Skip to content
GitLab
Unverified Commit 391343ef authored by Akhil's avatar Akhil Committed by GitHub
Browse files

Merge pull request #3627 from G33tha/release-5.2.0-inquiry 

updated nginx config
parents 544537fb f975c3f4
release-5.2.0-inquiry_RC1
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 50 additions and 982 deletions
+50 -982
kubernetes/helm_charts/core/nginx-public-ingress/templates/configMap.yaml
+ 0
22
View file @ 391343ef
...@@ -19,26 +19,4 @@ data: ...@@ -19,26 +19,4 @@ data:
nginx.conf: | nginx.conf: |
{{ .Values.nginxconfig | indent 4 }} {{ .Values.nginxconfig | indent 4 }}
---
{{- if .Values.merge_domain_status }}
apiVersion: v1
kind: ConfigMap
metadata:
name: keycloak-conf
namespace: {{ .Values.namespace }}
data:
keycloak.conf: |
{{ .Values.keycloakconf | indent 4 }}
{{- end }}
---
{{- if .Values.apple_universal_links }}
apiVersion: v1
kind: ConfigMap
metadata:
name: apple-universal-links
namespace: {{ .Values.namespace }}
data:
apple-app-site-association.json: |
{{ .Values.apple_universal_links | indent 4 }}
{{- end }}
\ No newline at end of file
kubernetes/helm_charts/core/nginx-public-ingress/templates/daemonset.yaml
+ 2
11
View file @ 391343ef
...@@ -34,12 +34,7 @@ spec: ...@@ -34,12 +34,7 @@ spec:
name: proxy-default name: proxy-default
- name: nginx-config - name: nginx-config
configMap: configMap:
name: nginx-conf name: nginx-conf
{{- if .Values.apple_universal_links }}
- name: apple-site-association
configMap:
name: apple-universal-links
{{- end }}
{{- if .Values.volumes }} {{- if .Values.volumes }}
{{ toYaml .Values.volumes | indent 8 }} {{ toYaml .Values.volumes | indent 8 }}
{{- end }} {{- end }}
...@@ -56,11 +51,7 @@ spec: ...@@ -56,11 +51,7 @@ spec:
mountPath: /etc/nginx/defaults.d mountPath: /etc/nginx/defaults.d
- name: nginx-config - name: nginx-config
mountPath: /etc/nginx/nginx.conf mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf subPath: nginx.conf
{{- if .Values.apple_universal_links }}
- name: apple-site-association
mountPath: /var/www/html
{{- end }}
{{- if .Values.volumeMounts }} {{- if .Values.volumeMounts }}
{{ toYaml .Values.volumeMounts | indent 10 }} {{ toYaml .Values.volumeMounts | indent 10 }}
{{- end }} {{- end }}
......
kubernetes/helm_charts/core/nginx-public-ingress/values.j2
+ 48
949
View file @ 391343ef
...@@ -12,11 +12,11 @@ service: ...@@ -12,11 +12,11 @@ service:
- port: 80 - port: 80
name: http name: http
targetPort: 80 targetPort: 80
nodePort: 31380 nodePort: 31880
- port: 443 - port: 443
name: https name: https
targetPort: 443 targetPort: 443
nodePort: 31390 nodePort: 31890
{% if nginx_volumes is defined and nginx_volumes %} {% if nginx_volumes is defined and nginx_volumes %}
{# {#
...@@ -30,9 +30,6 @@ nginx_volumes: ...@@ -30,9 +30,6 @@ nginx_volumes:
- name: proxy-config - name: proxy-config
configMap: configMap:
name: proxy-default name: proxy-default
- name: nginx-config
configMap:
name: nginx-conf
volumemounts: volumemounts:
- name: tls - name: tls
mountPath: /etc/secrets mountPath: /etc/secrets
...@@ -44,7 +41,8 @@ nginx_volumes: ...@@ -44,7 +41,8 @@ nginx_volumes:
- name: nginx-config - name: nginx-config
mountPath: /etc/nginx/nginx.conf mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf subPath: nginx.conf
readOnly: true readOnly: true
#} #}
volumes: {{ nginx_volumes.volumes | to_json }} volumes: {{ nginx_volumes.volumes | to_json }}
volumeMounts: {{ nginx_volumes.volumeMounts | to_json }} volumeMounts: {{ nginx_volumes.volumeMounts | to_json }}
...@@ -97,7 +95,7 @@ proxyconfig: |- ...@@ -97,7 +95,7 @@ proxyconfig: |-
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
{% endif %} {% endif %}
server_name *.{{ proxy_server_name }} {{ proxy_server_name }}; server_name {{ proxy_server_name }};
{# {#
custom nginx server config section custom nginx server config section
eg: eg:
...@@ -115,560 +113,34 @@ proxyconfig: |- ...@@ -115,560 +113,34 @@ proxyconfig: |-
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Forwarded-SSL on; proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
resolver {{ kube_dns_ip }} valid=30s; resolver {{ kube_dns_ip }} valid=30s;
# Mobile Devices Refresh token Endpoints
location ~* ^/auth/v1/refresh/token {
rewrite ^/auth/(.*) /auth/$1 break; location / {
proxy_set_header Connection ""; rewrite ^/(.*) /$1 break;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme; proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_connect_timeout 5;
proxy_set_header X-Forwarded-Proto $scheme; proxy_send_timeout 60;
