configs: Rework nginx configs
This commit is contained in:
parent
a0a1a717ee
commit
fb53c9a4f1
|
@ -21,7 +21,8 @@ EXPOSE 80
|
|||
|
||||
COPY configs/nginx-chbase.sh /docker-entrypoint.d/40-update-baseurl.sh
|
||||
|
||||
COPY configs/fic-auth-docker.conf /etc/nginx/fic-auth.conf
|
||||
COPY configs/nginx-docker.conf /etc/nginx/templates/default.conf.template
|
||||
COPY configs/nginx/get-team/upstream.conf /etc/nginx/fic-get-team.conf
|
||||
COPY configs/nginx/auth/none.conf /etc/nginx/fic-auth.conf
|
||||
COPY configs/nginx/base/docker.conf /etc/nginx/templates/default.conf.template
|
||||
|
||||
COPY --from=nodebuild /ui/build/ /srv/htdocs-frontend
|
||||
|
|
|
@ -1,240 +0,0 @@
|
|||
server_tokens off;
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
|
||||
proxy_connect_timeout 1s;
|
||||
|
||||
server {
|
||||
listen 80 default;
|
||||
listen [::]:80 default;
|
||||
|
||||
root /srv/htdocs-frontend/;
|
||||
|
||||
error_page 401 /welcome.html;
|
||||
error_page 403 404 /e404.html;
|
||||
error_page 413 404 /e413.html;
|
||||
error_page 500 502 504 /e500.html;
|
||||
|
||||
location = / {
|
||||
#auth_basic "Secure Zone";
|
||||
#auth_basic_user_file ficpasswd;
|
||||
}
|
||||
location = /index.html {
|
||||
#auth_basic "Secure Zone";
|
||||
#auth_basic_user_file ficpasswd;
|
||||
}
|
||||
|
||||
location = /welcome.html {
|
||||
internal;
|
||||
if ($http_accept ~ "^application/json") {
|
||||
rewrite ^/(.*).html$ /$1.json;
|
||||
}
|
||||
}
|
||||
location = /e404.html {
|
||||
internal;
|
||||
if ($http_accept ~ "^application/json") {
|
||||
rewrite ^/(.*).html$ /$1.json;
|
||||
}
|
||||
}
|
||||
location = /e413.html {
|
||||
internal;
|
||||
if ($http_accept ~ "^application/json") {
|
||||
rewrite ^/(.*).html$ /$1.json;
|
||||
}
|
||||
}
|
||||
location = /e500.html {
|
||||
internal;
|
||||
if ($http_accept ~ "^application/json") {
|
||||
rewrite ^/(.*).html$ /$1.json;
|
||||
}
|
||||
}
|
||||
|
||||
location /edit {
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /rank {
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /rules {
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /tags/ {
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /register {
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location ~ ^/[A-Z] {
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
|
||||
location /files/ {
|
||||
alias /srv/FILES/;
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
location /wait.json {
|
||||
#auth_basic "Secure Zone";
|
||||
#auth_basic_user_file ficpasswd;
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
root /srv/TEAMS/$team/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /stats.json {
|
||||
root /srv/TEAMS/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /my.json {
|
||||
#auth_basic "Secure Zone";
|
||||
#auth_basic_user_file ficpasswd;
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
root /srv/TEAMS/$team/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
|
||||
if (!-f $document_root/../../startingblock/started) {
|
||||
rewrite ^/ /wait.json;
|
||||
}
|
||||
}
|
||||
location /settings.json {
|
||||
root /srv/SETTINGS/;
|
||||
expires epoch;
|
||||
add_header X-FIC-time $msec;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /teams.json {
|
||||
root /srv/TEAMS/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /themes.json {
|
||||
root /srv/TEAMS/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
|
||||
location /dashboard/ {
|
||||
#auth_basic "Secure Zone";
|
||||
#auth_basic_user_file ficpasswd;
|
||||
|
||||
#if ($remote_user !~ "^nemunaire|bombal_s$") {
|
||||
# return 403;
|
||||
#}
|
||||
|
||||
proxy_pass http://fic-dashboard:8082;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
#auth_basic "Secure Zone";
|
||||
#auth_basic_user_file ficpasswd;
|
||||
|
||||
#if ($remote_user !~ "^nemunaire|bombal_s$") {
|
||||
# return 403;
|
||||
#}
|
||||
|
||||
proxy_pass http://fic-admin:8081/admin/api/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /admin/ {
|
||||
#auth_basic "Secure Zone";
|
||||
#auth_basic_user_file ficpasswd;
|
||||
|
||||
#if ($remote_user !~ "^nemunaire|bombal_s$") {
|
||||
# return 403;
|
||||
#}
|
||||
|
||||
proxy_pass http://fic-admin:8081;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /submit/ {
|
||||
#auth_basic "Secure Zone";
|
||||
#auth_basic_user_file ficpasswd;
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
rewrite ^/submit/(.*)$ /submission/$team/$1 break;
|
||||
|
||||
proxy_pass http://fic-frontend:8080/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /submit/name {
|
||||
#auth_basic "Secure Zone";
|
||||
#auth_basic_user_file ficpasswd;
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
rewrite ^/submit/.*$ /chname/$team break;
|
||||
|
||||
proxy_pass http://fic-frontend:8080/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /qa/ {
|
||||
proxy_pass http://fic-qa:8083;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /registration {
|
||||
#auth_basic "Secure Zone";
|
||||
#auth_basic_user_file ficpasswd;
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
rewrite ^/registration /registration/$team break;
|
||||
|
||||
proxy_pass http://fic-frontend:8080;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /openhint/ {
|
||||
#auth_basic "Secure Zone";
|
||||
#auth_basic_user_file ficpasswd;
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
rewrite ^/openhint/(.*)$ /openhint/$team/$1 break;
|
||||
|
||||
proxy_pass http://fic-frontend:8080/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /wantchoices/ {
|
||||
#auth_basic "Secure Zone";
|
||||
#auth_basic_user_file ficpasswd;
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
rewrite ^/wantchoices/(.*)$ /wantchoices/$team/$1 break;
|
||||
|
||||
proxy_pass http://fic-frontend:8080/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location = /events.json {
|
||||
proxy_pass http://fic-admin:8081/api/events/;
|
||||
proxy_method GET;
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_redirect off;
|
||||
proxy_cache STATIC;
|
||||
proxy_cache_valid 3s;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
ssl_client_certificate /srv/PKI/shared/ca.pem;
|
||||
ssl_trusted_certificate /srv/PKI/shared/ca.pem;
|
||||
ssl_verify_client optional;
|
|
@ -6,6 +6,8 @@ server {
|
|||
listen 80 default;
|
||||
listen [::]:80 default;
|
||||
|
||||
include fic-auth.conf;
|
||||
|
||||
root ${PATH_STATIC};
|
||||
|
||||
error_page 401 /welcome.html;
|
||||
|
@ -27,10 +29,10 @@ server {
|
|||
add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'";
|
||||
|
||||
location = / {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
}
|
||||
location = /index.html {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
}
|
||||
location = /welcome.html {
|
||||
internal;
|
||||
|
@ -62,38 +64,38 @@ server {
|
|||
}
|
||||
|
||||
location ~ ^/[A-Z] {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
|
||||
location /edit {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /issues {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /rank {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /tags/ {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /register {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /rules {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
|
@ -105,7 +107,7 @@ server {
|
|||
}
|
||||
|
||||
location /wait.json {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
root ${PATH_TEAMS}/$team/;
|
||||
expires epoch;
|
||||
|
@ -117,7 +119,7 @@ server {
|
|||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /my.json {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
root ${PATH_TEAMS}/$team/;
|
||||
expires epoch;
|
||||
|
@ -128,7 +130,7 @@ server {
|
|||
}
|
||||
}
|
||||
location /issues.json {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
root ${PATH_TEAMS}/$team/;
|
||||
expires epoch;
|
||||
|
@ -152,7 +154,7 @@ server {
|
|||
}
|
||||
|
||||
location /submit/ {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://${HOST_FRONTEND}/submission/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -160,7 +162,7 @@ server {
|
|||
proxy_redirect off;
|
||||
}
|
||||
location /issue {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://${HOST_FRONTEND};
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -168,7 +170,7 @@ server {
|
|||
proxy_redirect off;
|
||||
}
|
||||
location /chname {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://${HOST_FRONTEND};
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -176,7 +178,7 @@ server {
|
|||
proxy_redirect off;
|
||||
}
|
||||
location /registration {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://${HOST_FRONTEND};
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -184,7 +186,7 @@ server {
|
|||
proxy_redirect off;
|
||||
}
|
||||
location /openhint/ {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://${HOST_FRONTEND};
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -192,7 +194,7 @@ server {
|
|||
proxy_redirect off;
|
||||
}
|
||||
location /wantchoices/ {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://${HOST_FRONTEND};
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -201,7 +203,7 @@ server {
|
|||
}
|
||||
|
||||
