Mindbody MCP Server

upstream mindbody_mcp_sse { # Load balancing between multiple instances least_conn; server 127.0.0.1:3000 weight=1 max_fails=3 fail_timeout=30s; server 127.0.0.1:3001 weight=1 max_fails=3 fail_timeout=30s backup; # Keep alive connections for better performance keepalive 32; } # Rate limiting zones limit_req_zone $binary_remote_addr zone=mcp_limit:10m rate=10r/s; limit_conn_zone $binary_remote_addr zone=mcp_conn:10m; # HTTP to HTTPS redirect server { listen 80; listen [::]:80; server_name mcp.yourdomain.com; location / { return 301 https://$server_name$request_uri; } } # HTTPS server with SSE support server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name mcp.yourdomain.com; # SSL Configuration ssl_certificate /etc/ssl/certs/mcp.yourdomain.com.crt; ssl_certificate_key /etc/ssl/private/mcp.yourdomain.com.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_stapling on; ssl_stapling_verify on; # Security headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "DENY" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; # Logging access_log /var/log/nginx/mcp-access.log combined; error_log /var/log/nginx/mcp-error.log warn; # SSE endpoint location /sse { # Rate limiting limit_req zone=mcp_limit burst=20 nodelay; limit_conn mcp_conn 10; # Proxy to upstream proxy_pass http://mindbody_mcp_sse/sse; # SSE specific settings proxy_http_version 1.1; proxy_set_header Connection ''; proxy_set_header Cache-Control 'no-cache'; proxy_set_header X-Accel-Buffering 'no'; # Disable buffering for SSE proxy_buffering off; proxy_cache off; # Timeouts for long-lived connections proxy_read_timeout 86400s; proxy_send_timeout 86400s; send_timeout 86400s; # Headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Request-ID $request_id; # CORS headers (if not handled by application) add_header Access-Control-Allow-Origin * always; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always; add_header Access-Control-Allow-Headers 'Content-Type, Authorization, X-Request-ID' always; add_header Access-Control-Max-Age 86400 always; # Handle OPTIONS requests if ($request_method = OPTIONS) { return 204; } } # Health check endpoint location /health { proxy_pass http://mindbody_mcp_sse/health; proxy_http_version 1.1; proxy_set_header Host $host; access_log off; } # Server info endpoint location /info { proxy_pass http://mindbody_mcp_sse/info; proxy_http_version 1.1; proxy_set_header Host $host; } # Metrics endpoint (optional, for monitoring) location /metrics { proxy_pass http://mindbody_mcp_sse/metrics; proxy_http_version 1.1; proxy_set_header Host $host; # Restrict access to monitoring systems allow 10.0.0.0/8; allow 127.0.0.1; deny all; } # Default location location / { return 404; } # Error pages error_page 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }