Skip to main content
Glama
joelmnz

Article Manager MCP Server

by joelmnz
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid
nginx-production.conf8.73 kB
# Production Nginx configuration for MCP Markdown Manager with SSL # This configuration provides: # - SSL/TLS termination with security headers # - HTTP to HTTPS redirect # - Subpath deployment on /articles # - Production-grade security and performance settings # - Rate limiting and access controls events { worker_connections 2048; use epoll; multi_accept on; } http { # Basic settings sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; keepalive_requests 100; types_hash_max_size 2048; server_tokens off; # MIME types include /etc/nginx/mime.types; default_type application/octet-stream; # Logging log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '$request_time $upstream_response_time'; access_log /var/log/nginx/access.log main; error_log /var/log/nginx/error.log warn; # Gzip compression gzip on; gzip_vary on; gzip_min_length 1024; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/atom+xml image/svg+xml; # Rate limiting limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; limit_req_zone $binary_remote_addr zone=general:10m rate=30r/s; # Upstream for MCP Markdown Manager upstream mcp-markdown { server mcp-markdown-manager:5000; keepalive 32; } # HTTP server - redirect to HTTPS server { listen 80; server_name _; # Health check (allow HTTP for monitoring) location /health { proxy_pass http://mcp-markdown/health; access_log off; } # Redirect all other HTTP traffic to HTTPS location / { return 301 https://$host$request_uri; } } # HTTPS server server { listen 443 ssl http2; server_name yourdomain.com; # Replace with your domain # SSL configuration ssl_certificate /etc/nginx/ssl/cert.pem; ssl_certificate_key /etc/nginx/ssl/key.pem; # SSL security settings ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_session_tickets off; # Security headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header X-Frame-Options DENY always; add_header X-Content-Type-Options nosniff always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self';" always; # Health check endpoint (no rate limiting) location /health { proxy_pass http://mcp-markdown/health; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; access_log off; } # MCP Markdown Manager on /articles subpath location /articles/ { # Rate limiting for general access limit_req zone=general burst=50 nodelay; # Remove /articles prefix when forwarding to backend rewrite ^/articles/(.*)$ /$1 break; proxy_pass http://mcp-markdown; # Essential proxy headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Runtime base path configuration proxy_set_header X-Base-Path /articles; # Performance settings proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering on; proxy_buffer_size 4k; proxy_buffers 8 4k; proxy_busy_buffers_size 8k; # Timeouts proxy_connect_timeout 30s; proxy_send_timeout 60s; proxy_read_timeout 60s; # WebSocket support proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # API endpoints with stricter rate limiting location /articles/api/ { # Stricter rate limiting for API limit_req zone=api burst=20 nodelay; rewrite ^/articles/(.*)$ /$1 break; proxy_pass http://mcp-markdown; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Base-Path /articles; # API-specific settings proxy_http_version 1.1; proxy_set_header Connection ""; proxy_connect_timeout 10s; proxy_send_timeout 30s; proxy_read_timeout 30s; } # MCP endpoints with authentication rate limiting location /articles/mcp { # Even stricter rate limiting for MCP limit_req zone=api burst=10 nodelay; rewrite ^/articles/(.*)$ /$1 break; proxy_pass http://mcp-markdown; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Base-Path /articles; # MCP-specific settings proxy_http_version 1.1; proxy_set_header Connection ""; proxy_connect_timeout 10s; proxy_send_timeout 3600s; proxy_read_timeout 3600s; # SSE/event-stream friendliness proxy_buffering off; proxy_cache off; # Request size cap (adjust if your MCP clients need more) client_max_body_size 2m; } # Handle exact /articles redirect to /articles/ location = /articles { return 301 /articles/; } # Static assets caching (if serving directly through nginx) location ~* /articles/.*\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { rewrite ^/articles/(.*)$ /$1 break; proxy_pass http://mcp-markdown; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Long-term caching for static assets expires 1y; add_header Cache-Control "public, immutable"; add_header Vary "Accept-Encoding"; # Remove security headers for assets (optional) add_header X-Frame-Options ""; add_header X-Content-Type-Options ""; } # Default location location / { return 200 'Production server running. MCP Markdown Manager available at /articles/'; add_header Content-Type text/plain; } # Optional: IP-based access control # Uncomment and modify for restricted access # location /articles/admin/ { # allow 192.168.1.0/24; # allow 10.0.0.0/8; # deny all; # # rewrite ^/articles/(.*)$ /$1 break; # proxy_pass http://mcp-markdown; # # ... other proxy settings # } } } </content>

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/joelmnz/mcp-markdown-manager'

If you have feedback or need assistance with the MCP directory API, please join our Discord server