server {
listen 80;
listen [::]:80;
server_name mcp.svsfinpro.ru;
# Redirect HTTP to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 8443 ssl http2;
listen [::]:8443 ssl http2;
server_name mcp.svsfinpro.ru;
# SSL configuration (managed by certbot)
ssl_certificate /etc/letsencrypt/live/mcp.svsfinpro.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mcp.svsfinpro.ru/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# ITS 1C MCP Server - OAuth endpoint
location /its/oauth {
proxy_pass http://localhost:8080/oauth;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_read_timeout 300s;
}
# ITS 1C MCP Server - Health check
location /its/health {
proxy_pass http://localhost:8080/health;
proxy_http_version 1.1;
proxy_set_header Host $host;
access_log off;
}
# MCP Streamable HTTP endpoint (new - port 8081)
location /mcp {
proxy_pass http://localhost:8081/mcp;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept "application/json, text/event-stream";
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 300s;
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept" always;
}
# MCP Streamable HTTP endpoint (old - port 3005, /news prefix)
location /news/ {
rewrite ^/news/(.*)$ /$1 break;
proxy_pass http://localhost:3005;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Cache-Control, Accept" always;
if ($request_method = OPTIONS) {
return 204;
}
}
# ==========================================================================
# Email MCP Server - Streamable HTTP (Protocol 2025-03-26)
# ==========================================================================
location /email/ {
rewrite ^/email/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3008;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Mcp-Session-Id $http_mcp_session_id;
proxy_pass_header Mcp-Session-Id;
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 300s;
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Mcp-Session-Id" always;
add_header Access-Control-Expose-Headers "Mcp-Session-Id" always;
}
# ==========================================================================
# Bitrix24 MCP Server - Streamable HTTP (Protocol 2025-03-26)
# ==========================================================================
location /bitrix/ {
rewrite ^/bitrix/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3009;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Mcp-Session-Id $http_mcp_session_id;
proxy_pass_header Mcp-Session-Id;
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 300s;
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Mcp-Session-Id" always;
add_header Access-Control-Expose-Headers "Mcp-Session-Id" always;
}
location = /bitrix/health {
proxy_pass http://127.0.0.1:3009/health;
proxy_http_version 1.1;
proxy_set_header Host $host;
access_log off;
}
location = /email/health {
proxy_pass http://127.0.0.1:3008/health;
proxy_http_version 1.1;
proxy_set_header Host $host;
access_log off;
}
# ==========================================================================
# ClaudeCron MCP Server - Streamable HTTP (Protocol 2025-11-25)
# ==========================================================================
location /cron/ {
rewrite ^/cron/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3010;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Mcp-Session-Id $http_mcp_session_id;
proxy_pass_header Mcp-Session-Id;
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 300s;
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization, Mcp-Session-Id" always;
add_header Access-Control-Expose-Headers "Mcp-Session-Id" always;
}
location = /cron/health {
proxy_pass http://127.0.0.1:3010/health;
proxy_http_version 1.1;
proxy_set_header Host $host;
access_log off;
}
# Health check endpoint
location /health {
access_log off;
return 200 "OK\n";
add_header Content-Type text/plain;
}
}
