Merge branch 'main' into feature/rkatakol/ibvs_reverse_proxy

Author: rohitkatakol

manufacturing-ai-suite/industrial-edge-insights-vision/.gitignore

@@ -3,4 +3,5 @@ resources/
 *.xml
 *.avi
 *.mp4
-*.h264
+*.h264
+apps/*/configs/nginx/ssl/

manufacturing-ai-suite/industrial-edge-insights-vision/README.md

@@ -20,7 +20,7 @@ It consists of the following microservices:
 
 
 <div style="text-align: center;">
-    <img src=defect-detection-arch-diagram.png width=800>
+    <img src=industrial-edge-insights-vision-architecture.drawio.svg width=800>
 </div>
 
 ### Directory structure

manufacturing-ai-suite/industrial-edge-insights-vision/apps/pallet-defect-detection/configs/mosquitto.conf

@@ -1,2 +1,3 @@
 allow_anonymous true
 listener 1883
+

manufacturing-ai-suite/industrial-edge-insights-vision/apps/pallet-defect-detection/configs/nginx/nginx.conf

@@ -0,0 +1,237 @@
+events {
+    worker_connections 1024;
+}
+
+# MQTT TCP proxy
+stream {
+    upstream mqtt_tcp {
+        server mqtt-broker:1883;
+    }
+
+    server {
+        listen 1883; # Nginx listens on 1883 for TCP MQTT
+        proxy_pass mqtt_tcp;
+    }
+}
+
+http {
+    upstream dlstreamer {
+        server dlstreamer-pipeline-server:8080;
+    }
+
+    upstream prometheus {
+        server prometheus:9090;
+    }
+
+    upstream mediamtx {
+        server mediamtx-server:8889;
+    }
+
+    upstream mediamtx-webrtc {
+        server mediamtx-server:8189;
+    }
+
+    upstream model_registry {
+        server model_registry:8111;
+    }
+
+    upstream minio {
+        server mraas-minio:8000;
+    }
+    
+    upstream otel_collector_grpc {
+        server otel-collector:4317;
+    }
+
+    upstream otel_collector_http {
+        server otel-collector:4318;
+    }
+
+    # HTTP server - redirect to HTTPS
+    server {
+        listen 80;
+        return 301 https://$host$request_uri;
+    }
+
+    # HTTPS server
+    server {
+        listen 443 ssl;
+        server_name localhost;
+
+        client_max_body_size 500M;
+
+        # SSL configuration
+        ssl_certificate /etc/nginx/ssl/server.crt;
+        ssl_certificate_key /etc/nginx/ssl/server.key;
+        
+        # SSL security settings
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers HIGH:!aNULL:!MD5;
+        ssl_prefer_server_ciphers on;
+        
+        # Security headers
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+        add_header X-Content-Type-Options nosniff;
+        add_header X-Frame-Options SAMEORIGIN;
+        add_header X-XSS-Protection "1; mode=block";
+
+        # DL Streamer Pipeline Server
+        location /api/ {
+            proxy_pass http://dlstreamer/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # Prometheus
+        location /prometheus/ {
+            proxy_pass http://prometheus;   # upstream already has port
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # Model Registry
+        location /registry/ {
+            proxy_pass http://model_registry/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # MinIO
+        location /minio/ {
+            proxy_pass http://minio/minio/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Allow CORS for MinIO UI
+            add_header Access-Control-Allow-Origin *;
+            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
+            add_header Access-Control-Allow-Headers "Authorization, Content-Type";
+
+            # Handle preflight requests
+            if ($request_method = OPTIONS) {
+                return 204;
+            }
+        }
+
+        # OTEL Collector HTTP
+        location /otel-http/ {
+            proxy_pass http://otel_collector_http/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # OTEL Collector gRPC
+        location /otel-grpc/ {
+            grpc_pass grpc://otel_collector_grpc;
+        }
+
+        # MediaMTX streams with dynamic paths
+        location /mediamtx/ {
+            proxy_pass http://mediamtx/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            
+            # WebSocket support for WebRTC
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+        }
+
+        # MediaMTX WebRTC endpoint (port 8189)
+        location /webrtc/ {
+            proxy_pass http://mediamtx-webrtc/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            
+            # WebSocket support for WebRTC
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+        }
+
+        # MediaMTX stream paths and WHEP/WHIP endpoints
+        location ~ ^/([^/]+)/(whep|whip)(/.*)?$ {
+            proxy_pass http://mediamtx/$1/$2$3;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            
+            # WebSocket support for WebRTC
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            
+            # CORS headers for WebRTC
+            add_header Access-Control-Allow-Origin *;
+            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
+            add_header Access-Control-Allow-Headers "Content-Type, Authorization";
+            
+            # Handle preflight requests
+            if ($request_method = OPTIONS) {
+                add_header Access-Control-Allow-Origin *;
+                add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
+                add_header Access-Control-Allow-Headers "Content-Type, Authorization";
+                return 204;
+            }
+        }
+
+        # Default landing page
+        location / {
+            return 200 '<!DOCTYPE html>
+<html>
+<head>
+    <title>Manufacturing Vision AI Application</title>
+    <style>
+        body { font-family: Arial, sans-serif; margin: 40px; }
+        .service { margin: 20px 0; padding: 15px; border: 1px solid #ddd; border-radius: 5px; }
+        a { color: #0066cc; text-decoration: none; }
+        a:hover { text-decoration: underline; }
+    </style>
+</head>
+<body>
+    <h1>Manufacturing Vision AI Application</h1>
+    <p>External facing services:</p>
+    <div class="service">
+        <h3><a href="/api/pipelines">DL Streamer Pipeline Server API</a></h3>
+        <p>DL Streamer Pipeline Server pipelines</p>
+    </div>
+    <div class="service">
+        <h3><a href="/prometheus/">Prometheus</a></h3>
+        <p>Metrics monitoring and scraping</p>
+    </div>
+    <div class="service">
+        <h3><a href="/registry/models">Model Registry</a></h3>
+        <p>Manage and version AI models</p>
+    </div>
+    <div class="service">
+        <h3><a href="/minio/">MinIO</a></h3>
+        <p>Object storage (S3-compatible)</p>
+    </div>
+</body>
+</html>';
+            add_header Content-Type text/html;
+        }
+
+        # Health check endpoint
+        location /health {
+            access_log off;
+            return 200 "healthy\n";
+            add_header Content-Type text/plain;
+        }
+    }
+}

manufacturing-ai-suite/industrial-edge-insights-vision/apps/pallet-defect-detection/docs/user-guide/Overview.md

@@ -12,7 +12,7 @@ This sample application consists of the following microservices: DL Streamer Pip
 
 You start the pallet defect detection pipeline with a REST request using Client URL (cURL). The REST request will return a pipeline instance ID. DL Streamer Pipeline Server then sends the images with overlaid bounding boxes through webrtc protocol to webrtc browser client. This is done via the MediaMTX server used for signaling. Coturn server is used to facilitate NAT traversal and ensure that the webrtc stream is accessible on a non-native browser client and helps in cases where firewall is enabled. DL Streamer Pipeline Server also sends the images to S3 compliant storage. The Open Telemetry Data exported by DL Streamer Pipeline Server to Open Telemetry Collector is scraped by Prometheus and can be seen on Prometheus UI. Any desired AI model from the Model Registry Microservice (which can interact with Postgres, Minio and Geti Server for getting the model) can be pulled into DL Streamer Pipeline Server and used for inference in the sample application.
 
-![Architecture and high-level representation of the flow of data through the architecture](./images/defect-detection-arch-diagram.png)
+![Architecture and high-level representation of the flow of data through the architecture](./images/industrial-edge-insights-vision-architecture.drawio.svg)
 
 Figure 1: Architecture diagram
 

manufacturing-ai-suite/industrial-edge-insights-vision/apps/pallet-defect-detection/docs/user-guide/get-started.md

@@ -29,6 +29,11 @@ If not, follow the [installation guide for docker engine](https://docs.docker.co
     ```bash
     HOST_IP=<HOST_IP>   # IP address of server where DLStreamer Pipeline Server is running.
 
