# Minimal nginx configuration for AppFlowy-Cloud # Self Hosted AppFlowy Cloud user should alter this file to suit their needs events { worker_connections 1024; } http { # docker dns resolver resolver 127.0.0.11 valid=10s; map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 8080; # https://github.com/nginxinc/nginx-prometheus-exporter location = /stub_status { stub_status; } } server { ssl_certificate /etc/nginx/ssl/certificate.crt; ssl_certificate_key /etc/nginx/ssl/private_key.key; listen 80; listen 443 ssl; client_max_body_size 10M; underscores_in_headers on; set $appflowy_web_origin "http://localhost:3000"; set $appflowy_cloud_backend "http://appflowy_cloud:8000"; set $gotrue_backend "http://gotrue:9999"; set $admin_frontend_backend "http://admin_frontend:3000"; set $appflowy_ai_backend "http://ai:5001"; set $minio_backend "http://minio:9001"; set $portainer_backend "http://portainer:9000"; set $pgadmin_backend "http://pgadmin:80"; # GoTrue location /gotrue/ { proxy_pass $gotrue_backend; rewrite ^/gotrue(/.*)$ $1 break; # Allow headers like redirect_to to be handed over to the gotrue # for correct redirecting proxy_set_header Host $http_host; proxy_pass_request_headers on; } # WebSocket location /ws { proxy_pass $appflowy_cloud_backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_read_timeout 86400; } # AppFlowy-Cloud # created a separate location block for handling CORS preflight (OPTIONS) requests specifically for the /api endpoint. location = /api/options { if ($http_origin ~* ($appflowy_web_origin)) { add_header 'Access-Control-Allow-Origin' $http_origin; } add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE, PATCH'; add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Client-Version'; add_header 'Access-Control-Max-Age' 3600; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } location /api/chat { proxy_pass $appflowy_cloud_backend; proxy_http_version 1.1; proxy_set_header Connection ""; chunked_transfer_encoding on; proxy_buffering off; proxy_cache off; proxy_read_timeout 600s; proxy_connect_timeout 600s; proxy_send_timeout 600s; } location /api/import { proxy_pass $appflowy_cloud_backend; # Set headers proxy_set_header X-Request-Id $request_id; proxy_set_header Host $http_host; # Handle CORS if ($http_origin ~* ($appflowy_web_origin)) { add_header 'Access-Control-Allow-Origin' $http_origin always; } add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept' always; add_header 'Access-Control-Max-Age' 3600 always; # Timeouts proxy_read_timeout 600s; proxy_connect_timeout 600s; proxy_send_timeout 600s; # Disable buffering for large file uploads proxy_request_buffering off; proxy_buffering off; proxy_cache off; client_max_body_size 2G; } location /api { proxy_pass $appflowy_cloud_backend; proxy_set_header X-Request-Id $request_id; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Set CORS headers for other requests if ($http_origin ~* ($appflowy_web_origin)) { add_header 'Access-Control-Allow-Origin' $http_origin always; } add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH' always; add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, Accept, Client-Version' always; add_header 'Access-Control-Max-Age' 3600 always; location ~* ^/api/workspace/([a-zA-Z0-9_-]+)/publish$ { proxy_pass $appflowy_cloud_backend; proxy_request_buffering off; client_max_body_size 256M; } } # AppFlowy AI location /ai { proxy_pass $appflowy_ai_backend; proxy_set_header Host $host; proxy_pass_request_headers on; } # Minio Web UI # Derive from: https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html # Optional Module, comment this section if you are did not deploy minio in docker-compose.yml location /minio/ { proxy_pass $minio_backend; rewrite ^/minio/(.*) /$1 break; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-NginX-Proxy true; ## This is necessary to pass the correct IP to be hashed real_ip_header X-Real-IP; proxy_connect_timeout 300; ## To support websockets in MinIO versions released after January 2023 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) # Uncomment the following line to set the Origin request to an empty string # proxy_set_header Origin ''; chunked_transfer_encoding off; } # PgAdmin # Optional Module, comment this section if you are did not deploy pgadmin in docker-compose.yml location /pgadmin/ { set $pgadmin pgadmin; proxy_pass $pgadmin_backend; proxy_set_header X-Script-Name /pgadmin; proxy_set_header X-Scheme $scheme; proxy_set_header Host $host; proxy_redirect off; } # Portainer # Optional Module, comment this section if you are did not deploy portainer in docker-compose.yml location /portainer/ { proxy_pass $portainer_backend; rewrite ^/portainer/(.*) /$1 break; } # Admin Frontend # Optional Module, comment this section if you are did not deploy admin_frontend in docker-compose.yml location / { proxy_pass $admin_frontend_backend; proxy_set_header X-Scheme $scheme; proxy_set_header Host $host; } } }