location /api/ {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://${HOST_ADMIN}${FIC_BASEURL}admin/api/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -216,7 +218,7 @@ server {
|
|||
}
|
||||
|
||||
location ${FIC_BASEURL}qa/ {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://${HOST_QA};
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -225,7 +227,7 @@ server {
|
|||
}
|
||||
|
||||
location ${FIC_BASEURL}dashboard/ {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://${HOST_DASHBOARD};
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
@ -19,9 +19,7 @@ server {
|
|||
ssl_certificate /etc/nginx/ssl/fullchain.pem;
|
||||
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
|
||||
|
||||
ssl_client_certificate /srv/PKI/shared/ca.pem;
|
||||
ssl_trusted_certificate /srv/PKI/shared/ca.pem;
|
||||
ssl_verify_client optional;
|
||||
include fic-auth.conf;
|
||||
|
||||
root /srv/htdocs-frontend/;
|
||||
|
||||
|
@ -39,10 +37,10 @@ server {
|
|||
add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'";
|
||||
|
||||
location = / {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
}
|
||||
location = /index.html {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
}
|
||||
location = /welcome.html {
|
||||
internal;
|
||||
|
@ -70,38 +68,38 @@ server {
|
|||
}
|
||||
|
||||
location ~ ^/[A-Z] {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
|
||||
location /edit {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /issues {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /rank {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /tags/ {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /register {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /rules {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
|
@ -113,7 +111,7 @@ server {
|
|||
}
|
||||
|
||||
location /wait.json {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
root /srv/TEAMS/$team/;
|
||||
expires epoch;
|
||||
|
@ -125,7 +123,7 @@ server {
|
|||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /my.json {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
root /srv/TEAMS/$team/;
|
||||
expires epoch;
|
||||
|
@ -136,7 +134,7 @@ server {
|
|||
}
|
||||
}
|
||||
location /issues.json {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
root /srv/TEAMS/$team/;
|
||||
expires epoch;
|
||||
|
@ -165,7 +163,7 @@ server {
|
|||
}
|
||||
|
||||
location /submit/ {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://frontend:8080/submission/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -173,7 +171,7 @@ server {
|
|||
proxy_redirect off;
|
||||
}
|
||||
location /issue {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://frontend:8080;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -181,7 +179,7 @@ server {
|
|||
proxy_redirect off;
|
||||
}
|
||||
location /chname {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://frontend:8080;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -189,7 +187,7 @@ server {
|
|||
proxy_redirect off;
|
||||
}
|
||||
location /registration {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://frontend:8080;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -197,7 +195,7 @@ server {
|
|||
proxy_redirect off;
|
||||
}
|
||||
location /openhint/ {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://frontend:8080;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
@ -205,7 +203,7 @@ server {
|
|||
proxy_redirect off;
|
||||
}
|
||||
location /wantchoices/ {
|
||||
include fic-auth.conf;
|
||||
include fic-get-team.conf;
|
||||
|
||||
proxy_pass http://frontend:8080;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
@ -142,6 +142,7 @@ services:
|
|||
- /etc/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf:ro
|
||||
- /etc/nginx/ssl/:/etc/nginx/ssl/:ro
|
||||
- /etc/nginx/fic-auth.conf:/etc/nginx/fic-auth.conf:ro
|
||||
- /etc/nginx/fic-get-team.conf:/etc/nginx/fic-get-team.conf:ro
|
||||
- /www/htdocs-frontend:/srv/htdocs-frontend:ro
|
||||
- /var/lib/fic/files:/srv/FILES:ro
|
||||
- /var/lib/fic/pki:/srv/PKI:ro
|
||||
|
@ -255,10 +256,13 @@ files:
|
|||
source: configs/dhcpd.conf
|
||||
mode: "0400"
|
||||
- path: etc/nginx/conf.d/default.conf
|
||||
source: configs/nginx-prod.conf
|
||||
source: configs/nginx/base/prod.conf
|
||||
mode: "0400"
|
||||
- path: etc/nginx/fic-auth.conf
|
||||
source: configs/fic-auth.conf
|
||||
source: configs/nginx/auth/oidc.conf
|
||||
mode: "0400"
|
||||
- path: etc/nginx/fic-get-team.conf
|
||||
source: configs/nginx/get-team/oidc.conf
|
||||
mode: "0400"
|
||||
|
||||
- path: www/htdocs-frontend
|
||||
|
|
Loading…
Reference in New Issue