proxy_connect_timeout 5; proxy_read_timeout 70;
proxy_send_timeout 60; proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 70; proxy_set_header Connection "";
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://kong;
}
# Admin API Endpoints for sunbird realm fpr forgot password flow
location ~ /auth/admin/realms/sunbird/users/ {
rewrite ^/auth/(.*) /auth/$1 break;
proxy_set_header X-Request-ID $sb_request_id;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://keycloak;
}
# Sunbird realm keycloak API endpoints
location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) {
rewrite ^/auth/(.*) /auth/$1 break;
proxy_set_header X-Request-ID $sb_request_id;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://keycloak;
}
# Static Assets for keycloak endpoints with caching
location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) {
# Enabling caching
proxy_cache_key $proxy_host$request_uri;
proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}};
add_header X-Proxy-Cache $upstream_cache_status;
add_header X-Proxy-Cache-Date $upstream_http_date;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_revalidate on;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
rewrite ^/auth/(.*) /auth/$1 break;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
proxy_pass http://keycloak;
}
# This is Caching mechanism for POST requests location search
location ~ /learner/data/v1/location/search {
# Enabling compression
include /etc/nginx/defaults.d/compression.conf;
# Enabling caching
# caching include Accept-Encoding header also, to provide gziped or plain content as per request
proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}};
add_header X-Proxy-Cache $upstream_cache_status;
add_header X-Proxy-Cache-Date $upstream_http_date;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_methods GET HEAD POST;
proxy_cache_revalidate on;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://player;
}
# Caching for content consumption
location ~ /api/(content/v1/read|course/v1/hierarchy|course/v1/batch/read) {
# Enabling compression
include /etc/nginx/defaults.d/compression.conf;
# Enabling caching
# caching include Accept-Encoding header also, to provide gziped or plain content as per request
proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}};
add_header X-Proxy-Cache $upstream_cache_status;
add_header X-Proxy-Cache-Date $upstream_http_date;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_methods GET HEAD POST;
proxy_cache_revalidate on;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}};
# Increasing the proxy buffer size
proxy_buffer_size 16k;
proxy_busy_buffers_size 16k;
rewrite ^/api/(.*) /$1 break;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
proxy_pass http://kong;
}
# This is Caching mechanism for Content search
location ~ /api/content/v1/search {
# Enabling compression
include /etc/nginx/defaults.d/compression.conf;
# Enabling caching
# caching include Accept-Encoding header also, to provide gziped or plain content as per request
proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}};
add_header X-Proxy-Cache $upstream_cache_status;
add_header X-Proxy-Cache-Date $upstream_http_date;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_methods GET HEAD POST;
proxy_cache_revalidate on;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}};
# Increasing the proxy buffer size
proxy_buffer_size 16k;
proxy_busy_buffers_size 16k;
rewrite ^/api/(.*) /$1 break;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
proxy_pass http://kong;
}
# This is Caching mechanism for POST requests
location ~ /api/data/v1/form/read {
# Enabling compression
include /etc/nginx/defaults.d/compression.conf;
# Enabling caching
# caching include Accept-Encoding header also, to provide gziped or plain content as per request
proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}};
add_header X-Proxy-Cache $upstream_cache_status;
add_header X-Proxy-Cache-Date $upstream_http_date;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_methods GET HEAD POST;
proxy_cache_revalidate on;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
rewrite ^/api/(.*) /$1 break;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://kong;
}
location ~ /api/(framework/v1/read|data/v1/system/settings/get|org/v1/search|org/v2/search|data/v1/location/search) {
# Enabling compression
include /etc/nginx/defaults.d/compression.conf;
# Enabling caching
# caching include Accept-Encoding header also, to provide gziped or plain content as per request
proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}};
