onyx

qiaofeng1227 · qiaofeng1227 · commit db77c644f18d · 2026-01-15T14:35:21.000+08:00
diff --git a/apps/onyx/docker-compose.yml b/apps/onyx/docker-compose.yml
@@ -83,12 +83,10 @@ services:
 
   web_server:
     image: onyxdotapp/onyx-web-server:${W9_VERSION}
-    container_name: $W9_ID
+    container_name: $W9_ID-web-server
     depends_on:
       - api_server
     restart: unless-stopped
-    ports:
-      - "${W9_HTTP_PORT_SET}:3000"
     env_file:
       - .env
     environment:
@@ -99,6 +97,30 @@ services:
         max-size: "50m"
         max-file: "6"
 
+  nginx:
+    image: nginx:1.25.5-alpine
+    container_name: $W9_ID
+    restart: unless-stopped
+    env_file:
+      - .env
+    depends_on:
+      - api_server
+      - web_server
+    ports:
+      - "${W9_HTTP_PORT_SET}:80"
+    volumes:
+      - ./src:/etc/nginx/conf.d
+    command: >
+      /bin/sh -c "dos2unix /etc/nginx/conf.d/run-nginx.sh 2>/dev/null || true
+      && /etc/nginx/conf.d/run-nginx.sh app.conf.template"
+    environment:
+      - DOMAIN=${W9_DOMAIN}
+    logging:
+      driver: json-file
+      options:
+        max-size: "50m"
+        max-file: "6"
+
   relational_db:
     image: postgres:15.2-alpine
     container_name: $W9_ID-postgresql
diff --git a/apps/onyx/src/app.conf.template b/apps/onyx/src/app.conf.template
@@ -1,9 +1,27 @@
-# Override log format to include request latency
+# Log format to include request latency
 log_format custom_main '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for" '
                       'rt=$request_time';
 
+# Map X-Forwarded-Proto or fallback to $scheme
+map $http_x_forwarded_proto $forwarded_proto {
+    default $http_x_forwarded_proto;
+    ""      $scheme;
+}
+
+# Map X-Forwarded-Host or fallback to $host
+map $http_x_forwarded_host $forwarded_host {
+    default $http_x_forwarded_host;
+    ""      $host;
+}
+
+# Map X-Forwarded-Port or fallback to server port
+map $http_x_forwarded_port $forwarded_port {
+    default $http_x_forwarded_port;
+    ""      $server_port;
+}
+
 upstream api_server {
     # fail_timeout=0 means we always retry an upstream even if it failed
     # to return a good HTTP response
@@ -12,22 +30,26 @@ upstream api_server {
     #server unix:/tmp/gunicorn.sock fail_timeout=0;
 
     # for a TCP configuration
-    # TODO: use gunicorn to manage multiple processes
-    server ${W9_ID}-api-server:8080 fail_timeout=0;
+    server ${ONYX_BACKEND_API_HOST}:8080 fail_timeout=0;
 }
 
 upstream web_server {
-    server ${W9_ID}-web-server:3000 fail_timeout=0;
+    server ${ONYX_WEB_SERVER_HOST}:3000 fail_timeout=0;
 }
 
+# Conditionally include MCP upstream configuration
+include /etc/nginx/conf.d/mcp_upstream.conf.inc;
+
 server {
-    listen 80;
-    server_name ${DOMAIN};
+    listen 80 default_server;
 
     client_max_body_size 5G;    # Maximum upload size    
 
     access_log /var/log/nginx/access.log custom_main;
 
+    # Conditionally include MCP location configuration 
+    include /etc/nginx/conf.d/mcp.conf.inc;
+
     # Match both /api/* and /openapi.json in a single rule
     location ~ ^/(api|openapi.json)(/.*)?$ {
         # Rewrite /api prefixed matched paths
@@ -36,14 +58,20 @@ server {
         # misc headers
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-Host $host; 
+        proxy_set_header X-Forwarded-Proto $forwarded_proto;
+        proxy_set_header X-Forwarded-Host $forwarded_host;
+        proxy_set_header X-Forwarded-Port $forwarded_port;
         proxy_set_header Host $host;
 
         # need to use 1.1 to support chunked transfers
         proxy_http_version 1.1;
         proxy_buffering off;
 
+        # timeout settings
+        proxy_connect_timeout ${NGINX_PROXY_CONNECT_TIMEOUT}s;
+        proxy_send_timeout ${NGINX_PROXY_SEND_TIMEOUT}s;
+        proxy_read_timeout ${NGINX_PROXY_READ_TIMEOUT}s;
+
         # we don't want nginx trying to do something clever with
         # redirects, we set the Host: header above already.
         proxy_redirect off;
@@ -54,12 +82,18 @@ server {
         # misc headers
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-Host $host; 
+        proxy_set_header X-Forwarded-Proto $forwarded_proto;
+        proxy_set_header X-Forwarded-Host $forwarded_host;
+        proxy_set_header X-Forwarded-Port $forwarded_port;
         proxy_set_header Host $host;
 
         proxy_http_version 1.1;
 
