diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/.helmignore b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/.helmignore
deleted file mode 100644
index 50af0317254197a5a019f4ac2f8ecc223f93f5a7..0000000000000000000000000000000000000000
--- a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/.helmignore
+++ /dev/null
@@ -1,22 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/Chart.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/Chart.yaml
deleted file mode 100644
index ded713533bb5c24ba7e77aa365a93af917d3685e..0000000000000000000000000000000000000000
--- a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/Chart.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v2
-name: nginx-public-ingress
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application.
-appVersion: 1.16.0
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/_helpers.tpl b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/_helpers.tpl
deleted file mode 100644
index 0af5bc238a4e98266988def11468971eef84b9c4..0000000000000000000000000000000000000000
--- a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/_helpers.tpl
+++ /dev/null
@@ -1,63 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "nginx-public-ingress.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "nginx-public-ingress.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "nginx-public-ingress.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "nginx-public-ingress.labels" -}}
-helm.sh/chart: {{ include "nginx-public-ingress.chart" . }}
-{{ include "nginx-public-ingress.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end -}}
-
-{{/*
-Selector labels
-*/}}
-{{- define "nginx-public-ingress.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "nginx-public-ingress.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "nginx-public-ingress.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
- {{ default (include "nginx-public-ingress.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
- {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/configMap.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/configMap.yaml
deleted file mode 100644
index 74df84ab6689d25bd046f622727b833c75707e06..0000000000000000000000000000000000000000
--- a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/configMap.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: proxy-default
- namespace: {{ .Values.namespace }}
-data:
- proxy-default.conf: |
-{{ .Values.proxyconfig | indent 4 }}
- compression.conf: |
-{{ .Values.compressionConfig | indent 4 }}
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: nginx-conf
- namespace: {{ .Values.namespace }}
-data:
- nginx.conf: |
-{{ .Values.nginxconfig | indent 4 }}
-
-
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/daemonset.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/daemonset.yaml
deleted file mode 100644
index 9efb6dff9f060837c4ec37f0e2e13b18d6d17dbf..0000000000000000000000000000000000000000
--- a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/daemonset.yaml
+++ /dev/null
@@ -1,100 +0,0 @@
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: nginx-public-ingress
- namespace: {{ .Values.namespace }}
-spec:
- selector:
- matchLabels:
- app: nginx-public-ingress
- updateStrategy:
- type: RollingUpdate
- rollingUpdate:
- maxUnavailable: 25%
- template:
- metadata:
- annotations:
- nginxRolloutID: {{ randAlphaNum 5 | quote }} # Restart nginx after every deployment
- fluentbit.io/parser: nginx2
- labels:
- app: nginx-public-ingress
- spec:
- # Running nginx with custom config
-{{- if .Values.imagepullsecrets }}
- imagePullSecrets:
- - name: {{ .Values.imagepullsecrets }}
-{{- end }}
- volumes:
- - name: tls
- secret:
- secretName: ingress-cert
- - name: proxy-config
- configMap:
- name: proxy-default
- - name: nginx-config
- configMap:
- name: nginx-conf
-{{- if .Values.volumes }}
-{{ toYaml .Values.volumes | indent 8 }}
-{{- end }}
- containers:
- - name: nginx-public
- image: "{{ .Values.dockerhub }}/{{ .Values.repository }}:{{ .Values.image_tag }}"
- resources:
-{{ toYaml .Values.resources | indent 10 }}
