diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml
index 0f7f0dcc168f43eb11525d24104945c0eeec18cb..74df84ab6689d25bd046f622727b833c75707e06 100644
--- a/kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml
+++ b/kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml
@@ -19,26 +19,4 @@ data:
nginx.conf: |
{{ .Values.nginxconfig | indent 4 }}
----
-{{- if .Values.merge_domain_status }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: keycloak-conf
- namespace: {{ .Values.namespace }}
-data:
- keycloak.conf: |
-{{ .Values.keycloakconf | indent 4 }}
-{{- end }}
----
-{{- if .Values.apple_universal_links }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: apple-universal-links
- namespace: {{ .Values.namespace }}
-data:
- apple-app-site-association.json: |
-{{ .Values.apple_universal_links | indent 4 }}
-{{- end }}
\ No newline at end of file
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml
index 01bfd608d4040ea19ef57c28bab0ec56ddf8e5e5..9efb6dff9f060837c4ec37f0e2e13b18d6d17dbf 100644
--- a/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml
+++ b/kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml
@@ -34,12 +34,7 @@ spec:
name: proxy-default
- name: nginx-config
configMap:
- name: nginx-conf
-{{- if .Values.apple_universal_links }}
- - name: apple-site-association
- configMap:
- name: apple-universal-links
-{{- end }}
+ name: nginx-conf
{{- if .Values.volumes }}
{{ toYaml .Values.volumes | indent 8 }}
{{- end }}
@@ -56,11 +51,7 @@ spec:
mountPath: /etc/nginx/defaults.d
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
- subPath: nginx.conf
-{{- if .Values.apple_universal_links }}
- - name: apple-site-association
- mountPath: /var/www/html
-{{- end }}
+ subPath: nginx.conf
{{- if .Values.volumeMounts }}
{{ toYaml .Values.volumeMounts | indent 10 }}
{{- end }}
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2
index c1331e76a55c51bbd691a7fabb409f8cbfa17cdd..38db73493821c42b273b8243e54568fc6cf91afc 100644
--- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2
+++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2
@@ -12,11 +12,11 @@ service:
- port: 80
name: http
targetPort: 80
- nodePort: 31380
+ nodePort: 31880
- port: 443
name: https
targetPort: 443
- nodePort: 31390
+ nodePort: 31890
{% if nginx_volumes is defined and nginx_volumes %}
{#
@@ -30,9 +30,6 @@ nginx_volumes:
- name: proxy-config
configMap:
name: proxy-default
- - name: nginx-config
- configMap:
- name: nginx-conf
volumemounts:
- name: tls
mountPath: /etc/secrets
@@ -44,7 +41,8 @@ nginx_volumes:
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- readOnly: true
+ readOnly: true
+
#}
volumes: {{ nginx_volumes.volumes | to_json }}
volumeMounts: {{ nginx_volumes.volumeMounts | to_json }}
@@ -97,7 +95,7 @@ proxyconfig: |-
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
{% endif %}
- server_name *.{{ proxy_server_name }} {{ proxy_server_name }};
+ server_name {{ proxy_server_name }};
{#
custom nginx server config section
eg:
@@ -115,560 +113,34 @@ proxyconfig: |-
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
- ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
- resolver {{ kube_dns_ip }} valid=30s;
- # Mobile Devices Refresh token Endpoints
- location ~* ^/auth/v1/refresh/token {
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- }
- # Admin API Endpoints for sunbird realm fpr forgot password flow
- location ~ /auth/admin/realms/sunbird/users/ {
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_pass http://keycloak;
- }
- # Sunbird realm keycloak API endpoints
- location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) {
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_pass http://keycloak;
- }
- # Static Assets for keycloak endpoints with caching
- location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) {
- # Enabling caching
- proxy_cache_key $proxy_host$request_uri;
- proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_pass http://keycloak;
- }
- # This is Caching mechanism for POST requests location search
- location ~ /learner/data/v1/location/search {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_methods GET HEAD POST;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://player;
- }
- # Caching for content consumption
- location ~ /api/(content/v1/read|course/v1/hierarchy|course/v1/batch/read) {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_methods GET HEAD POST;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}};
- # Increasing the proxy buffer size
- proxy_buffer_size 16k;
- proxy_busy_buffers_size 16k;
- rewrite ^/api/(.*) /$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_pass http://kong;
- }
- # This is Caching mechanism for Content search
- location ~ /api/content/v1/search {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_methods GET HEAD POST;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}};
- # Increasing the proxy buffer size
- proxy_buffer_size 16k;
- proxy_busy_buffers_size 16k;
- rewrite ^/api/(.*) /$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_pass http://kong;