+        # timeout settings
+        proxy_connect_timeout ${NGINX_PROXY_CONNECT_TIMEOUT}s;
+        proxy_send_timeout ${NGINX_PROXY_SEND_TIMEOUT}s;
+        proxy_read_timeout ${NGINX_PROXY_READ_TIMEOUT}s;
+
         # we don't want nginx trying to do something clever with
         # redirects, we set the Host: header above already.
         proxy_redirect off;
diff --git a/apps/onyx/src/mcp.conf.inc.template b/apps/onyx/src/mcp.conf.inc.template
@@ -0,0 +1,14 @@
+# MCP Server location configuration
+location /mcp {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Host $host;
+    proxy_set_header Host $host;
+    
+    proxy_http_version 1.1;
+    proxy_buffering off;
+    
+    proxy_redirect off;
+    proxy_pass http://mcp_server;
+}
diff --git a/apps/onyx/src/mcp_upstream.conf.inc.template b/apps/onyx/src/mcp_upstream.conf.inc.template
@@ -0,0 +1,4 @@
+# MCP Server upstream configuration
+upstream mcp_server {
+    server ${ONYX_MCP_SERVER_HOST}:8090 fail_timeout=0;
+}
diff --git a/apps/onyx/src/run-nginx.sh b/apps/onyx/src/run-nginx.sh
@@ -1,5 +1,35 @@
 # fill in the template
-envsubst '$DOMAIN $SSL_CERT_FILE_NAME $SSL_CERT_KEY_FILE_NAME $W9_ID' < "/etc/nginx/conf.d/$1" > /etc/nginx/conf.d/app.conf
+export ONYX_BACKEND_API_HOST="${ONYX_BACKEND_API_HOST:-${W9_ID}-api-server}"
+export ONYX_WEB_SERVER_HOST="${ONYX_WEB_SERVER_HOST:-${W9_ID}-web-server}"
+export ONYX_MCP_SERVER_HOST="${ONYX_MCP_SERVER_HOST:-mcp_server}"
+
+export SSL_CERT_FILE_NAME="${SSL_CERT_FILE_NAME:-ssl.crt}"
+export SSL_CERT_KEY_FILE_NAME="${SSL_CERT_KEY_FILE_NAME:-ssl.key}"
+
+# Nginx timeout settings (in seconds)
+export NGINX_PROXY_CONNECT_TIMEOUT="${NGINX_PROXY_CONNECT_TIMEOUT:-300}"
+export NGINX_PROXY_SEND_TIMEOUT="${NGINX_PROXY_SEND_TIMEOUT:-300}"
+export NGINX_PROXY_READ_TIMEOUT="${NGINX_PROXY_READ_TIMEOUT:-300}"
+
+echo "Using API server host: $ONYX_BACKEND_API_HOST"
+echo "Using web server host: $ONYX_WEB_SERVER_HOST"
+echo "Using MCP server host: $ONYX_MCP_SERVER_HOST"
+echo "Using nginx proxy timeouts - connect: ${NGINX_PROXY_CONNECT_TIMEOUT}s, send: ${NGINX_PROXY_SEND_TIMEOUT}s, read: ${NGINX_PROXY_READ_TIMEOUT}s"
+
+envsubst '$DOMAIN $SSL_CERT_FILE_NAME $SSL_CERT_KEY_FILE_NAME $ONYX_BACKEND_API_HOST $ONYX_WEB_SERVER_HOST $ONYX_MCP_SERVER_HOST $NGINX_PROXY_CONNECT_TIMEOUT $NGINX_PROXY_SEND_TIMEOUT $NGINX_PROXY_READ_TIMEOUT' < "/etc/nginx/conf.d/$1" > /etc/nginx/conf.d/app.conf
+
+# Conditionally create MCP server configuration
+if [ "${MCP_SERVER_ENABLED}" = "True" ] || [ "${MCP_SERVER_ENABLED}" = "true" ]; then
+  echo "MCP server is enabled, creating MCP configuration..."
+  envsubst '$ONYX_MCP_SERVER_HOST' < "/etc/nginx/conf.d/mcp_upstream.conf.inc.template" > /etc/nginx/conf.d/mcp_upstream.conf.inc
+  envsubst '$ONYX_MCP_SERVER_HOST' < "/etc/nginx/conf.d/mcp.conf.inc.template" > /etc/nginx/conf.d/mcp.conf.inc
+else
+  echo "MCP server is disabled, removing MCP configuration..."
+  # Leave empty placeholder files so nginx includes do not fail
+  # These files are empty because MCP server is disabled
+  echo "# Empty file - MCP server is disabled" > /etc/nginx/conf.d/mcp_upstream.conf.inc
+  echo "# Empty file - MCP server is disabled" > /etc/nginx/conf.d/mcp.conf.inc
+fi
 
 # wait for the api_server to be ready
 echo "Waiting for API server to boot up; this may take a minute or two..."
@@ -10,7 +40,7 @@ echo
 
 while true; do
   # Use curl to send a request and capture the HTTP status code
-  status_code=$(curl -o /dev/null -s -w "%{http_code}\n" "http://${W9_ID}-api-server:8080/health")
+  status_code=$(curl -o /dev/null -s -w "%{http_code}\n" "http://${ONYX_BACKEND_API_HOST}:8080/health")
   
   # Check if the status code is 200
   if [ "$status_code" -eq 200 ]; then