+    MR_PSQL_PASSWORD=  #PostgreSQL service & client adapter e.g. intel1234
+
+    MR_MINIO_ACCESS_KEY=   # MinIO service & client access key e.g. intel1234
+    MR_MINIO_SECRET_KEY=   # MinIO service & client secret key e.g. intel1234
+
     MTX_WEBRTCICESERVERS2_0_USERNAME=<username>  # WebRTC credentials e.g. intel1234
     MTX_WEBRTCICESERVERS2_0_PASSWORD=<password>
 
@@ -120,11 +125,11 @@ If not, follow the [installation guide for docker engine](https://docs.docker.co
     Extracting payload for pipeline: pallet_defect_detection
     Found 1 payload(s) for pipeline: pallet_defect_detection
     Payload for pipeline 'pallet_defect_detection' {"source":{"uri":"file:///home/pipeline-server/resources/videos/warehouse.avi","type":"uri"},"destination":{"frame":{"type":"webrtc","peer-id":"pdd"}},"parameters":{"detection-properties":{"model":"/home/pipeline-server/resources/models/pallet-defect-detection/model.xml","device":"CPU"}}}
-    Posting payload to REST server at http://<HOST_IP>:8080/pipelines/user_defined_pipelines/pallet_defect_detection
+    Posting payload to REST server at https://<HOST_IP>/api/pipelines/user_defined_pipelines/pallet_defect_detection
     Payload for pipeline 'pallet_defect_detection' posted successfully. Response: "4b36b3ce52ad11f0ad60863f511204e2"
     ```
 
-    > **NOTE:** This will start the pipeline. To view the inference stream on WebRTC, open a browser and navigate to http://<HOST_IP>:8889/pdd/ for Pallet Defect Detection
+    > **NOTE:** This will start the pipeline. To view the inference stream on WebRTC, open a browser and navigate to https://<HOST_IP>/mediamtx/pdd/ for Pallet Defect Detection
 
 8.  Get the status of running pipeline instance(s):
 

manufacturing-ai-suite/industrial-edge-insights-vision/apps/pallet-defect-detection/docs/user-guide/how-to-change-input-video-source.md

@@ -2,7 +2,7 @@
 
 Typically, a pipeline is started with a cURL request with JSON payload containing source, destination and parameters. For example, the following cURL request start an AI pipeline on a file inferencing on pallet defect detection model.
 
-         curl http://<HOST_IP>:8080/pipelines/user_defined_pipelines/<pipeline_name> -X POST -H 'Content-Type: application/json' -d '{
+         curl -k https://<HOST_IP>/api/pipelines/user_defined_pipelines/<pipeline_name> -X POST -H 'Content-Type: application/json' -d '{
             "source": {
                "uri": "file:///home/pipeline-server/resources/videos/warehouse.avi",
                "type": "uri"

manufacturing-ai-suite/industrial-edge-insights-vision/apps/pallet-defect-detection/docs/user-guide/how-to-enable-mlops.md

@@ -84,7 +84,7 @@ With this feature, during runtime, you can download a new model from the registr
 
 2.  Run the following curl command to upload the local model. 
     ```sh
-    curl -L -X POST "http://<HOST_IP>:32002/models" \
+    curl -k -L -X POST "https://<HOST_IP>/registry/models" \
     -H 'Content-Type: multipart/form-data' \
     -F 'name="YOLO_Test_Model"' \
     -F 'precision="fp32"' \
@@ -100,27 +100,26 @@ With this feature, during runtime, you can download a new model from the registr
 3. Check if the model is uploaded successfully.
 
