diff --git a/.gitignore b/.gitignore index 8477050e..1c24299d 100755 --- a/.gitignore +++ b/.gitignore @@ -9,7 +9,8 @@ npm/ n8n/ n8n-cache/ n8n-migrate/git -8n-postgres/ +n8n-postgres/ +pgadmin/ # ===================================================== # IDE/Editor settings # ===================================================== diff --git a/n8n-postgres/base/16384/1247 b/n8n-postgres/base/16384/1247 index 0de08dd7..8f077468 100755 Binary files a/n8n-postgres/base/16384/1247 and b/n8n-postgres/base/16384/1247 differ diff --git a/n8n-postgres/base/16384/1247_vm b/n8n-postgres/base/16384/1247_vm index 187b5db7..93384c9a 100755 Binary files a/n8n-postgres/base/16384/1247_vm and b/n8n-postgres/base/16384/1247_vm differ diff --git a/n8n-postgres/base/16384/1249 b/n8n-postgres/base/16384/1249 index 309a67f8..0e0cf52a 100755 Binary files a/n8n-postgres/base/16384/1249 and b/n8n-postgres/base/16384/1249 differ diff --git a/n8n-postgres/base/16384/1249_fsm b/n8n-postgres/base/16384/1249_fsm index 7058fb59..6648ce1a 100755 Binary files a/n8n-postgres/base/16384/1249_fsm and b/n8n-postgres/base/16384/1249_fsm differ diff --git a/n8n-postgres/base/16384/1249_vm b/n8n-postgres/base/16384/1249_vm index 279dd620..44cb3364 100755 Binary files a/n8n-postgres/base/16384/1249_vm and b/n8n-postgres/base/16384/1249_vm differ diff --git a/n8n-postgres/base/16384/1259 b/n8n-postgres/base/16384/1259 index bc1b65b4..41d417c0 100755 Binary files a/n8n-postgres/base/16384/1259 and b/n8n-postgres/base/16384/1259 differ diff --git a/n8n-postgres/base/16384/1259_vm b/n8n-postgres/base/16384/1259_vm index 059a9190..b9ae6ddd 100755 Binary files a/n8n-postgres/base/16384/1259_vm and b/n8n-postgres/base/16384/1259_vm differ diff --git a/n8n-postgres/base/16384/2608 b/n8n-postgres/base/16384/2608 index dffdff2a..9cb7067a 100755 Binary files a/n8n-postgres/base/16384/2608 and b/n8n-postgres/base/16384/2608 differ diff --git a/n8n-postgres/base/16384/2608_fsm b/n8n-postgres/base/16384/2608_fsm index c94bde52..0ac9e604 100755 Binary files a/n8n-postgres/base/16384/2608_fsm and b/n8n-postgres/base/16384/2608_fsm differ diff --git a/n8n-postgres/base/16384/2608_vm b/n8n-postgres/base/16384/2608_vm index 5cc473ec..66d50df5 100755 Binary files a/n8n-postgres/base/16384/2608_vm and b/n8n-postgres/base/16384/2608_vm differ diff --git a/n8n-postgres/base/16384/2619 b/n8n-postgres/base/16384/2619 index b42c75cf..585b49cf 100755 Binary files a/n8n-postgres/base/16384/2619 and b/n8n-postgres/base/16384/2619 differ diff --git a/n8n-postgres/base/16384/2619_fsm b/n8n-postgres/base/16384/2619_fsm index 67b20229..3a4c2e97 100755 Binary files a/n8n-postgres/base/16384/2619_fsm and b/n8n-postgres/base/16384/2619_fsm differ diff --git a/n8n-postgres/base/16384/2658 b/n8n-postgres/base/16384/2658 index 144768e3..b9282203 100755 Binary files a/n8n-postgres/base/16384/2658 and b/n8n-postgres/base/16384/2658 differ diff --git a/n8n-postgres/base/16384/2658_fsm b/n8n-postgres/base/16384/2658_fsm index 5829ca92..358f6abd 100755 Binary files a/n8n-postgres/base/16384/2658_fsm and b/n8n-postgres/base/16384/2658_fsm differ diff --git a/n8n-postgres/base/16384/2659 b/n8n-postgres/base/16384/2659 index 7500683b..2c332a2a 100755 Binary files a/n8n-postgres/base/16384/2659 and b/n8n-postgres/base/16384/2659 differ diff --git a/n8n-postgres/base/16384/2659_fsm b/n8n-postgres/base/16384/2659_fsm index 46ccc832..e12943b9 100755 Binary files a/n8n-postgres/base/16384/2659_fsm and b/n8n-postgres/base/16384/2659_fsm differ diff --git a/n8n-postgres/base/16384/2662 b/n8n-postgres/base/16384/2662 index 4c264896..965e85c2 100755 Binary files a/n8n-postgres/base/16384/2662 and b/n8n-postgres/base/16384/2662 differ diff --git a/n8n-postgres/base/16384/2663 b/n8n-postgres/base/16384/2663 index eb0c53d6..b05c4429 100755 Binary files a/n8n-postgres/base/16384/2663 and b/n8n-postgres/base/16384/2663 differ diff --git a/n8n-postgres/base/16384/2673 b/n8n-postgres/base/16384/2673 index 