fic/server
Archived
1
0
Fork 0
Code Issues Pull requests 10 Releases Wiki Activity

Add frontend playbook

Browse source
This commit is contained in:
nemunaire 2016-10-13 20:10:29 +02:00
commit 4a625bf3eb
9 changed files with 447 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

179
playbooks/roles/fic-frontend/files/nginx-frontend-pam.conf Normal file
View file

@ -0,0 +1,179 @@
server_tokens off;
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
proxy_connect_timeout 1s;
server {
listen 80 default;
listen [::]:80 default;
root /home/fic/frontend-htdocs/;
error_page 401 /welcome.html;
error_page 403 404 /e404.html;
error_page 413 404 /e413.html;
error_page 500 502 504 /e500.html;
location = / {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
}
location = /index.html {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
}
location ~ ^/[0-9] {
rewrite ^/.*$ /index.html;
}
location /edit {
rewrite ^/.*$ /index.html;
}
location /rank {
rewrite ^/.*$ /index.html;
}
location /files/ {
alias /home/fic/FILES/;
tcp_nodelay on;
}
location /wait.json {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
include /etc/nginx/auth.conf;
root /home/fic/TEAMS/$team/;
expires epoch;
add_header Cache-Control no-cache;
}
location /public.json {
root /home/fic/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /stats.json {
root /home/fic/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /my.json {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
include /etc/nginx/auth.conf;
root /home/fic/TEAMS/$team/;
expires epoch;
add_header Cache-Control no-cache;
if (!-f $document_root/../started) {
rewrite ^/ /wait.json;
}
}
location /teams.json {
root /home/fic/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /themes.json {
root /home/fic/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /api/ {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
if ($remote_user !~ "^nemunaire|bombal_s$") {
return 403;
}
proxy_pass http://localhost:8081/admin/api/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location /admin/ {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
if ($remote_user !~ "^nemunaire|bombal_s$") {
return 403;
}
proxy_pass http://localhost:8081;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location /submit/ {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
include /etc/nginx/auth.conf;
rewrite ^/submit/(.*)$ /submission/$team/$1 break;
proxy_pass http://localhost:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location /submit/name {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
include /etc/nginx/auth.conf;
rewrite ^/submit/.*$ /chname/$team break;
proxy_pass http://localhost:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location /openhint/ {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
include /etc/nginx/auth.conf;
rewrite ^/openhint/(.*)$ /openhint/$team/$1 break;
proxy_pass http://localhost:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location = /time.json {
proxy_pass http://localhost:8080/time.json;
proxy_method GET;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
proxy_cache STATIC;
proxy_cache_valid 1s;
}
location = /events.json {
proxy_pass http://localhost:8081/api/events;
proxy_method GET;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
proxy_cache STATIC;
proxy_cache_valid 3s;
}
}