# ============================================================================= # WOOO TECH - Monitor Dashboard # Nginx 配置 - UAT Server (192.168.0.110) # 所有監控工具統一入口 # ============================================================================= # 上游服務定義 upstream grafana_backend { server 127.0.0.1:3000; } upstream prometheus_backend { server 127.0.0.1:9090; } upstream alertmanager_backend { server 127.0.0.1:9093; } upstream portainer_backend { server 127.0.0.1:9000; } upstream n8n_backend { server 127.0.0.1:5678; } upstream pgadmin_backend { server 127.0.0.1:8088; } upstream gitlab_backend { server 127.0.0.1:8929; } upstream nextcloud_backend { server 127.0.0.1:8081; } upstream loki_backend { server 127.0.0.1:3100; } # K8s Grafana (NodePort) upstream k8s_grafana_backend { server 127.0.0.1:30030; } # Rancher (K8s 管理平台) upstream rancher_backend { server 127.0.0.1:8443; } # ============================================================================= # monitor.wooo.work - 監控入口 (HTTP -> HTTPS 重定向) # ============================================================================= server { listen 80; server_name monitor.wooo.work; return 301 https://$server_name$request_uri; } # ============================================================================= # monitor.wooo.work - 監控入口 (HTTPS) # ============================================================================= server { listen 443 ssl http2; server_name monitor.wooo.work; # SSL 證書 ssl_certificate /etc/letsencrypt/live/monitor.wooo.work/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/monitor.wooo.work/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # 監控首頁 (靜態頁面) root /var/www/monitor; index index.html; # 首頁 location = / { try_files /index.html =404; } # ========================================================================= # Docker Grafana (Port 3000) # Grafana 配置了 GF_SERVER_SERVE_FROM_SUB_PATH=true # 必須保留 /grafana/ 路徑傳給 Grafana # ========================================================================= location /grafana/ { proxy_pass http://grafana_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支援 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # ========================================================================= # K8s Grafana (NodePort 30030) # 需要 rewrite 因為 K8s Grafana 沒有配置子路徑 # 建議直接訪問 http://192.168.0.110:30030 # ========================================================================= location /k8s-grafana/ { proxy_pass http://k8s_grafana_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 重寫 Location header 中的重定向路徑 proxy_redirect / /k8s-grafana/; # WebSocket 支援 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # 替換回應中的路徑 sub_filter_once off; sub_filter_types text/html application/javascript; sub_filter 'href="/' 'href="/k8s-grafana/'; sub_filter 'src="/' 'src="/k8s-grafana/'; sub_filter '"/api/' '"/k8s-grafana/api/'; } # ========================================================================= # Prometheus (Port 9090) # 需要配置 --web.external-url 才能完美支援子路徑 # ========================================================================= location /prometheus/ { proxy_pass http://prometheus_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 重寫重定向 proxy_redirect / /prometheus/; } # ========================================================================= # Alertmanager (Port 9093) # ========================================================================= location /alertmanager/ { proxy_pass http://alertmanager_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect / /alertmanager/; } # ========================================================================= # Portainer (Port 9000) # ========================================================================= location /portainer/ { proxy_pass http://portainer_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支援 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # Portainer API location /portainer/api/ { proxy_pass http://portainer_backend/api/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # ========================================================================= # n8n (Port 5678) # 需要設置 N8N_PATH_PREFIX 環境變數 # ========================================================================= location /n8n/ { proxy_pass http://n8n_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支援 (n8n 需要) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # 較長的超時時間 (n8n 工作流可能需要) proxy_read_timeout 300s; proxy_send_timeout 300s; } # ========================================================================= # pgAdmin (Port 8088) # 需要設置 SCRIPT_NAME 環境變數 # ========================================================================= location /pgadmin/ { proxy_pass http://pgadmin_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Script-Name /pgadmin; proxy_redirect off; } # ========================================================================= # Loki (Port 3100) - 僅 API # ========================================================================= location /loki/ { proxy_pass http://loki_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ========================================================================= # Rancher (Port 8443) - K8s 管理平台 # 注意:Rancher 不支援子路徑,建議直接訪問 https://192.168.0.110:8443 # ========================================================================= location /rancher/ { proxy_pass https://rancher_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # SSL 後端 proxy_ssl_verify off; # WebSocket 支援 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # 較長的超時時間 proxy_read_timeout 300s; proxy_send_timeout 300s; } } # ============================================================================= # gitlab.wooo.work - GitLab (僅 HTTP,無公網 DNS) # ============================================================================= server { listen 80; server_name gitlab.wooo.work; location / { proxy_pass http://gitlab_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # GitLab 需要較大的緩衝區 proxy_buffers 8 32k; proxy_buffer_size 64k; client_max_body_size 0; proxy_read_timeout 600s; } } # ============================================================================= # cloud.wooo.work - Nextcloud (僅 HTTP,無公網 DNS) # ============================================================================= server { listen 80; server_name cloud.wooo.work; location / { proxy_pass http://nextcloud_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 10G; proxy_read_timeout 600s; } }