
# Jitsi statische Assets (CSS, JS, Images, Fonts, etc.)
location ~ ^/(css|images|fonts|sounds|static|libs|lang|connection_optimization)/ {
set $upstream_jitsi jitsi-web:80;
proxy_pass http://$upstream_jitsi;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
# Jitsi config und andere Root-Dateien
location ~ ^/(config\.js|interface_config\.js|logging_config\.js|external_api\.js|external_api\.min\.js|favicon\.ico|robots\.txt|manifest\.json|pwa-worker\.js) {
set $upstream_jitsi jitsi-web:80;
proxy_pass http://$upstream_jitsi;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
# Jitsi Meet Räume (Meeting URLs)
location /jitsi/ {
set $upstream_jitsi jitsi-web:80;
rewrite ^/jitsi(/.*)$ $1 break;
proxy_pass http://$upstream_jitsi;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
# Klausur Service API Proxy (same origin = no CORS/certificate issues)
location /klausur-api/ {
set $upstream_klausur klausur-service:8086;
rewrite ^/klausur-api(/.*)$ $1 break;
proxy_pass http://$upstream_klausur;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
client_max_body_size 50M;
proxy_read_timeout 300s;
}
# Studio v2 (alle anderen Pfade)
location / {
set $upstream_studio studio-v2:3001;
proxy_pass http://$upstream_studio;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# HTTPS - Voice Service on port 8091 (WebSocket support)
server {
listen 8091 ssl;
server_name macmini localhost;
ssl_certificate /etc/nginx/certs/macmini.crt;
ssl_certificate_key /etc/nginx/certs/macmini.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
# WebSocket endpoint
location /ws/ {
set $upstream_voice voice-service:8091;
proxy_pass http://$upstream_voice;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400;
proxy_send_timeout 86400;
}
# REST API
location / {
set $upstream_voice voice-service:8091;
proxy_pass http://$upstream_voice;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# HTTPS - Backend API on port 8000
server {
listen 8000 ssl;
http2 on;
server_name macmini localhost;
ssl_certificate /etc/nginx/certs/macmini.crt;
ssl_certificate_key /etc/nginx/certs/macmini.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
location / {
set $upstream_backend backend:8000;
proxy_pass http://$upstream_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# HTTPS - Klausur Service on port 8086
server {
listen 8086 ssl;
http2 on;
server_name macmini localhost;
ssl_certificate /etc/nginx/certs/macmini.crt;
ssl_certificate_key /etc/nginx/certs/macmini.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
client_max_body_size 50M;
location / {
set $upstream_klausur klausur-service:8086;
proxy_pass http://$upstream_klausur;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# HTTPS - Admin v2 on port 3002
server {
listen 3002 ssl;
http2 on;
server_name macmini localhost;
ssl_certificate /etc/nginx/certs/macmini.crt;
ssl_certificate_key /etc/nginx/certs/macmini.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
# Proxy Klausur Service API requests (same origin = no CORS issues)
location /klausur-api/ {
set $upstream_klausur klausur-service:8086;
rewrite ^/klausur-api(/.*)$ $1 break;
proxy_pass http://$upstream_klausur;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
client_max_body_size 50M;
proxy_read_timeout 300s;
}
# Proxy SDK API requests to AI Compliance SDK (same origin = no CORS issues)
# Only /sdk/v1/ is forwarded to the SDK backend, /sdk/einwilligungen/* etc are frontend pages
location /sdk/v1/ {
set $upstream_sdk ai-compliance-sdk:8090;
proxy_pass http://$upstream_sdk;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# Longer timeout for LLM requests
proxy_read_timeout 300s;
proxy_connect_timeout 60s;
proxy_send_timeout 300s;
}
# Proxy Documentation (MkDocs) - same origin = no mixed content issues
location /docs/ {
set $upstream_docs docs:80;
rewrite ^/docs(/.*)$ $1 break;
proxy_pass http://$upstream_docs;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
location / {
set $upstream_admin_v2 admin-v2:3000;
proxy_pass http://$upstream_admin_v2;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# HTTPS - Developer Portal on port 3006
# Oeffentliches SDK-Dokumentationsportal (kein Auth)
server {
listen 3006 ssl;
http2 on;
server_name macmini localhost;
ssl_certificate /etc/nginx/certs/macmini.crt;
ssl_certificate_key /etc/nginx/certs/macmini.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
location / {
set $upstream_devportal developer-portal:3000;
proxy_pass http://$upstream_devportal;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# HTTPS - AI Compliance SDK on port 8093
# Multi-Tenant RBAC, LLM Gateway, Audit Trail
server {
listen 8093 ssl;
http2 on;
server_name macmini localhost;
ssl_certificate /etc/nginx/certs/macmini.crt;
ssl_certificate_key /etc/nginx/certs/macmini.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
# SDK endpoints - allow larger payloads for LLM requests
client_max_body_size 10M;
location / {
set $upstream_sdk ai-compliance-sdk:8090;
proxy_pass http://$upstream_sdk;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# Longer timeout for LLM requests
proxy_read_timeout 300s;
proxy_connect_timeout 60s;
proxy_send_timeout 300s;
}
}
# HTTPS - Edu-Search Service on port 8089
# Proxies to edu-search container running on port 8088
server {
listen 8089 ssl;
http2 on;
server_name macmini localhost;
ssl_certificate /etc/nginx/certs/macmini.crt;
ssl_certificate_key /etc/nginx/certs/macmini.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
location / {
# Use Docker DNS to resolve container name
set $upstream_edu_search breakpilot-edu-search:8088;
proxy_pass http://$upstream_edu_search;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# HTTPS - Jitsi Meet on port 8443
# Videokonferenzen für BreakPilot Meet
server {
listen 8443 ssl;
http2 on;
server_name macmini localhost;
ssl_certificate /etc/nginx/certs/macmini.crt;
ssl_certificate_key /etc/nginx/certs/macmini.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
# WebSocket support for Jitsi XMPP
location /xmpp-websocket {
set $upstream_jitsi jitsi-web:80;
proxy_pass http://$upstream_jitsi;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400;
proxy_send_timeout 86400;
}
# Colibri WebSocket for JVB
location /colibri-ws {
set $upstream_jvb jitsi-jvb:9090;
proxy_pass http://$upstream_jvb;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400;
proxy_send_timeout 86400;
}
# All other Jitsi traffic
location / {
set $upstream_jitsi jitsi-web:80;
proxy_pass http://$upstream_jitsi;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
Reference in New Issue View Git Blame Copy Permalink