Files
sciagent/deploy/nginx/minio-s3-proxy.conf.example
Thinh Lam 688fac73e9
CI/CD / backend (push) Failing after 2m8s
CI/CD / frontend (push) Failing after 1m40s
CI/CD / deploy (push) Has been skipped
sciagent code + Gitea Actions CI/CD
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-30 09:38:30 +07:00

48 lines
1.5 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Example: expose MinIO S3 API on HTTPS for presigned URLs (fixes mixed content vs https://your-app).
#
# 1. DNS: A/AAAA record for MINIO_API_HOST → your VPS.
# 2. TLS: obtain cert for MINIO_API_HOST (e.g. certbot --nginx).
# 3. Replace MINIO_API_HOST and adjust upstream port if MINIO_API_PORT ≠ 19000.
# 4. Set in .env (same hostname and scheme — no trailing slash):
# S3_PUBLIC_ENDPOINT_URL=https://MINIO_API_HOST
# MINIO_SERVER_URL=https://MINIO_API_HOST
# 5. Recreate/be0 restart so presign matches this host.
#
# Optionally bind Dockers MinIO publish to localhost only:
# "127.0.0.1:19000:9000"
upstream minio_s3_api {
server 127.0.0.1:19000;
keepalive 32;
}
server {
listen 443 ssl http2;
server_name MINIO_API_HOST;
ssl_certificate /fullchain.pem;
ssl_certificate_key /privkey.pem;
# Large evidence PDF uploads go through be0, not nginx→MinIO, but PUT via presign can be big.
client_max_body_size 50m;
# Disable buffering for streamed GETs if needed upstream.
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_pass http://minio_s3_api;
}
}