add_header X-Proxy-Cache $upstream_cache_status;
add_header X-Proxy-Cache-Date $upstream_http_date;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_methods GET HEAD POST;
proxy_cache_revalidate on;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
rewrite ^/api/(.*) /$1 break;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_buffer_size 16k;
proxy_busy_buffers_size 16k;
proxy_pass http://kong;
}
location /api/ {
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
if ( $arg_eHVyhwSdt ) {
set $custom_header "Bearer $arg_eHVyhwSdt";
}
if ( $http_authorization ) {
set $custom_header "$http_authorization";
}
include /etc/nginx/defaults.d/compression.conf;
proxy_set_header Authorization $custom_header;
rewrite ^/api/(.*) /$1 break;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://kong;
}
# Oauth2 config
location /oauth2/ {
set $target http://oauth2-proxy.logging.svc.cluster.local;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $request_uri;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass $target;
}
location = /oauth2/auth {
set $target http://oauth2-proxy.logging.svc.cluster.local;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
# nginx auth_request includes headers but not body
proxy_set_header Content-Length "";
proxy_pass_request_body off;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass $target;
}
{% if graylog_open_to_public %}
location /graylog/ {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
# Setting target url
auth_request_set $target http://graylog.logging.svc.cluster.local;
# pass information via X-User and X-Email headers to backend,
# requires running with --set-xauthrequest flag
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
# if you enabled --cookie-refresh, this is needed for it to work with auth_request
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
proxy_set_header X-Request-ID $sb_request_id;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Scheme $scheme;
proxy_set_header Graylog-User viewer;
proxy_set_header X-Graylog-Server-URL {{proto}}://{{ proxy_server_name }}/graylog/;
rewrite ^/graylog/(.*)$ /$1 break;
proxy_pass $target;
}
location /dashboard {
return 301 /graylog/;
}
{% else %}
location /dashboard/ {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
# Setting target url
auth_request_set $target http://{{ kibana_service }};
# pass information via X-User and X-Email headers to backend,
# requires running with --set-xauthrequest flag
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
# if you enabled --cookie-refresh, this is needed for it to work with auth_request
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass $target;
}
{% endif %}
location /oauth3 {
set $target http://oauth2-proxy.monitoring.svc.cluster.local;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $request_uri;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass $target;
}
location = /oauth3/auth {
set $target http://oauth2-proxy.monitoring.svc.cluster.local;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass $target;
}
location /grafana/ {
auth_request /oauth3/auth;
error_page 401 = /oauth3/sign_in;
auth_request_set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local;
include /etc/nginx/defaults.d/compression.conf;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local;
rewrite ^/grafana/(.*) /$1 break;
proxy_pass $target;
}
location /encryption/ {
set $target http://encryption.{{ namespace }}.svc.cluster.local;
rewrite ^/encryption/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 1;
proxy_send_timeout 30;
proxy_read_timeout 40;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass $target;
}
location /discussions/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567;
#rewrite ^/discussions/(.*) /$1 break;
proxy_pass $target;
}
location ~* ^/assets/public/(.*) {
# Enabling cache for Response code 200
expires 1M;
add_header Pragma public;
add_header Cache-Control "public";
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/javascript;
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
# add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
set $bucket "{{upstream_url}}";
set $url_full '$1';
proxy_http_version 1.1;
proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}";
proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods GET;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass https://$bucket/$url_full;
}
location ~* ^/content/preview/(.*) {
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/css text/javascript;
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
# add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
set $s3_bucket "{{plugin_upstream_url}}";
set $url_full '$1';
proxy_http_version 1.1;
proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods GET;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass https://$s3_bucket/v3/preview/$url_full;
}
location ~ /content-editor/telemetry|collection-editor/telemetry {
rewrite ^/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://player;
}
location ~* ^/content-editor/(.*) {
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/css text/javascript;
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
# add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
set $s3_bucket "{{plugin_upstream_url}}";
set $url_full '$1';
proxy_http_version 1.1;
proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods GET;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass https://$s3_bucket/content-editor/$url_full;
}
location ~* ^/discussion-ui/(.*) {
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/css text/javascript;
set $s3_bucket "{{discussion_upstream_url}}";
set $url_full '$1';
proxy_http_version 1.1;
proxy_set_header Host "{{discussion_upstream_url.split('/')[0]|lower}}";
proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods GET;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass https://$s3_bucket/discussion-ui/$url_full;
}
location ~* ^/collection-editor/(.*) {
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/css text/javascript;
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
# add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
set $s3_bucket "{{plugin_upstream_url}}";
set $url_full '$1';
proxy_http_version 1.1;
proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods GET;
proxy_set_header X-Request-ID $sb_request_id; proxy_set_header X-Request-ID $sb_request_id;
proxy_pass https://$s3_bucket/collection-editor/$url_full; proxy_pass http://portal;
} }
location ~* ^/generic-editor/(.*) { location ~* ^/assets/public/(.*) {
# Enabling cache for Response code 200
expires 1M;
add_header Pragma public;
add_header Cache-Control "public";
# Enabling compression # Enabling compression
gzip on; gzip on;
gzip_min_length 100000; gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth; gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/css text/javascript; gzip_types application/javascript application/x-javascript text/javascript;
if ($request_method = OPTIONS ) { if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
...@@ -678,10 +150,10 @@ proxyconfig: |- ...@@ -678,10 +150,10 @@ proxyconfig: |-
add_header Content-Type text/plain; add_header Content-Type text/plain;
return 200; return 200;
} }
set $s3_bucket "{{plugin_upstream_url}}"; set $bucket "{{upstream_url}}";
set $url_full '$1'; set $url_full '$1';
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}";
proxy_set_header Authorization ''; proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods; proxy_hide_header Access-Control-Allow-Methods;
...@@ -691,242 +163,29 @@ proxyconfig: |- ...@@ -691,242 +163,29 @@ proxyconfig: |-
proxy_ignore_headers "Set-Cookie"; proxy_ignore_headers "Set-Cookie";
proxy_buffering off; proxy_buffering off;
proxy_intercept_errors on; proxy_intercept_errors on;
add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods GET; add_header Access-Control-Allow-Methods GET;
proxy_set_header X-Request-ID $sb_request_id; proxy_set_header X-Request-ID $sb_request_id;
proxy_pass https://$s3_bucket/generic-editor/$url_full; proxy_pass https://$bucket/$url_full;
} }
location ~* ^/content-plugins/(.*) { location /api/ {
# Enabling cache for Response code 200
expires 1M;
add_header Pragma public;
add_header Cache-Control "public";
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/css text/javascript;
if ($request_method = OPTIONS ) { if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ; add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST"; add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id"; add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding";
# add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0; add_header Content-Length 0;
add_header Content-Type text/plain; add_header Content-Type text/plain;
return 200; return 200;
} }
set $s3_bucket "{{plugin_upstream_url}}"; if ( $arg_eHVyhwSdt ) {
set $url_full '$1'; set $custom_header "Bearer $arg_eHVyhwSdt";
proxy_http_version 1.1; }
proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}"; if ( $http_authorization ) {
proxy_set_header Authorization ''; set $custom_header "$http_authorization";
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods GET;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass https://$s3_bucket/content-plugins/$url_full;
}
location /thirdparty {
# Enabling cache for Response code 200
expires 1M;
add_header Pragma public;
add_header Cache-Control "public";
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/css text/javascript;
rewrite ^/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://player;
}
location ~* ^/desktop/(.*) {
# Enabling cache for Response code 200
expires 1M;
add_header Pragma public;
add_header Cache-Control "public";
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/css text/javascript;
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
# add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
} }
set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}";
set $url_full '$1';
proxy_http_version 1.1;
proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}";
proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods GET;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass https://$offline_bucket/$url_full;
}
# compression for svg certs download
location /api/certreg/v2/certs/download {
rewrite ^/api/(.*) /$1 break;
include /etc/nginx/defaults.d/compression.conf;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://kong;
}
location /learner/certreg/v2/certs/download {
# Compression
gzip on;
gzip_comp_level 5;
gzip_min_length 50000; # 50KB
gzip_proxied any;
gzip_vary on;
# Content types for compression
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
add_header test hello;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://player;
}
location / {
rewrite ^/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://player;
}
location /v3/device/register {
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://kong;
proxy_set_header Connection "";
rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
}
location /action/data/v3/metrics {
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://kong;
proxy_set_header Connection "";
rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
}
location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info {
# Enabling compression
include /etc/nginx/defaults.d/compression.conf;
# Enabling caching
# caching include Accept-Encoding header also, to provide gziped or plain content as per request
proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}};
add_header X-Proxy-Cache $upstream_cache_status;
add_header X-Proxy-Cache-Date $upstream_http_date;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_revalidate on;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://player;
}
location /api/channel/v1/read {
# Enabling compression
include /etc/nginx/defaults.d/compression.conf; include /etc/nginx/defaults.d/compression.conf;
# Enabling caching proxy_set_header Authorization $custom_header;
# caching include Accept-Encoding header also, to provide gziped or plain content as per request rewrite ^/api/(.*) /$1 break;
proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}};
add_header X-Proxy-Cache $upstream_cache_status;
add_header X-Proxy-Cache-Date $upstream_http_date;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_revalidate on;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break;
proxy_set_header Connection ""; proxy_set_header Connection "";
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }}; proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
...@@ -938,49 +197,8 @@ proxyconfig: |- ...@@ -938,49 +197,8 @@ proxyconfig: |-
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id; proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://kong; proxy_pass http://kong;
} }
location ~ ^/chatapi/ { }
set $target http://router-service.{{ namespace }}.svc.cluster.local:8000;
rewrite ^/chatapi/(.*) /$1 break;
proxy_pass $target;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location /oauth2callback {
return 200 'OK';
add_header Content-Type text/plain;
}
location /dial/ {
if ($dial_upstream_host = kong) {
rewrite ^/dial/(.*) /api/dialcode/v2/read/$1;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://$dial_upstream_host;
}
{% if apple_app_site_association is defined %}
location /apple-app-site-association {
alias /var/www/html/;
index apple-app-site-association.json;
}
{% endif %}
{# Including custom configuration #}
