sciagent code + Gitea Actions CI/CD
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,47 @@
|
||||
# Example: expose MinIO S3 API on HTTPS for presigned URLs (fixes mixed content vs https://your-app).
|
||||
#
|
||||
# 1. DNS: A/AAAA record for MINIO_API_HOST → your VPS.
|
||||
# 2. TLS: obtain cert for MINIO_API_HOST (e.g. certbot --nginx).
|
||||
# 3. Replace MINIO_API_HOST and adjust upstream port if MINIO_API_PORT ≠ 19000.
|
||||
# 4. Set in .env (same hostname and scheme — no trailing slash):
|
||||
# S3_PUBLIC_ENDPOINT_URL=https://MINIO_API_HOST
|
||||
# MINIO_SERVER_URL=https://MINIO_API_HOST
|
||||
# 5. Recreate/be0 restart so presign matches this host.
|
||||
#
|
||||
# Optionally bind Docker’s MinIO publish to localhost only:
|
||||
# "127.0.0.1:19000:9000"
|
||||
|
||||
upstream minio_s3_api {
|
||||
server 127.0.0.1:19000;
|
||||
keepalive 32;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name MINIO_API_HOST;
|
||||
|
||||
ssl_certificate /fullchain.pem;
|
||||
ssl_certificate_key /privkey.pem;
|
||||
|
||||
# Large evidence PDF uploads go through be0, not nginx→MinIO, but PUT via presign can be big.
|
||||
client_max_body_size 50m;
|
||||
|
||||
# Disable buffering for streamed GETs if needed upstream.
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
|
||||
location / {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Connection "";
|
||||
|
||||
proxy_connect_timeout 300;
|
||||
proxy_send_timeout 300;
|
||||
proxy_read_timeout 300;
|
||||
|
||||
proxy_pass http://minio_s3_api;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user