     ```sh
-    curl 'http://<HOST_IP>:32002/models'
+    curl -k 'https://<HOST_IP>/registry/models'
     ```
 
 ### Steps to use the new model
 
 1. List all the registered models in the model registry
     ```sh
-    curl 'http://<HOST_IP>:32002/models'
+    curl -k 'https://<HOST_IP>/registry/models'
     ```
     If you do not have a model available, follow the steps [here](#upload-a-model-to-model-registry) to upload a sample model in Model Registry
 
 2. Check the instance ID of the currently running pipeline to use it for the next step.
    ```sh
-   curl --location -X GET http://<HOST_IP>:8080/pipelines/status
+   curl -k --location -X GET https://<HOST_IP>/api/pipelines/status
    ```
-   > NOTE- Replace the port in the curl request according to the deployment method i.e. default 8080 for compose based.
 
 3. Restart the model with a new model from Model Registry.
     The following curl command downloads the model from Model Registry using the specs provided in the payload. Upon download, the running pipeline is restarted with replacing the older model with this new model. Replace the `<instance_id_of_currently_running_pipeline>` in the URL below with the id of the pipeline instance currently running.
     ```sh
-    curl 'http://<HOST_IP>:8080/pipelines/user_defined_pipelines/pallet_defect_detection_mlops/{instance_id_of_currently_running_pipeline}/models' \
+    curl -k 'https://<HOST_IP>/api/pipelines/user_defined_pipelines/pallet_defect_detection_mlops/{instance_id_of_currently_running_pipeline}/models' \
     --header 'Content-Type: application/json' \
     --data '{
     "project_name": "pallet-defect-detection",
@@ -143,5 +142,5 @@ With this feature, during runtime, you can download a new model from the registr
 
 5. You can also stop any running pipeline by using the pipeline instance "id"
    ```sh
-   curl --location -X DELETE http://<HOST_IP>:8080/pipelines/{instance_id}
+   curl -k --location -X DELETE https://<HOST_IP>/api/pipelines/{instance_id}
    ```

manufacturing-ai-suite/industrial-edge-insights-vision/apps/pallet-defect-detection/docs/user-guide/how-to-manage-pipelines.md

@@ -4,7 +4,7 @@ This section describes how to create custom AI pipelines for the sample applicat
 
 ## Create Pipelines
 
-The AI pipelines are defined by the `pipeline-server-config.json` file present under the configs subdirectory of a particular application directory (for docker compose deployment) and similary inside the helm directory (for helm based deployment. Please also note that the port in the cURL/REST requests needs to be changed from 8080 to 30107 for helm based deployment).
+The AI pipelines are defined by the `pipeline-server-config.json` file present under the configs subdirectory of a particular application directory (for docker compose deployment) and similary inside the helm directory (for helm based deployment).
 
 The following is an example of the pallet defect detection pipeline, which is included in the `pipeline-server-config.json` file.
 ```sh
@@ -55,7 +55,7 @@ Follow this procedure to start the pipeline.
 
       In this example, a pipeline included in this sample application is `pallet_defect_detection`. Start this pipeline with the following cURL command.
 
-            curl http://<HOST_IP>:8080/pipelines/user_defined_pipelines/pallet_defect_detection -X POST -H 'Content-Type: application/json' -d '{
+            curl -k https://<HOST_IP>/api/pipelines/user_defined_pipelines/pallet_defect_detection -X POST -H 'Content-Type: application/json' -d '{
                 "source": {
                     "uri": "file:///home/pipeline-server/resources/videos/warehouse.avi",
                     "type": "uri"
@@ -83,15 +83,15 @@ Request the pipeline statistics with this cURL command.
 
 Replace `HOST_IP` with the IP address of your system.
 
-         curl --location -X GET http://<HOST_IP>:8080/pipelines/status
+         curl -k --location -X GET https://<HOST_IP>/api/pipelines/status
 
 ## Stop the Pipeline
 
 Stop the pipeline with the following cURL command.
 
 Replace `HOST_IP` with the IP address of your system and `instance_id` with the instance ID (without quotes) of the running pipeline.
 
-         curl --location -X DELETE http://<HOST_IP>:8080/pipelines/{instance_id}
+         curl -k --location -X DELETE https://<HOST_IP>/api/pipelines/{instance_id}
 
 > **Note**
 > The instance ID is shown in the Terminal when the [pipeline was started](#start-the-pipeline) or when [pipeline statistics were requested](#get-statistics-of-the-running-pipelines).