50 lines
1.5 KiB
Plaintext
50 lines
1.5 KiB
Plaintext
# Minimal NGINX reverse proxy for MCP Browser SSE bridge
|
|
#
|
|
# This configuration omits OAuth and exposes only the unauthenticated SSE
|
|
# endpoint. It is intended for quick local setup (e.g. tunnelling the bridge
|
|
# to the OpenAI MCP interface) and should not be used on the public Internet
|
|
# without adding authentication.
|
|
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
|
|
upstream mcp_browser_backend {
|
|
server 127.0.0.1:8251;
|
|
keepalive 4;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name mcp-dev.example.com;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/mcp-dev.example.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/mcp-dev.example.com/privkey.pem;
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
|
|
add_header X-Robots-Tag "noindex, nofollow, noarchive" always;
|
|
|
|
# Replace __MCP_SLUG__ with your private slug value.
|
|
location ^~ /__MCP_SLUG__/mcp-browser/ {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-NginX-Proxy true;
|
|
|
|
proxy_request_buffering off;
|
|
proxy_buffering off;
|
|
proxy_cache off;
|
|
proxy_read_timeout 1d;
|
|
proxy_send_timeout 1d;
|
|
send_timeout 1d;
|
|
keepalive_timeout 1d;
|
|
|
|
proxy_pass http://mcp_browser_backend/servers/mcp-browser/sse;
|
|
}
|
|
}
|