- }
- # This is Caching mechanism for POST requests
- location ~ /api/data/v1/form/read {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_methods GET HEAD POST;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- rewrite ^/api/(.*) /$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- }
- location ~ /api/(framework/v1/read|data/v1/system/settings/get|org/v1/search|org/v2/search|data/v1/location/search) {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_methods GET HEAD POST;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- rewrite ^/api/(.*) /$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_buffer_size 16k;
- proxy_busy_buffers_size 16k;
- proxy_pass http://kong;
- }
- location /api/ {
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
- }
- if ( $arg_eHVyhwSdt ) {
- set $custom_header "Bearer $arg_eHVyhwSdt";
- }
- if ( $http_authorization ) {
- set $custom_header "$http_authorization";
- }
- include /etc/nginx/defaults.d/compression.conf;
- proxy_set_header Authorization $custom_header;
- rewrite ^/api/(.*) /$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- }
- # Oauth2 config
- location /oauth2/ {
- set $target http://oauth2-proxy.logging.svc.cluster.local;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Auth-Request-Redirect $request_uri;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass $target;
- }
- location = /oauth2/auth {
- set $target http://oauth2-proxy.logging.svc.cluster.local;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- # nginx auth_request includes headers but not body
- proxy_set_header Content-Length "";
- proxy_pass_request_body off;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass $target;
- }
-{% if graylog_open_to_public %}
- location /graylog/ {
- auth_request /oauth2/auth;
- error_page 401 = /oauth2/sign_in;
- # Setting target url
- auth_request_set $target http://graylog.logging.svc.cluster.local;
- # pass information via X-User and X-Email headers to backend,
- # requires running with --set-xauthrequest flag
- auth_request_set $user $upstream_http_x_auth_request_user;
- auth_request_set $email $upstream_http_x_auth_request_email;
- proxy_set_header X-User $user;
- proxy_set_header X-Email $email;
- # if you enabled --cookie-refresh, this is needed for it to work with auth_request
- auth_request_set $auth_cookie $upstream_http_set_cookie;
- add_header Set-Cookie $auth_cookie;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Server $host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header Graylog-User viewer;
- proxy_set_header X-Graylog-Server-URL {{proto}}://{{ proxy_server_name }}/graylog/;
- rewrite ^/graylog/(.*)$ /$1 break;
- proxy_pass $target;
- }
- location /dashboard {
- return 301 /graylog/;
- }
-{% else %}
- location /dashboard/ {
- auth_request /oauth2/auth;
- error_page 401 = /oauth2/sign_in;
- # Setting target url
- auth_request_set $target http://{{ kibana_service }};
- # pass information via X-User and X-Email headers to backend,
- # requires running with --set-xauthrequest flag
- auth_request_set $user $upstream_http_x_auth_request_user;
- auth_request_set $email $upstream_http_x_auth_request_email;
- proxy_set_header X-User $user;
- proxy_set_header X-Email $email;
- # if you enabled --cookie-refresh, this is needed for it to work with auth_request
- auth_request_set $auth_cookie $upstream_http_set_cookie;
- add_header Set-Cookie $auth_cookie;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass $target;
- }
-{% endif %}
- location /oauth3 {
- set $target http://oauth2-proxy.monitoring.svc.cluster.local;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Auth-Request-Redirect $request_uri;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass $target;
- }
- location = /oauth3/auth {
- set $target http://oauth2-proxy.monitoring.svc.cluster.local;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header Content-Length "";
- proxy_pass_request_body off;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass $target;
- }
- location /grafana/ {
- auth_request /oauth3/auth;
- error_page 401 = /oauth3/sign_in;
- auth_request_set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local;
- include /etc/nginx/defaults.d/compression.conf;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local;
- rewrite ^/grafana/(.*) /$1 break;
- proxy_pass $target;
- }
- location /encryption/ {
- set $target http://encryption.{{ namespace }}.svc.cluster.local;
- rewrite ^/encryption/(.*) /$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 1;
- proxy_send_timeout 30;
- proxy_read_timeout 40;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-For $http_x_forwarded_for;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass $target;
- }
- location /discussions/ {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Host $http_host;
- proxy_set_header X-NginX-Proxy true;
- proxy_redirect off;
- # Socket.IO Support
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567;
- #rewrite ^/discussions/(.*) /$1 break;
- proxy_pass $target;
- }
- location ~* ^/assets/public/(.*) {
- # Enabling cache for Response code 200
- expires 1M;
- add_header Pragma public;
- add_header Cache-Control "public";
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/javascript;
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
- }
- set $bucket "{{upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*";
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$bucket/$url_full;
- }
- location ~* ^/content/preview/(.*) {
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
- }
- set $s3_bucket "{{plugin_upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$s3_bucket/v3/preview/$url_full;
- }
- location ~ /content-editor/telemetry|collection-editor/telemetry {
- rewrite ^/(.*) /$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://player;
- }
- location ~* ^/content-editor/(.*) {
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
- }
- set $s3_bucket "{{plugin_upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$s3_bucket/content-editor/$url_full;
- }
- location ~* ^/discussion-ui/(.*) {
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
- set $s3_bucket "{{discussion_upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{discussion_upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$s3_bucket/discussion-ui/$url_full;
- }
- location ~* ^/collection-editor/(.*) {
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
- }
- set $s3_bucket "{{plugin_upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods GET;
+ ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
+ resolver {{ kube_dns_ip }} valid=30s;
+
+
+ location / {
+ rewrite ^/(.*) /$1 break;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
+ proxy_set_header X-Scheme $scheme;
+ proxy_connect_timeout 5;
+ proxy_send_timeout 60;
+ proxy_read_timeout 70;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Connection "";
+ proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$s3_bucket/collection-editor/$url_full;
+ proxy_pass http://portal;
}
- location ~* ^/generic-editor/(.*) {
+ location ~* ^/assets/public/(.*) {
+ # Enabling cache for Response code 200
+ expires 1M;
+ add_header Pragma public;
+ add_header Cache-Control "public";
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
+ gzip_types application/javascript application/x-javascript text/javascript;
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
@@ -678,10 +150,10 @@ proxyconfig: |-
add_header Content-Type text/plain;
return 200;
}
- set $s3_bucket "{{plugin_upstream_url}}";
+ set $bucket "{{upstream_url}}";
set $url_full '$1';
proxy_http_version 1.1;
- proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
+ proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}";
proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
@@ -691,242 +163,29 @@ proxyconfig: |-
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*" ;
+ add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods GET;
proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$s3_bucket/generic-editor/$url_full;
+ proxy_pass https://$bucket/$url_full;
}
- location ~* ^/content-plugins/(.*) {
- # Enabling cache for Response code 200
- expires 1M;
- add_header Pragma public;
- add_header Cache-Control "public";
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
+ location /api/ {
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
+ add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
- set $s3_bucket "{{plugin_upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*";
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$s3_bucket/content-plugins/$url_full;
- }
- location /thirdparty {
- # Enabling cache for Response code 200
- expires 1M;
- add_header Pragma public;
- add_header Cache-Control "public";
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
- rewrite ^/(.*) /$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://player;
- }
- location ~* ^/desktop/(.*) {
- # Enabling cache for Response code 200
- expires 1M;
- add_header Pragma public;
- add_header Cache-Control "public";
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
+ if ( $arg_eHVyhwSdt ) {
+ set $custom_header "Bearer $arg_eHVyhwSdt";
+ }
+ if ( $http_authorization ) {
+ set $custom_header "$http_authorization";
}
- set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*";
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$offline_bucket/$url_full;
- }
- # compression for svg certs download
- location /api/certreg/v2/certs/download {
- rewrite ^/api/(.*) /$1 break;
- include /etc/nginx/defaults.d/compression.conf;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For $remote_addr;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- }
- location /learner/certreg/v2/certs/download {
- # Compression
- gzip on;
- gzip_comp_level 5;
- gzip_min_length 50000; # 50KB
- gzip_proxied any;
- gzip_vary on;
- # Content types for compression
- gzip_types
- application/atom+xml
- application/javascript
- application/json
- application/ld+json
- application/manifest+json
- application/rss+xml
- application/vnd.geo+json
- application/vnd.ms-fontobject
- application/x-font-ttf
- application/x-web-app-manifest+json
- application/xhtml+xml
- application/xml
- font/opentype
- image/bmp
- image/svg+xml
- image/x-icon
- text/cache-manifest
- text/css
- text/plain
- add_header test hello;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://player;
- }
- location / {
- rewrite ^/(.*) /$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://player;
- }
- location /v3/device/register {
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- proxy_set_header Connection "";
- rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- }
- location /action/data/v3/metrics {
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- proxy_set_header Connection "";
- rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break;
- proxy_http_version 1.1;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- }
- location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://player;
- }
- location /api/channel/v1/read {
- # Enabling compression
include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break;
+ proxy_set_header Authorization $custom_header;
+ rewrite ^/api/(.*) /$1 break;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
@@ -938,49 +197,8 @@ proxyconfig: |-
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://kong;
- }
- location ~ ^/chatapi/ {
- set $target http://router-service.{{ namespace }}.svc.cluster.local:8000;
- rewrite ^/chatapi/(.*) /$1 break;
- proxy_pass $target;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- }
- location /oauth2callback {
- return 200 'OK';
- add_header Content-Type text/plain;
- }
- location /dial/ {
- if ($dial_upstream_host = kong) {
- rewrite ^/dial/(.*) /api/dialcode/v2/read/$1;
- }
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://$dial_upstream_host;
- }
-{% if apple_app_site_association is defined %}
- location /apple-app-site-association {
- alias /var/www/html/;
- index apple-app-site-association.json;
- }
-{% endif %}
- {# Including custom configuration #}
- {{ proxy_custom_config }}}
+ }
+ }
nginxconfig: |
user nginx;
@@ -1041,10 +259,7 @@ nginxconfig: |
default $upstream_cache_status;
'' "NONE";
}
- map $http_accept $dial_upstream_host {
- default player;
- application/ld+json kong;
- }
+
# Defining metrics
init_worker_by_lua_block {
prometheus = require("prometheus").init("prometheus_metrics")
@@ -1074,16 +289,8 @@ nginxconfig: |
server kong:8000;
keepalive 1000;
}
- upstream encryption {
- server enc-service:8013;
- keepalive 1000;
- }
- upstream keycloak {
- server {{ keycloak_url.split('//')[-1] }};
- keepalive 1000;
- }
- upstream player {
- server player:3000;
+ upstream portal {
+ server inquiryportal-service:3000;
keepalive 1000;
}
include /etc/nginx/defaults.d/*.conf;
@@ -1117,116 +324,8 @@ nginxconfig: |
}
}
}
- }
-
-keycloakconf: |
- server {
- listen 80;
- listen [::]:80;
- server_name {{ merge_proxy_server_name }};
- # Limitting open connection per ip
- limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
- return 301 https://{{ merge_proxy_server_name }}$request_uri;
- }
- server {
- listen 443 ssl;
- ssl_certificate /etc/secrets-merge/tls.crt;
- ssl_certificate_key /etc/secrets-merge/tls.key;
- server_name {{ merge_proxy_server_name }};
- # Limitting open connection per ip
- limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-SSL on;
- proxy_set_header X-Forwarded-Proto $scheme;
- ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
- resolver 127.0.0.11 valid=5s;
- # Refresh token endpoint being routed to kong
- location ~* ^/auth/v1/refresh/token {
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- }
- # Admin API Endpoints for sunbird realm fpr forgot password flow
- location ~ /auth/admin/realms/sunbird/users/ {
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_pass http://keycloak;
- }
- # Sunbird realm keycloak API endpoints
- location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) {
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_pass http://keycloak;
- }
- # Static Assets for keycloak endpoints with caching
- location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_pass http://keycloak;
- }
- location / {
- rewrite ^/(.*) /$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $request_id;
- proxy_pass http://player;
- }
- }
-
+ }
+
compressionConfig: |-
# Compression
gzip on;
@@ -1265,4 +364,4 @@ serviceMonitor:
{# Add the apple site association json contents in a single line within single quotes as shown below in Core/common.yml #}
{# apple_app_site_association: '{"applinks":{"apps":[],"details":[{"appID":"123456.dev.sunbird.app","paths":["/explore","/dial/*","/get/dial","/play/content","/play/collection","/learn/course","/explore-course/course","/explore-course","/search","/search/Library","/faq","/profile","/play/quiz","/explore","/learn","/resources"]}]}}' #}
-apple_universal_links: '{{ apple_app_site_association | default("") }}'
\ No newline at end of file
+apple_universal_links: '{{ apple_app_site_association | default("") }}'