# Changemaker Lite — Instance: {{name}} # Embed proxy ports for iframe embedding in admin GUI. # These strip X-Frame-Options and CSP so services can be iframed. # Internal ports 8881-8894 are mapped to host ports via docker-compose. # NocoDB embed proxy (internal 8881) server { listen 8881; location / { set $upstream_nocodb http://{{containerPrefix}}-nocodb:8080; proxy_pass $upstream_nocodb; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # n8n embed proxy (internal 8882) server { listen 8882; location / { set $upstream_n8n http://{{containerPrefix}}-n8n:5678; proxy_pass $upstream_n8n; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } # Gitea embed proxy (internal 8883) server { listen 8883; client_max_body_size 2048M; location / { set $upstream_gitea http://{{containerPrefix}}-gitea:3000; proxy_pass $upstream_gitea; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # MailHog embed proxy (internal 8884) server { listen 8884; location / { set $upstream_mailhog http://{{containerPrefix}}-mailhog:8025; proxy_pass $upstream_mailhog; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } # Mini QR embed proxy (internal 8885) server { listen 8885; location / { set $upstream_miniqr http://{{containerPrefix}}-mini-qr:8080; proxy_pass $upstream_miniqr; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # Excalidraw embed proxy (internal 8886) server { listen 8886; location / { set $upstream_excalidraw http://{{containerPrefix}}-excalidraw:80; proxy_pass $upstream_excalidraw; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; } } # Homepage embed proxy (internal 8887) server { listen 8887; location / { set $upstream_homepage http://{{containerPrefix}}-homepage:3000; proxy_pass $upstream_homepage; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # Code Server embed proxy (internal 8888) server { listen 8888; location / { set $upstream_code http://{{containerPrefix}}-code-server:8443; proxy_pass $upstream_code; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } # MkDocs embed proxy (internal 8889) server { listen 8889; location / { set $upstream_mkdocs http://{{containerPrefix}}-mkdocs:8000; proxy_pass $upstream_mkdocs; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } # Vaultwarden embed proxy (internal 8890) server { listen 8890; location / { set $upstream_vaultwarden http://{{containerPrefix}}-vaultwarden:80; proxy_pass $upstream_vaultwarden; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; } } # Rocket.Chat embed proxy (internal 8891) {{#if enableChat}} server { listen 8891; location / { set $upstream_rocketchat http://{{containerPrefix}}-rocketchat:3000; proxy_pass $upstream_rocketchat; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; client_max_body_size 100m; } } {{/if}} # Gancio embed proxy (internal 8892) {{#if enableGancio}} server { listen 8892; location / { set $upstream_gancio http://{{containerPrefix}}-gancio:13120; proxy_pass $upstream_gancio; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } {{/if}} # Grafana embed proxy (internal 8893) {{#if enableMonitoring}} server { listen 8893; location / { set $upstream_grafana http://{{containerPrefix}}-grafana:3000; proxy_pass $upstream_grafana; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } {{/if}} # Listmonk embed proxy (internal 8894) {{#if enableListmonk}} server { listen 8894; location / { set $upstream_listmonk http://{{containerPrefix}}-listmonk:9000; proxy_pass $upstream_listmonk; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } {{/if}} # MkDocs site server proxy (internal 8895) — static built documentation site server { listen 8895; location / { set $upstream_mkdocs_site http://{{containerPrefix}}-mkdocs-site:80; proxy_pass $upstream_mkdocs_site; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # Jitsi Meet embed proxy (internal 8896) {{#if enableMeet}} server { listen 8896; location / { set $upstream_jitsi http://{{containerPrefix}}-jitsi-web:80; proxy_pass $upstream_jitsi; proxy_hide_header X-Frame-Options; proxy_hide_header Content-Security-Policy; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; } } {{/if}}