VRE Backend API and Scheduler
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

136 lines
5.0 KiB

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80;
listen [::]:80;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
# Get the real IP from the visitor through loadbalancers
# https://hub.docker.com/_/nginx/ -> Using environment variables in nginx configuration (new in 1.19)
${NGINX_REAL_IP_LIST}
root /var/www/html;
gzip off;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
# Kubernetes DNS resolv info....
# https://www.nginx.com/blog/dns-service-discovery-nginx-plus/ -> 'Setting the Domain Name in a Variable'
# https://developpaper.com/nginx-dynamic-resolve-upstream-servers/
# https://hub.docker.com/_/nginx/ -> Using environment variables in nginx configuration (new in 1.19)
resolver ${NGINX_RESOLVER} valid=30s;
access_log /var/log/nginx/vre-api.access.log;
error_log /var/log/nginx/vre-api.error.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
# HAWK authentication will fail if the proto is not https. For now, we do not use it activly, and therefore, we use the Ingress value
proxy_set_header X-Forwarded-Proto https;
set $frontend_app ${NGINX_FRONT_END_UPSTREAM};
proxy_pass http://$frontend_app:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
access_log /var/log/nginx/vre-frontend.access.log;
error_log /var/log/nginx/vre-frontend.error.log;
}
location /static {
alias /var/www/staticfiles;
}
location /media {
alias /var/www/mediafiles;
}
# Only allow /api/ and /auth/ calls to this server
location ~* ^/(api|auth|oidc) {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
# HAWK authentication will fail if the proto is not https. For now, we do not use it activly, and therefore, we use the Ingress value
proxy_set_header X-Forwarded-Proto https;
set $django_app ${NGINX_API_BROKER_UPSTREAM};
proxy_pass http://$django_app:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# Only allow admin calls from certain ips
location /admin {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
# Here you can specify the secret file in Kubernetes where the valid IP ranges are stored
# https://hub.docker.com/_/nginx/ -> Using environment variables in nginx configuration (new in 1.19)
${NGINX_VALID_ADMIN_IP_LIST}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
# HAWK authentication will fail if the proto is not https. For now, we do not use it activly, and therefore, we use the Ingress value
proxy_set_header X-Forwarded-Proto https;
set $django_app ${NGINX_API_BROKER_UPSTREAM};
proxy_pass http://$django_app:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}