{{ proxy_custom_config }}}
nginxconfig: | nginxconfig: |
user nginx; user nginx;
...@@ -1041,10 +259,7 @@ nginxconfig: | ...@@ -1041,10 +259,7 @@ nginxconfig: |
default $upstream_cache_status; default $upstream_cache_status;
'' "NONE"; '' "NONE";
} }
map $http_accept $dial_upstream_host {
default player;
application/ld+json kong;
}
# Defining metrics # Defining metrics
init_worker_by_lua_block { init_worker_by_lua_block {
prometheus = require("prometheus").init("prometheus_metrics") prometheus = require("prometheus").init("prometheus_metrics")
...@@ -1074,16 +289,8 @@ nginxconfig: | ...@@ -1074,16 +289,8 @@ nginxconfig: |
server kong:8000; server kong:8000;
keepalive 1000; keepalive 1000;
} }
upstream encryption { upstream portal {
server enc-service:8013; server inquiryportal-service:3000;
keepalive 1000;
}
upstream keycloak {
server {{ keycloak_url.split('//')[-1] }};
keepalive 1000;
}
upstream player {
server player:3000;
keepalive 1000; keepalive 1000;
} }
include /etc/nginx/defaults.d/*.conf; include /etc/nginx/defaults.d/*.conf;
...@@ -1117,116 +324,8 @@ nginxconfig: | ...@@ -1117,116 +324,8 @@ nginxconfig: |
} }
} }
} }
} }
keycloakconf: |
server {
listen 80;
listen [::]:80;
server_name {{ merge_proxy_server_name }};
# Limitting open connection per ip
limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
return 301 https://{{ merge_proxy_server_name }}$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/secrets-merge/tls.crt;
ssl_certificate_key /etc/secrets-merge/tls.key;
server_name {{ merge_proxy_server_name }};
# Limitting open connection per ip
limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
resolver 127.0.0.11 valid=5s;
# Refresh token endpoint being routed to kong
location ~* ^/auth/v1/refresh/token {
rewrite ^/auth/(.*) /auth/$1 break;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://kong;
}
# Admin API Endpoints for sunbird realm fpr forgot password flow
location ~ /auth/admin/realms/sunbird/users/ {
rewrite ^/auth/(.*) /auth/$1 break;
proxy_set_header X-Request-ID $sb_request_id;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://keycloak;
}
# Sunbird realm keycloak API endpoints
location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) {
rewrite ^/auth/(.*) /auth/$1 break;
proxy_set_header X-Request-ID $sb_request_id;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://keycloak;
}
# Static Assets for keycloak endpoints with caching
location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) {
# Enabling compression
include /etc/nginx/defaults.d/compression.conf;
# Enabling caching
# caching include Accept-Encoding header also, to provide gziped or plain content as per request
proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}};
add_header X-Proxy-Cache $upstream_cache_status;
add_header X-Proxy-Cache-Date $upstream_http_date;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_revalidate on;
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
rewrite ^/auth/(.*) /auth/$1 break;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
proxy_pass http://keycloak;
}
location / {
rewrite ^/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header X-Request-ID $request_id;
proxy_pass http://player;
}
}
compressionConfig: |- compressionConfig: |-
# Compression # Compression
gzip on; gzip on;
...@@ -1265,4 +364,4 @@ serviceMonitor: ...@@ -1265,4 +364,4 @@ serviceMonitor:
{# Add the apple site association json contents in a single line within single quotes as shown below in Core/common.yml #} {# Add the apple site association json contents in a single line within single quotes as shown below in Core/common.yml #}
{# apple_app_site_association: '{"applinks":{"apps":[],"details":[{"appID":"123456.dev.sunbird.app","paths":["/explore","/dial/*","/get/dial","/play/content","/play/collection","/learn/course","/explore-course/course","/explore-course","/search","/search/Library","/faq","/profile","/play/quiz","/explore","/learn","/resources"]}]}}' #} {# apple_app_site_association: '{"applinks":{"apps":[],"details":[{"appID":"123456.dev.sunbird.app","paths":["/explore","/dial/*","/get/dial","/play/content","/play/collection","/learn/course","/explore-course/course","/explore-course","/search","/search/Library","/faq","/profile","/play/quiz","/explore","/learn","/resources"]}]}}' #}
apple_universal_links: '{{ apple_app_site_association | default("") }}' apple_universal_links: '{{ apple_app_site_association | default("") }}'
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment