Major Updates to Network and Load Balancing

nginx/client.portnimara.dev.conf

@@ -0,0 +1,197 @@
+# Include upstream configuration
+include /etc/nginx/conf.d/upstream.conf;
+
+server {
+    if ($host = client.portnimara.dev) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    client_max_body_size 64M;
+
+    listen 80;
+    server_name client.portnimara.dev;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+
+    location ^~ /.well-known/acme-challenge/ {
+        alias /var/www/html/.well-known/acme-challenge/;
+        default_type "text/plain";
+        allow all;
+    }
+}
+
+server {
+    client_max_body_size 64M;
+
+    # Timeout configurations to prevent 502 errors
+    proxy_connect_timeout 300s;
+    proxy_send_timeout 300s;
+    proxy_read_timeout 300s;
+    send_timeout 300s;
+
+    # Client timeout settings
+    client_body_timeout 300s;
+    client_header_timeout 300s;
+
+    # Buffer settings to handle larger responses
+    proxy_buffer_size 128k;
+    proxy_buffers 4 256k;
+    proxy_busy_buffers_size 256k;
+    proxy_temp_file_write_size 256k;
+
+    # Keepalive settings
+    keepalive_timeout 65;
+    keepalive_requests 100;
+
+    listen 443 ssl http2;
+    server_name client.portnimara.dev;
+
+    ssl_certificate /etc/letsencrypt/live/client.portnimara.dev/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/client.portnimara.dev/privkey.pem; # managed by Certbot
+
+    # Error pages
+    error_page 502 503 504 /error-502.html;
+    location = /error-502.html {
+        root /etc/nginx/error-pages;
+        internal;
+    }
+
+    # Health check endpoint (bypass upstream for monitoring)
+    location = /api/health {
+        proxy_pass http://port_nimara_backend;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # Short timeout for health checks
+        proxy_connect_timeout 5s;
+        proxy_send_timeout 5s;
+        proxy_read_timeout 5s;
+        
+        # Don't retry health checks
+        proxy_next_upstream off;
+    }
+
+    location / {
+        proxy_pass http://port_nimara_backend;
+        proxy_http_version 1.1;
+        
+        # Headers
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Real-IP $http_cf_connecting_ip;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        
+        # Disable buffering for real-time responses
+        proxy_request_buffering off;
+        proxy_buffering off;
+
+        # Apply timeout settings
+        proxy_connect_timeout 300s;
+        proxy_send_timeout 300s;
+        proxy_read_timeout 300s;
+        
+        # Retry logic for better resilience
+        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+        proxy_next_upstream_tries 3;
+        proxy_next_upstream_timeout 10s;
+        
+        # Add custom header to track retries
+        add_header X-Upstream-Status $upstream_status always;
+    }
+
+    location /api/ {
+        proxy_pass http://port_nimara_backend;
+        proxy_http_version 1.1;
+        
+        # Headers
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # Extended timeouts for API routes (webhooks, IMAP operations)
+        proxy_connect_timeout 600s;
+        proxy_send_timeout 600s;
+        proxy_read_timeout 600s;
+
+        # Disable buffering for API responses
+        proxy_request_buffering off;
+        proxy_buffering off;
+        
+        # Retry logic
+        proxy_next_upstream error timeout http_502 http_503;
+        proxy_next_upstream_tries 2;
+        proxy_next_upstream_timeout 30s;
+    }
+
+    # Special handling for long-running email operations
+    location ~ ^/api/email/(send|fetch-thread|test-connection) {
+        proxy_pass http://port_nimara_backend;
+        proxy_http_version 1.1;
+
+        # Headers
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Extra long timeouts for email operations
+        proxy_connect_timeout 900s;
+        proxy_send_timeout 900s;
+        proxy_read_timeout 900s;
+
+        # Disable buffering
+        proxy_request_buffering off;
+        proxy_buffering off;
+        
+        # No retry for email operations (to avoid duplicates)
+        proxy_next_upstream off;
+    }
+
+    # Special handling for Documenso operations
+    location ~ ^/api/(email/generate-eoi-document|eoi/) {
+        proxy_pass http://port_nimara_backend;
+        proxy_http_version 1.1;
+
+        # Headers
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Extended timeouts for document operations
+        proxy_connect_timeout 300s;
+        proxy_send_timeout 300s;
+        proxy_read_timeout 300s;
+
+        # Enable buffering for large responses
+        proxy_buffering on;
+        proxy_buffer_size 128k;
+        proxy_buffers 8 256k;
+        
+        # Retry logic for Documenso
+        proxy_next_upstream error timeout http_502 http_503;
+        proxy_next_upstream_tries 3;
+        proxy_next_upstream_timeout 20s;
+    }
+
+    location ^~ /.well-known/acme-challenge/ {
+        alias /var/www/html/.well-known/acme-challenge/;
+        default_type "text/plain";
+        allow all;
+    }
+}

nginx/error-pages/error-502.html

@@ -0,0 +1,137 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Port Nimara - Service Temporarily Unavailable</title>
+    <style>
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
+            background-color: #f5f5f5;
+            margin: 0;
+            padding: 0;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            min-height: 100vh;
+        }
+        .error-container {
+            background-color: white;
+            border-radius: 8px;
+            box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+            padding: 40px;
+            max-width: 500px;
+            text-align: center;
+        }
+        .logo {
+            width: 120px;
+            height: 120px;
+            margin: 0 auto 20px;
+            background-color: #387bca;
+            border-radius: 50%;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            color: white;
+            font-size: 48px;
+            font-weight: bold;
+        }
+        h1 {
+            color: #333;
+            font-size: 24px;
+            margin-bottom: 10px;
+        }
+        p {
+            color: #666;
+            line-height: 1.6;
+            margin-bottom: 20px;
+        }
+        .status {
+            background-color: #f0f0f0;
+            border-radius: 4px;
+            padding: 10px;
+            margin: 20px 0;
+            font-size: 14px;
+            color: #666;
+        }
+        .retry-button {
+            background-color: #387bca;
+            color: white;
+            border: none;
+            padding: 12px 24px;
+            border-radius: 4px;
+            font-size: 16px;
+            cursor: pointer;
+            transition: background-color 0.3s;
+        }
+        .retry-button:hover {
+            background-color: #2d6aa8;
+        }
+        .spinner {
+            display: inline-block;
+            width: 20px;
+            height: 20px;
+            border: 3px solid rgba(56, 123, 202, 0.3);
+            border-radius: 50%;
+            border-top-color: #387bca;
+            animation: spin 1s ease-in-out infinite;
+            margin-right: 10px;
+            vertical-align: middle;
+        }
+        @keyframes spin {
+            to { transform: rotate(360deg); }
+        }
+    </style>
+</head>
+<body>
+    <div class="error-container">
+        <div class="logo">PN</div>
+        <h1>Service Temporarily Unavailable</h1>
+        <p>We're sorry, but the Port Nimara Client Portal is temporarily unavailable. This may be due to scheduled maintenance or a temporary issue.</p>
+        
+        <div class="status">
+            <span class="spinner"></span>
+            <span id="status-text">The system is restarting. Please wait...</span>
+        </div>
+        
+        <p>The page will automatically refresh when the service is available.</p>
+        
+        <button class="retry-button" onclick="location.reload()">Retry Now</button>
+    </div>
+
+    <script>
+        // Auto-refresh every 5 seconds
+        let retryCount = 0;
+        const maxRetries = 60; // 5 minutes max
+        
+        function checkHealth() {
+            fetch('/api/health')
+                .then(response => {
+                    if (response.ok) {
+                        // Service is back up, reload the page
+                        location.reload();
+                    } else {
+                        retryCount++;
+                        if (retryCount > maxRetries) {
+                            document.getElementById('status-text').textContent = 'Service is taking longer than expected. Please contact support if the issue persists.';
+                        } else {
+                            document.getElementById('status-text').textContent = `Checking service status... (Attempt ${retryCount})`;
+                        }
+                    }
+                })
+                .catch(() => {
+                    retryCount++;
+                    if (retryCount > maxRetries) {
+                        document.getElementById('status-text').textContent = 'Service is taking longer than expected. Please contact support if the issue persists.';
+                    }
+                });
+        }
+        
+        // Check health every 5 seconds
+        setInterval(checkHealth, 5000);
+        
+        // Initial check after 2 seconds
+        setTimeout(checkHealth, 2000);
+    </script>
+</body>
+</html>

nginx/upstream.conf

@@ -0,0 +1,11 @@
+# Upstream configuration for Port Nimara Client Portal
+upstream port_nimara_backend {
+    # Define multiple backend servers (PM2 cluster instances)
+    server 127.0.0.1:3028 max_fails=2 fail_timeout=30s;
+    
+    # Keepalive connections to backend
+    keepalive 32;
+    
+    # Load balancing method
+    least_conn;
+}