8634ecd7..f4293571 100755 Binary files a/n8n-postgres/base/16384/2673 and b/n8n-postgres/base/16384/2673 differ diff --git a/n8n-postgres/base/16384/2673_fsm b/n8n-postgres/base/16384/2673_fsm index e12943b9..36f58d72 100644 Binary files a/n8n-postgres/base/16384/2673_fsm and b/n8n-postgres/base/16384/2673_fsm differ diff --git a/n8n-postgres/base/16384/2674 b/n8n-postgres/base/16384/2674 index cdbf6c8c..5808da1f 100755 Binary files a/n8n-postgres/base/16384/2674 and b/n8n-postgres/base/16384/2674 differ diff --git a/n8n-postgres/base/16384/2696 b/n8n-postgres/base/16384/2696 index 0437afdb..aab4f52a 100755 Binary files a/n8n-postgres/base/16384/2696 and b/n8n-postgres/base/16384/2696 differ diff --git a/n8n-postgres/base/16384/2703 b/n8n-postgres/base/16384/2703 index 9325e957..aa76ea90 100755 Binary files a/n8n-postgres/base/16384/2703 and b/n8n-postgres/base/16384/2703 differ diff --git a/n8n-postgres/base/16384/2704 b/n8n-postgres/base/16384/2704 index ca1a1f2f..784bae41 100755 Binary files a/n8n-postgres/base/16384/2704 and b/n8n-postgres/base/16384/2704 differ diff --git a/n8n-postgres/base/16384/2840 b/n8n-postgres/base/16384/2840 index 708b5929..0fc41b04 100755 Binary files a/n8n-postgres/base/16384/2840 and b/n8n-postgres/base/16384/2840 differ diff --git a/n8n-postgres/base/16384/2841 b/n8n-postgres/base/16384/2841 index 4d814774..9f811b3b 100755 Binary files a/n8n-postgres/base/16384/2841 and b/n8n-postgres/base/16384/2841 differ diff --git a/n8n-postgres/base/16384/3455 b/n8n-postgres/base/16384/3455 index 2245f2f1..ae91a808 100755 Binary files a/n8n-postgres/base/16384/3455 and b/n8n-postgres/base/16384/3455 differ diff --git a/n8n-postgres/base/16384/pg_internal.init b/n8n-postgres/base/16384/pg_internal.init index adfa2430..21b765a0 100644 Binary files a/n8n-postgres/base/16384/pg_internal.init and b/n8n-postgres/base/16384/pg_internal.init differ diff --git a/n8n-postgres/global/pg_control b/n8n-postgres/global/pg_control index c7e88782..7ed9fa3c 100755 Binary files a/n8n-postgres/global/pg_control and b/n8n-postgres/global/pg_control differ diff --git a/n8n-postgres/global/pg_internal.init b/n8n-postgres/global/pg_internal.init index e873d625..3eff89f1 100644 Binary files a/n8n-postgres/global/pg_internal.init and b/n8n-postgres/global/pg_internal.init differ diff --git a/n8n-postgres/pg_wal/000000010000000000000003 b/n8n-postgres/pg_wal/000000010000000000000003 index 33fcaf71..07e70757 100755 Binary files a/n8n-postgres/pg_wal/000000010000000000000003 and b/n8n-postgres/pg_wal/000000010000000000000003 differ diff --git a/n8n-postgres/pg_xact/0000 b/n8n-postgres/pg_xact/0000 index 37548c42..653ce67d 100755 Binary files a/n8n-postgres/pg_xact/0000 and b/n8n-postgres/pg_xact/0000 differ diff --git a/n8n-postgres/postmaster.pid b/n8n-postgres/postmaster.pid index a16f1033..184e9014 100644 --- a/n8n-postgres/postmaster.pid +++ b/n8n-postgres/postmaster.pid @@ -1,6 +1,6 @@ 1 /var/lib/postgresql/data -1759310848 +1759373409 5432 /var/run/postgresql * diff --git a/npm/data/database.sqlite b/npm/data/database.sqlite index 0e2e863d..83516480 100644 Binary files a/npm/data/database.sqlite and b/npm/data/database.sqlite differ diff --git a/npm/data/nginx/proxy_host/3.conf b/npm/data/nginx/proxy_host/3.conf deleted file mode 100644 index 314ce25b..00000000 --- a/npm/data/nginx/proxy_host/3.conf +++ /dev/null @@ -1,274 +0,0 @@ -# ------------------------------------------------------------ -# lcbp3.np-dms.work -# ------------------------------------------------------------ - - - -map $scheme $hsts_header { - https "max-age=63072000; preload"; -} - -server { - set $forward_scheme http; - set $server "dms_frontend"; - set $port 3000; - - listen 80; -listen [::]:80; - -listen 443 ssl; -listen [::]:443 ssl; - - - server_name lcbp3.np-dms.work; - - http2 on; - - - # Let's Encrypt SSL - include conf.d/include/letsencrypt-acme-challenge.conf; - include conf.d/include/ssl-cache.conf; - include conf.d/include/ssl-ciphers.conf; - ssl_certificate /etc/letsencrypt/live/npm-7/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/npm-7/privkey.pem; - - - - - - - - - # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years) - add_header Strict-Transport-Security $hsts_header always; - - - - - - # Force SSL - include conf.d/include/force-ssl.conf; - - - - -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $http_connection; -proxy_http_version 1.1; - - - access_log /data/logs/proxy-host-3_access.log proxy; - error_log /data/logs/proxy-host-3_error.log warn; - -# ===== ขนาดไฟล์/timeout ระดับ Host ===== -client_max_body_size 200m; -client_body_timeout 60s; -send_timeout 60s; - -# ===== Proxy headers พื้นฐาน (ให้ backend รู้ proto จริง) ===== -proxy_set_header X-Forwarded-Proto $scheme; - -# ===== WebSocket/SSE header ระดับ Host ===== -# หมายเหตุ: ถ้า $connection_upgrade ยังไม่ถูกนิยามในระบบคุณ -# ให้เปลี่ยนบรรทัดที่สองเป็น: proxy_set_header Connection "upgrade"; -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $connection_upgrade; - -# ===== สำคัญสำหรับคุกกี้ HttpOnly ===== -# อย่าตัด Set-Cookie ของ backend ทิ้ง -proxy_pass_header Set-Cookie; - -# ===== Security headers ระดับ Host ===== -add_header X-Content-Type-Options nosniff always; -add_header X-Frame-Options SAMEORIGIN always; -add_header Referrer-Policy "no-referrer-when-downgrade" always; - -# เปิด HSTS เมื่อมั่นใจว่าทุก subdomain ใช้ HTTPS เท่านั้น -# (ถ้ามีซับโดเมนที่ยังไม่ HTTPS ให้เอา includeSubDomains ออกชั่วคราว) -add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - - - location /health { - proxy_set_header Host $host; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto https; -proxy_read_timeout 15s; -proxy_send_timeout 15s; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_frontend:3000; - - - - - - - # Force SSL - include conf.d/include/force-ssl.conf; - - - - - # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years) - add_header Strict-Transport-Security $hsts_header always; - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /_next/static/ { - proxy_set_header Host $host; -add_header Cache-Control "public, max-age=31536000, immutable"; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_frontend:3000; - - - - - - - # Force SSL - include conf.d/include/force-ssl.conf; - - - - - # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years) - add_header Strict-Transport-Security $hsts_header always; - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /api/ { - # === upstream headers พื้นฐาน === -proxy_set_header Host $host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; # แก้จาก "https" → ใช้ $scheme ให้ถูกตามจริง - -# WebSocket/SSE -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection "upgrade"; - -proxy_read_timeout 300s; -proxy_send_timeout 300s; -proxy_redirect off; - -# >>> สำคัญสำหรับคุกกี้ <<< -proxy_pass_header Set-Cookie; # ให้ Nginx ส่ง Set-Cookie กลับ client (ห้ามตัดทิ้ง) - -# ---- CORS allowlist ---- -set $cors_allow_origin ""; -if ($http_origin ~* "^https?://(localhost(:\\d+)?|127\\.0\\.0\\.1(:\\d+)?|np-dms\\.work|www\\.np-dms\\.work|lcbp3\\.np-dms\\.work)$") { - set $cors_allow_origin $http_origin; -} - -add_header Vary "Origin" always; -add_header Access-Control-Allow-Credentials "true" always; - -# ถ้าต้องการ allow เฉพาะที่ match เท่านั้น ให้คง pattern เดิมไว้ -add_header Access-Control-Allow-Origin $cors_allow_origin always; - -# เผย header ที่จำเป็นต่อการดาวน์โหลด/ดูไฟล์ -add_header Access-Control-Expose-Headers "Content-Disposition,Content-Length" always; - -add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always; -add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, Origin, Referer, User-Agent, X-Requested-With, Cache-Control, Pragma" always; - -if ($request_method = OPTIONS) { - add_header Content-Length 0; - add_header Content-Type text/plain; - return 204; -} - - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_backend:3001; - - - - - - - # Force SSL - include conf.d/include/force-ssl.conf; - - - - - # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years) - add_header Strict-Transport-Security $hsts_header always; - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - - - - - location / { - - - - - - # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years) - add_header Strict-Transport-Security $hsts_header always; - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - - # Proxy! - include conf.d/include/proxy.conf; - } - - - # Custom - include /data/nginx/custom/server_proxy[.]conf; -} diff --git a/npm/data/nginx/proxy_host/3.conf.bak.1758092638 b/npm/data/nginx/proxy_host/3.conf.bak.1758092638 deleted file mode 100644 index 0633ed10..00000000 --- a/npm/data/nginx/proxy_host/3.conf.bak.1758092638 +++ /dev/null @@ -1,357 +0,0 @@ -# ------------------------------------------------------------ -# lcbp3.np-dms.work -# ------------------------------------------------------------ - - - -map $scheme $hsts_header { - https "max-age=63072000; preload"; -} - -server { - set $forward_scheme http; - set $server "dms_frontend"; - set $port 3000; - - listen 80; -listen [::]:80; - - - server_name lcbp3.np-dms.work; - - http2 on; - - - - - - - - - - - -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $http_connection; -proxy_http_version 1.1; - - - access_log /data/logs/proxy-host-3_access.log proxy; - error_log /data/logs/proxy-host-3_error.log warn; - -# ===== ขนาดไฟล์/timeout ระดับ Host ===== -client_max_body_size 200m; -client_body_timeout 60s; -send_timeout 60s; - -# ===== WebSocket/SSE header ระดับ Host ===== -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $connection_upgrade; - -# ===== Security headers ระดับ Host ===== -add_header X-Content-Type-Options nosniff always; -add_header X-Frame-Options SAMEORIGIN always; -add_header Referrer-Policy "no-referrer-when-downgrade" always; -# เปิด HSTS เมื่อมั่นใจว่าทุก subdomain ใช้ HTTPS เท่านั้น -# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - - location /health { - proxy_http_version 1.1; -proxy_set_header Host $host; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto https; -proxy_read_timeout 15s; -proxy_send_timeout 15s; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_frontend:3000; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /_next/static/ { - proxy_http_version 1.1; -proxy_set_header Host $host; -add_header Cache-Control "public, max-age=31536000, immutable"; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_frontend:3000; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /api/ { - proxy_http_version 1.1; - -proxy_set_header Host $host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto https; - -# WebSocket/SSE เผื่อใช้ -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection "upgrade"; - -proxy_read_timeout 300s; -proxy_send_timeout 300s; -proxy_redirect off; - -# ---- CORS allowlist ---- -set $cors_allow_origin ""; -if ($http_origin ~* "^https?://(localhost(:\\d+)?|127\\.0\\.0\\.1(:\\d+)?|np-dms\\.work|www\\.np-dms\\.work|lcbp3\\.np-dms\\.work)$") { - set $cors_allow_origin $http_origin; -} -add_header Access-Control-Allow-Origin $cors_allow_origin always; -add_header Vary "Origin" always; -add_header Access-Control-Allow-Credentials "true" always; -add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always; -add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, Origin, Referer, User-Agent, X-Requested-With, Cache-Control, Pragma" always; - -if ($request_method = OPTIONS) { - add_header Content-Length 0; - add_header Content-Type text/plain; - return 204; -} - - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_backend:3001; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /pma/ { - proxy_http_version 1.1; -proxy_set_header Host $host; -proxy_set_header X-Forwarded-Host $host; -proxy_set_header X-Forwarded-Proto https; -proxy_set_header X-Forwarded-Prefix /pma; -proxy_read_timeout 300s; -proxy_send_timeout 300s; -proxy_redirect off; - - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_phpmyadmin:80; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /n8n { - rewrite ^/n8n$ /n8n/ permanent; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_frontend:80; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /n8n/ { - proxy_http_version 1.1; -proxy_set_header Host $host; -proxy_set_header X-Forwarded-Host $host; -proxy_set_header X-Forwarded-Proto https; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Prefix /n8n; - -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection "upgrade"; - -proxy_read_timeout 86400s; -proxy_send_timeout 86400s; -proxy_redirect off; - - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_n8n:5678; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /pgadmin { - rewrite ^/pgadmin$ /pgadmin/ permanent; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_frontend:3000; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /pgadmin/ { - proxy_http_version 1.1; -proxy_set_header Host $host; -proxy_set_header X-Script-Name /pgadmin; -proxy_set_header X-Forwarded-Prefix /pgadmin; -proxy_set_header X-Forwarded-Host $host; -proxy_set_header X-Forwarded-Proto https; -proxy_read_timeout 300s; -proxy_send_timeout 300s; -proxy_redirect off; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_pgadmin:80; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - - - - - location / { - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - - # Proxy! - include conf.d/include/proxy.conf; - } - - - # Custom - include /data/nginx/custom/server_proxy[.]conf; -} diff --git a/npm/data/nginx/proxy_host/3.conf.disabled b/npm/data/nginx/proxy_host/3.conf.disabled deleted file mode 100644 index 0633ed10..00000000 --- a/npm/data/nginx/proxy_host/3.conf.disabled +++ /dev/null @@ -1,357 +0,0 @@ -# ------------------------------------------------------------ -# lcbp3.np-dms.work -# ------------------------------------------------------------ - - - -map $scheme $hsts_header { - https "max-age=63072000; preload"; -} - -server { - set $forward_scheme http; - set $server "dms_frontend"; - set $port 3000; - - listen 80; -listen [::]:80; - - - server_name lcbp3.np-dms.work; - - http2 on; - - - - - - - - - - - -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $http_connection; -proxy_http_version 1.1; - - - access_log /data/logs/proxy-host-3_access.log proxy; - error_log /data/logs/proxy-host-3_error.log warn; - -# ===== ขนาดไฟล์/timeout ระดับ Host ===== -client_max_body_size 200m; -client_body_timeout 60s; -send_timeout 60s; - -# ===== WebSocket/SSE header ระดับ Host ===== -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $connection_upgrade; - -# ===== Security headers ระดับ Host ===== -add_header X-Content-Type-Options nosniff always; -add_header X-Frame-Options SAMEORIGIN always; -add_header Referrer-Policy "no-referrer-when-downgrade" always; -# เปิด HSTS เมื่อมั่นใจว่าทุก subdomain ใช้ HTTPS เท่านั้น -# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - - location /health { - proxy_http_version 1.1; -proxy_set_header Host $host; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto https; -proxy_read_timeout 15s; -proxy_send_timeout 15s; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_frontend:3000; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /_next/static/ { - proxy_http_version 1.1; -proxy_set_header Host $host; -add_header Cache-Control "public, max-age=31536000, immutable"; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_frontend:3000; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /api/ { - proxy_http_version 1.1; - -proxy_set_header Host $host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto https; - -# WebSocket/SSE เผื่อใช้ -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection "upgrade"; - -proxy_read_timeout 300s; -proxy_send_timeout 300s; -proxy_redirect off; - -# ---- CORS allowlist ---- -set $cors_allow_origin ""; -if ($http_origin ~* "^https?://(localhost(:\\d+)?|127\\.0\\.0\\.1(:\\d+)?|np-dms\\.work|www\\.np-dms\\.work|lcbp3\\.np-dms\\.work)$") { - set $cors_allow_origin $http_origin; -} -add_header Access-Control-Allow-Origin $cors_allow_origin always; -add_header Vary "Origin" always; -add_header Access-Control-Allow-Credentials "true" always; -add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always; -add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, Origin, Referer, User-Agent, X-Requested-With, Cache-Control, Pragma" always; - -if ($request_method = OPTIONS) { - add_header Content-Length 0; - add_header Content-Type text/plain; - return 204; -} - - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_backend:3001; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /pma/ { - proxy_http_version 1.1; -proxy_set_header Host $host; -proxy_set_header X-Forwarded-Host $host; -proxy_set_header X-Forwarded-Proto https; -proxy_set_header X-Forwarded-Prefix /pma; -proxy_read_timeout 300s; -proxy_send_timeout 300s; -proxy_redirect off; - - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_phpmyadmin:80; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /n8n { - rewrite ^/n8n$ /n8n/ permanent; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_frontend:80; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /n8n/ { - proxy_http_version 1.1; -proxy_set_header Host $host; -proxy_set_header X-Forwarded-Host $host; -proxy_set_header X-Forwarded-Proto https; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Prefix /n8n; - -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection "upgrade"; - -proxy_read_timeout 86400s; -proxy_send_timeout 86400s; -proxy_redirect off; - - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_n8n:5678; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /pgadmin { - rewrite ^/pgadmin$ /pgadmin/ permanent; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_frontend:3000; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - location /pgadmin/ { - proxy_http_version 1.1; -proxy_set_header Host $host; -proxy_set_header X-Script-Name /pgadmin; -proxy_set_header X-Forwarded-Prefix /pgadmin; -proxy_set_header X-Forwarded-Host $host; -proxy_set_header X-Forwarded-Proto https; -proxy_read_timeout 300s; -proxy_send_timeout 300s; -proxy_redirect off; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://dms_pgadmin:80; - - - - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - } - - - - - - location / { - - - - - - - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - - - # Proxy! - include conf.d/include/proxy.conf; - } - - - # Custom - include /data/nginx/custom/server_proxy[.]conf; -} diff --git a/pgadmin/sessions/06d8abe8-535a-46a2-92b9-0f91fbdb8c32 b/pgadmin/sessions/06d8abe8-535a-46a2-92b9-0f91fbdb8c32 deleted file mode 100644 index e69de29b..00000000 diff --git a/pgadmin/sessions/1d63212c-36df-41c2-b68f-69e6169b146b b/pgadmin/sessions/1d63212c-36df-41c2-b68f-69e6169b146b deleted file mode 100644 index e69de29b..00000000 diff --git a/pgadmin/sessions/1f41c70e-b34d-4d55-b733-a9a0ae2a92f8 b/pgadmin/sessions/1f41c70e-b34d-4d55-b733-a9a0ae2a92f8 deleted file mode 100644 index e69de29b..00000000 diff --git a/pgadmin/sessions/2d99f6a6-0550-43fc-b00a-c59f82a48a78 b/pgadmin/sessions/2d99f6a6-0550-43fc-b00a-c59f82a48a78 deleted file mode 100644 index e69de29b..00000000 diff --git a/pgadmin/sessions/7f34e0c0-ff4c-4fcd-aaa7-3cb100bd3f07 b/pgadmin/sessions/7f34e0c0-ff4c-4fcd-aaa7-3cb100bd3f07 deleted file mode 100644 index e69de29b..00000000 diff --git a/pgadmin/sessions/9e3dc0d6-6686-4613-9b3d-d53c13b310eb b/pgadmin/sessions/9e3dc0d6-6686-4613-9b3d-d53c13b310eb deleted file mode 100644 index e69de29b..00000000 diff --git a/pgadmin/sessions/abab902b-a6f6-474c-911b-617b7968f2c7 b/pgadmin/sessions/abab902b-a6f6-474c-911b-617b7968f2c7 deleted file mode 100644 index e69de29b..00000000 diff --git a/pgadmin/sessions/c6185fa8-c854-4922-b272-9363d5c15c0f b/pgadmin/sessions/c6185fa8-c854-4922-b272-9363d5c15c0f deleted file mode 100644 index e69de29b..00000000