- volumeMounts:
- - name: tls
- mountPath: /etc/secrets
- readOnly: true
- - name: proxy-config
- mountPath: /etc/nginx/defaults.d
- - name: nginx-config
- mountPath: /etc/nginx/nginx.conf
- subPath: nginx.conf
-{{- if .Values.volumeMounts }}
-{{ toYaml .Values.volumeMounts | indent 10 }}
-{{- end }}
- ports:
- - containerPort: 80
- name: http
- - containerPort: 443
- name: https
- - containerPort: 9145
- name: http-metrics
----
-apiVersion: v1
-kind: Service
-metadata:
- name: nginx-public-ingress-metrics
- namespace: {{ .Values.namespace }}
- labels:
-{{- include "nginx-public-ingress.labels" . | nindent 4 }}
-spec:
- selector:
- app: nginx-public-ingress
- ports:
- - name: http
- port: 9145
- targetPort: 9145
- protocol: TCP
----
-apiVersion: v1
-kind: Service
-metadata:
- name: nginx-public-ingress
- namespace: {{ .Values.namespace }}
-{{- if .Values.service.annotations }}
- annotations:
-{{ toYaml .Values.service.annotations | indent 4 }}
-{{- end }}
-spec:
- externalTrafficPolicy: Local
- selector:
- app: nginx-public-ingress
- type: {{ .Values.service.type }}
-{{- if and .Values.service.nginx_public_ingress_ip (ne .Values.service.type "NodePort") }}
- loadBalancerIP: {{ .Values.service.nginx_public_ingress_ip }}
-{{- end }}
- ports:
-{{ toYaml .Values.service.ports | indent 4 }}
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/recordingRules.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/recordingRules.yaml
deleted file mode 100644
index 1701d08332aa5f0e2d6ace96736ab2d2e956cf58..0000000000000000000000000000000000000000
--- a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/recordingRules.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-{{- if .Values.serviceMonitor.enabled }}
-{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }}
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
- name: {{ include "nginx-public-ingress.fullname" . }}-recording.rule
- namespace: {{ default .Values.namespace .Release.Namespace }}
- labels:
- {{- include "nginx-public-ingress.labels" . | nindent 4 }}
- {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
-spec:
- groups:
- - name: nginx-recording.rules
- rules:
- - expr: sum(irate(nginx_http_requests_total[1m])) by (cache_status, host, env, status)
- record: job:nginx_http_requests_total:irate:sum:1m
- - expr: sum(irate(nginx_http_requests_total[5m])) by (cache_status, host, env, status)
- record: job:nginx_http_requests_total:irate:sum:5m
- - expr: sum(irate(nginx_http_requests_total[15m])) by (cache_status, host, env, status)
- record: job:nginx_http_requests_total:irate:sum:15m
- - record: job:nginx_http_success_percentage:increase:sum:5m
- expr: |-
- (
- sum(increase(nginx_http_requests_total{status!~"4..|5.."}[5m])) by (status)
- /
- ignoring(status) group_left sum(increase(nginx_http_requests_total[5m]))
- ) * 100
- - record: job:nginx_http_success_percentage:increase:sum:15m
- expr: |-
- (
- sum(increase(nginx_http_requests_total{status!~"4..|5.."}[15m])) by (status)
- /
- ignoring(status) group_left sum(increase(nginx_http_requests_total[15m]))
- ) * 100
- - record: job:nginx_http_failure_percentage:increase:sum:5m
- expr: |-
- (
- sum(increase(nginx_http_requests_total{status!~"2..|3.."}[5m])) by (status)
- /
- ignoring(status) group_left sum(increase(nginx_http_requests_total[5m]))
- ) * 100
- - record: job:nginx_http_failure_percentage:increase:sum:15m
- expr: |-
- (
- sum(increase(nginx_http_requests_total{status!~"2..|3.."}[15m])) by (status)
- /
- ignoring(status) group_left sum(increase(nginx_http_requests_total[15m]))
- ) * 100
-{{- end }}
-{{- end }}
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/serviceMonitor.yml b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/serviceMonitor.yml
deleted file mode 100644
index ea8ea50cf7624e2c1464ac579e3cd60676c9ccfa..0000000000000000000000000000000000000000
--- a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/templates/serviceMonitor.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-{{- if .Values.serviceMonitor.enabled }}
-{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.serviceMonitor.enabled ) }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
- name: {{ include "nginx-public-ingress.fullname" . }}
- namespace: {{ default .Values.namespace .Release.Namespace }}
- labels:
- {{- include "nginx-public-ingress.labels" . | nindent 4 }}
- {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
-spec:
- endpoints:
- - honorLabels: true
- interval: 15s
- path: /metrics
- port: http
- scheme: http
- scrapeTimeout: 10s
- jobLabel: nginx-public-ingress
- namespaceSelector:
- matchNames:
- - {{ default .Values.namespace .Release.Namespace }}
- selector:
- matchLabels:
- {{- include "nginx-public-ingress.labels" . | nindent 6 }}
-{{- end }}
-{{- end }}
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/values.j2
deleted file mode 100644
index bfb60e8c8331b7111022528b6d454f5942c4988f..0000000000000000000000000000000000000000
--- a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/nginx-public-ingress/values.j2
+++ /dev/null
@@ -1,368 +0,0 @@
-#jinja2:lstrip_blocks: True
-
-namespace: {{ namespace }}
-merge_domain_status: {{ merge_domain_status | lower }}
-service:
- annotations: {{nginx_public_ingress_service_annotations | d('') | to_json}}
- type: {{ nginx_public_ingress_type | default('LoadBalancer') }}
- {% if nginx_public_ingress_ip is defined %}
- nginx_public_ingress_ip: {{ nginx_public_ingress_ip }}
- {% endif %}
- ports:
- - port: 80
- name: http
- targetPort: 80
- nodePort: 31880
- - port: 443
- name: https
- targetPort: 443
- nodePort: 31890
-
-{% if nginx_volumes is defined and nginx_volumes %}
-{#
-This is for custom nginx volume mount options in common.yaml
-example:
-nginx_volumes:
- volumes:
- - name: tls
- secret:
- secretName: ingress-cert
- - name: proxy-config
- configMap:
- name: proxy-default
- volumemounts:
- - name: tls
- mountPath: /etc/secrets
- readOnly: true
- - name: proxy-config
- mountPath: /etc/nginx/conf.d/default.conf
- subPath: proxy.default.conf
- readOnly: true
- - name: nginx-config
- mountPath: /etc/nginx/nginx.conf
- subPath: nginx.conf
- readOnly: true
-
-#}
-volumes: {{ nginx_volumes.volumes | to_json }}
-volumeMounts: {{ nginx_volumes.volumeMounts | to_json }}
-{% endif %}
-
-imagepullsecrets: {{ imagepullsecrets }}
-dockerhub: {{ dockerhub }}
-
-resources:
- requests:
- cpu: {{proxy_cpu_req|default('100m')}}
- memory: {{proxy_mem_req|default('100Mi')}}
- limits:
- cpu: {{proxy_cpu_limit|default('1')}}
- memory: {{proxy_mem_limit|default('1024Mi')}}
-
-repository: {{proxy_repository|default('proxy')}}
-image_tag: {{ image_tag }}
-
-proxyconfig: |-
- {% if proto=='https' %}
- server {
- listen 80;
- listen [::]:80;
- server_name {{ proxy_server_name }};
- {#
- custom nginx server config section
- eg:
- nginx_server_config: |
- if ($allowed_country = no) {
- return 444;
- }
- #}
-{% if nginx_server_config is defined and nginx_server_config %}
- {{ nginx_server_config | indent( width=4, indentfirst=True) }}
-{% endif %}
- # Limitting open connection per ip
- limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
- return 301 https://{{ proxy_server_name }}$request_uri;
- }
- {% endif %}
- server {
- {% if proto=='http' %}
- listen 80;
- listen [::]:80;
- {% else %}
- listen 443 ssl;
- ssl_certificate /etc/secrets/site.crt;
- ssl_certificate_key /etc/secrets/site.key;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
- {% endif %}
- server_name {{ proxy_server_name }};
- {#
- custom nginx server config section
- eg:
- nginx_server_config: |
- if ($allowed_country = no) {
- return 444;
- }
- #}
-{% if nginx_server_config is defined and nginx_server_config %}
- {{ nginx_server_config | indent( width=6, indentfirst=True) }}
-{% endif %}
- # Limitting open connection per ip
- limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-SSL on;
- proxy_set_header X-Forwarded-Proto $scheme;
- ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
- resolver {{ kube_dns_ip }} valid=30s;
-
-
- location / {
- rewrite ^/(.*) /$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://portal;
- }
- location /api/ {
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
- }
- location ~* ^/assets/public/(.*) {
- # Enabling cache for Response code 200
- expires 1M;
- add_header Pragma public;
- add_header Cache-Control "public";
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/javascript;
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
- }
- set $bucket "{{upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*";
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$bucket/$url_full;
- }
-
- if ( $arg_eHVyhwSdt ) {
- set $custom_header "Bearer $arg_eHVyhwSdt";
- }
- if ( $http_authorization ) {
- set $custom_header "$http_authorization";
- }
- include /etc/nginx/defaults.d/compression.conf;
- proxy_set_header Authorization $custom_header;
- rewrite ^/api/(.*) /$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- }
- }
-
-nginxconfig: |
- user nginx;
- worker_processes {{nginx_worker_processes | d("auto")}};
- {#
- Can add custom modules like
- eg:
- nginx_modules: |
- load_module modules/ngx_http_geoip2_module.so;
- load_module modules/ngx_stream_geoip2_module.so;
- #}
-{% if nginx_modules is defined and nginx_modules %}
- {{ nginx_modules | indent( width=2, indentfirst=True) }}
-{% endif %}
- error_log /var/log/nginx/error.log warn;
- pid /var/run/nginx.pid;
- events {
- worker_connections 10000;
- }
- http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- resolver {{ kube_dns_ip }} valid=30s;
- {#
- This is to define custom nginx_http_configs
- for example
- nginx_http_config: |
- geoip2 /usr/local/share/GeoLite2-Country.mmdb {
- $geoip2_data_country_iso_code country iso_code;
- }
- map $geoip2_data_country_iso_code $allowed_country {
- default no;
- IN no;
- }
- #}
-{% if nginx_http_config is defined and nginx_http_config %}
- {{ nginx_http_config | indent( width=7, indentfirst=True) }}
-{% endif %}
- lua_load_resty_core off;
- log_format main '{{ nginx_client_public_ip_header | d('$remote_addr') }} - $remote_user [$time_local] '
- '"$request" $status $request_length $body_bytes_sent'
- ' $request_time $upstream_response_time $pipe'
- ' "$http_referer" "$http_user_agent" "$sb_request_id"'
- ' "$http_x_device_id" "$http_x_channel_id" "$http_x_app_id"'
- ' "$http_x_app_ver" "$http_x_session_id" {{nginx_additional_log_fields | default("")}}';
- access_log /var/log/nginx/access.log main;
- # Shared dictionary to store metrics
- lua_shared_dict prometheus_metrics 100M;
- lua_package_path "/etc/nginx/lua_modules/?.lua";
- # Defining request_id
- # If the client send request_id it should be preffered over the default one
- map $http_x_request_id $sb_request_id {
- default $http_x_request_id;
- '' $request_id;
- }
- # Defining upstream cache status for nginx metrics
- map $upstream_cache_status $cache_status {
- default $upstream_cache_status;
- '' "NONE";
- }
-
- # Defining metrics
- init_worker_by_lua_block {
- prometheus = require("prometheus").init("prometheus_metrics")
- metric_requests = prometheus:counter(
- "nginx_http_requests_total", "Number of HTTP requests", {"host", "status", "request_method", "cache_status"})
- metric_latency = prometheus:histogram(
- "nginx_http_request_duration_seconds", "HTTP request latency", {"host"})
- metric_connections = prometheus:gauge(
- "nginx_http_connections", "Number of HTTP connections", {"state"})
- }
- log_by_lua_block {
- metric_requests:inc(1, {ngx.var.server_name, ngx.var.status, ngx.var.request_method, ngx.var.cache_status })
- metric_latency:observe(tonumber(ngx.var.request_time), {ngx.var.server_name})
- }
- header_filter_by_lua_block {
- ngx.header["server"] = nil
- }
- sendfile on;
- #tcp_nopush on;
- client_max_body_size 60M;
- keepalive_timeout 65s;
- keepalive_requests 200;
- # Nginx connection limit per ip
- limit_conn_zone $binary_remote_addr zone=limitbyaddr:10m;
- limit_conn_status 429;
- upstream kong {
- server kong:8000;
- keepalive 1000;
- }
- upstream portal {
- server inquiryportal-service:3000;
- keepalive 1000;
- }
- include /etc/nginx/defaults.d/*.conf;
- include /etc/nginx/conf.d/*.conf;
- #################
- # Caching Block #
- #################
- #
- # Keywords
- #
- # proxy_cache_path: path to store the cache content
- # level: how many directories we need, 1:2 means 1 parent directory, and another child directory before the cache content.
- # keys_zone: name of the cache and size of the keys store in RAM; 1‑MB zone can store data for about 8,000 keys
- # max_size: size of the cache content in disk
- # inactive: specifies how long an item can remain in the cache without being accessed. This doesn't value expiry time of cache. So keep it more than the expiry.
- # use_temp_path: do we have to write the cache to a temp path first? This will reduce the performance.
- #
- # caching for images and files
- {% for key,value in proxy_cache_path.items() %}
- proxy_cache_path {{value['path']}} levels={{value['levels']}} keys_zone={{value['keys_zone']}} max_size={{value['max_size']}} inactive={{value['inactive']}} use_temp_path=off;
- {% endfor %}
-
- server {
- listen 9145;
- location /metrics {
- content_by_lua_block {
- metric_connections:set(ngx.var.connections_reading, {"reading"})
- metric_connections:set(ngx.var.connections_waiting, {"waiting"})
- metric_connections:set(ngx.var.connections_writing, {"writing"})
- prometheus:collect()
- }
- }
- }
- }
-
-compressionConfig: |-
- # Compression
- gzip on;
- gzip_comp_level 5;
- gzip_min_length 256; # 256Bytes
- gzip_proxied any;
- gzip_vary on;
- # Content types for compression
- gzip_types
- application/atom+xml
- application/javascript
- application/json
- application/ld+json
- application/manifest+json
- application/rss+xml
- application/vnd.geo+json
- application/vnd.ms-fontobject
- application/x-font-ttf
- application/x-web-app-manifest+json
- application/xhtml+xml
- application/xml
- font/opentype
- image/bmp
- image/svg+xml
- image/x-icon
- text/cache-manifest
- text/css
- text/plain
- ;
-
-serviceMonitor:
- enabled: true
- labels: # labels with which the prometheus choose the serviceMonitor
- app: prometheus-operator
- release: prometheus-operator
-
-{# Add the apple site association json contents in a single line within single quotes as shown below in Core/common.yml #}
-{# apple_app_site_association: '{"applinks":{"apps":[],"details":[{"appID":"123456.dev.sunbird.app","paths":["/explore","/dial/*","/get/dial","/play/content","/play/collection","/learn/course","/explore-course/course","/explore-course","/search","/search/Library","/faq","/profile","/play/quiz","/explore","/learn","/resources"]}]}}' #}
-apple_universal_links: '{{ apple_app_site_association | default("") }}'
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/templates/configMap.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/templates/configMap.yaml
index 0f7f0dcc168f43eb11525d24104945c0eeec18cb..74df84ab6689d25bd046f622727b833c75707e06 100644
--- a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/templates/configMap.yaml
+++ b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/templates/configMap.yaml
@@ -19,26 +19,4 @@ data:
nginx.conf: |
{{ .Values.nginxconfig | indent 4 }}
----
-{{- if .Values.merge_domain_status }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: keycloak-conf
- namespace: {{ .Values.namespace }}
-data:
- keycloak.conf: |
-{{ .Values.keycloakconf | indent 4 }}
-{{- end }}
----
-{{- if .Values.apple_universal_links }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: apple-universal-links
- namespace: {{ .Values.namespace }}
-data:
- apple-app-site-association.json: |
-{{ .Values.apple_universal_links | indent 4 }}
-{{- end }}
\ No newline at end of file
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/templates/daemonset.yaml b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/templates/daemonset.yaml
index 01bfd608d4040ea19ef57c28bab0ec56ddf8e5e5..9efb6dff9f060837c4ec37f0e2e13b18d6d17dbf 100644
--- a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/templates/daemonset.yaml
+++ b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/templates/daemonset.yaml
@@ -34,12 +34,7 @@ spec:
name: proxy-default
- name: nginx-config
configMap:
- name: nginx-conf
-{{- if .Values.apple_universal_links }}
- - name: apple-site-association
- configMap:
- name: apple-universal-links
-{{- end }}
+ name: nginx-conf
{{- if .Values.volumes }}
{{ toYaml .Values.volumes | indent 8 }}
{{- end }}
@@ -56,11 +51,7 @@ spec:
mountPath: /etc/nginx/defaults.d
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
- subPath: nginx.conf
-{{- if .Values.apple_universal_links }}
- - name: apple-site-association
- mountPath: /var/www/html
-{{- end }}
+ subPath: nginx.conf
{{- if .Values.volumeMounts }}
{{ toYaml .Values.volumeMounts | indent 10 }}
{{- end }}
diff --git a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/values.j2
index c1331e76a55c51bbd691a7fabb409f8cbfa17cdd..bfb60e8c8331b7111022528b6d454f5942c4988f 100644
--- a/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/values.j2
+++ b/kubernetes/helm_charts/core/nginx-public-ingress/nginx-public-ingress/values.j2
@@ -12,11 +12,11 @@ service:
- port: 80
name: http
targetPort: 80
- nodePort: 31380
+ nodePort: 31880
- port: 443
name: https
targetPort: 443
- nodePort: 31390
+ nodePort: 31890
{% if nginx_volumes is defined and nginx_volumes %}
{#
@@ -30,9 +30,6 @@ nginx_volumes:
- name: proxy-config
configMap:
name: proxy-default
- - name: nginx-config
- configMap:
- name: nginx-conf
volumemounts:
- name: tls
mountPath: /etc/secrets
@@ -44,7 +41,8 @@ nginx_volumes:
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- readOnly: true
+ readOnly: true
+
#}
volumes: {{ nginx_volumes.volumes | to_json }}
volumeMounts: {{ nginx_volumes.volumeMounts | to_json }}
@@ -97,7 +95,7 @@ proxyconfig: |-
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
{% endif %}
- server_name *.{{ proxy_server_name }} {{ proxy_server_name }};
+ server_name {{ proxy_server_name }};
{#
custom nginx server config section
eg:
@@ -108,604 +106,50 @@ proxyconfig: |-
#}
{% if nginx_server_config is defined and nginx_server_config %}
{{ nginx_server_config | indent( width=6, indentfirst=True) }}
-{% endif %}
- # Limitting open connection per ip
- limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-SSL on;
- proxy_set_header X-Forwarded-Proto $scheme;
- ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
- resolver {{ kube_dns_ip }} valid=30s;
- # Mobile Devices Refresh token Endpoints
- location ~* ^/auth/v1/refresh/token {
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- }
- # Admin API Endpoints for sunbird realm fpr forgot password flow
- location ~ /auth/admin/realms/sunbird/users/ {
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_pass http://keycloak;
- }
- # Sunbird realm keycloak API endpoints
- location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) {
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_pass http://keycloak;
- }
- # Static Assets for keycloak endpoints with caching
- location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) {
- # Enabling caching
- proxy_cache_key $proxy_host$request_uri;
- proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_pass http://keycloak;
- }
- # This is Caching mechanism for POST requests location search
- location ~ /learner/data/v1/location/search {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_methods GET HEAD POST;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://player;
- }
- # Caching for content consumption
- location ~ /api/(content/v1/read|course/v1/hierarchy|course/v1/batch/read) {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_methods GET HEAD POST;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}};
- # Increasing the proxy buffer size
- proxy_buffer_size 16k;
- proxy_busy_buffers_size 16k;
- rewrite ^/api/(.*) /$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_pass http://kong;
- }
- # This is Caching mechanism for Content search
- location ~ /api/content/v1/search {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.large_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_methods GET HEAD POST;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.medium_validity}};
- # Increasing the proxy buffer size
- proxy_buffer_size 16k;
- proxy_busy_buffers_size 16k;
- rewrite ^/api/(.*) /$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_pass http://kong;
- }
- # This is Caching mechanism for POST requests
- location ~ /api/data/v1/form/read {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_methods GET HEAD POST;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- rewrite ^/api/(.*) /$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- }
- location ~ /api/(framework/v1/read|data/v1/system/settings/get|org/v1/search|org/v2/search|data/v1/location/search) {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_methods GET HEAD POST;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- rewrite ^/api/(.*) /$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_buffer_size 16k;
- proxy_busy_buffers_size 16k;
- proxy_pass http://kong;
- }
- location /api/ {
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
- }
- if ( $arg_eHVyhwSdt ) {
- set $custom_header "Bearer $arg_eHVyhwSdt";
- }
- if ( $http_authorization ) {
- set $custom_header "$http_authorization";
- }
- include /etc/nginx/defaults.d/compression.conf;
- proxy_set_header Authorization $custom_header;
- rewrite ^/api/(.*) /$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- }
- # Oauth2 config
- location /oauth2/ {
- set $target http://oauth2-proxy.logging.svc.cluster.local;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Auth-Request-Redirect $request_uri;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass $target;
- }
- location = /oauth2/auth {
- set $target http://oauth2-proxy.logging.svc.cluster.local;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- # nginx auth_request includes headers but not body
- proxy_set_header Content-Length "";
- proxy_pass_request_body off;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass $target;
- }
-{% if graylog_open_to_public %}
- location /graylog/ {
- auth_request /oauth2/auth;
- error_page 401 = /oauth2/sign_in;
- # Setting target url
- auth_request_set $target http://graylog.logging.svc.cluster.local;
- # pass information via X-User and X-Email headers to backend,
- # requires running with --set-xauthrequest flag
- auth_request_set $user $upstream_http_x_auth_request_user;
- auth_request_set $email $upstream_http_x_auth_request_email;
- proxy_set_header X-User $user;
- proxy_set_header X-Email $email;
- # if you enabled --cookie-refresh, this is needed for it to work with auth_request
- auth_request_set $auth_cookie $upstream_http_set_cookie;
- add_header Set-Cookie $auth_cookie;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Server $host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header Graylog-User viewer;
- proxy_set_header X-Graylog-Server-URL {{proto}}://{{ proxy_server_name }}/graylog/;
- rewrite ^/graylog/(.*)$ /$1 break;
- proxy_pass $target;
- }
- location /dashboard {
- return 301 /graylog/;
- }
-{% else %}
- location /dashboard/ {
- auth_request /oauth2/auth;
- error_page 401 = /oauth2/sign_in;
- # Setting target url
- auth_request_set $target http://{{ kibana_service }};
- # pass information via X-User and X-Email headers to backend,
- # requires running with --set-xauthrequest flag
- auth_request_set $user $upstream_http_x_auth_request_user;
- auth_request_set $email $upstream_http_x_auth_request_email;
- proxy_set_header X-User $user;
- proxy_set_header X-Email $email;
- # if you enabled --cookie-refresh, this is needed for it to work with auth_request
- auth_request_set $auth_cookie $upstream_http_set_cookie;
- add_header Set-Cookie $auth_cookie;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass $target;
- }
-{% endif %}
- location /oauth3 {
- set $target http://oauth2-proxy.monitoring.svc.cluster.local;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Auth-Request-Redirect $request_uri;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass $target;
- }
- location = /oauth3/auth {
- set $target http://oauth2-proxy.monitoring.svc.cluster.local;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header Content-Length "";
- proxy_pass_request_body off;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass $target;
- }
- location /grafana/ {
- auth_request /oauth3/auth;
- error_page 401 = /oauth3/sign_in;
- auth_request_set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local;
- include /etc/nginx/defaults.d/compression.conf;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- set $target http://prometheus-operator-grafana.monitoring.svc.cluster.local;
- rewrite ^/grafana/(.*) /$1 break;
- proxy_pass $target;
- }
- location /encryption/ {
- set $target http://encryption.{{ namespace }}.svc.cluster.local;
- rewrite ^/encryption/(.*) /$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 1;
- proxy_send_timeout 30;
- proxy_read_timeout 40;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-For $http_x_forwarded_for;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass $target;
- }
- location /discussions/ {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Host $http_host;
- proxy_set_header X-NginX-Proxy true;
- proxy_redirect off;
- # Socket.IO Support
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- set $target http://nodebb-service.{{ namespace }}.svc.cluster.local:4567;
- #rewrite ^/discussions/(.*) /$1 break;
- proxy_pass $target;
- }
- location ~* ^/assets/public/(.*) {
- # Enabling cache for Response code 200
- expires 1M;
- add_header Pragma public;
- add_header Cache-Control "public";
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/javascript;
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
- }
- set $bucket "{{upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*";
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$bucket/$url_full;
- }
- location ~* ^/content/preview/(.*) {
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
- }
- set $s3_bucket "{{plugin_upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$s3_bucket/v3/preview/$url_full;
- }
- location ~ /content-editor/telemetry|collection-editor/telemetry {
- rewrite ^/(.*) /$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://player;
- }
- location ~* ^/content-editor/(.*) {
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
- }
- set $s3_bucket "{{plugin_upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$s3_bucket/content-editor/$url_full;
- }
- location ~* ^/discussion-ui/(.*) {
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
- set $s3_bucket "{{discussion_upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{discussion_upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$s3_bucket/discussion-ui/$url_full;
- }
- location ~* ^/collection-editor/(.*) {
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
- }
- set $s3_bucket "{{plugin_upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods GET;
+{% endif %}
+ # Limitting open connection per ip
+ limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
+ proxy_set_header X-Forwarded-SSL on;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
+ resolver {{ kube_dns_ip }} valid=30s;
+
+
+ location / {
+ rewrite ^/(.*) /$1 break;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
+ proxy_set_header X-Scheme $scheme;
+ proxy_connect_timeout 5;
+ proxy_send_timeout 60;
+ proxy_read_timeout 70;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Connection "";
+ proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$s3_bucket/collection-editor/$url_full;
+ proxy_pass http://portal;
}
- location ~* ^/generic-editor/(.*) {
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
+ location /api/ {
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
+ add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id, Content-Encoding";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
- set $s3_bucket "{{plugin_upstream_url}}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$s3_bucket/generic-editor/$url_full;
- }
- location ~* ^/content-plugins/(.*) {
+ location ~* ^/assets/public/(.*) {
# Enabling cache for Response code 200
expires 1M;
add_header Pragma public;
add_header Cache-Control "public";
# Enabling compression
- gzip on;
+ gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
+ gzip_types application/javascript application/x-javascript text/javascript;
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
@@ -715,10 +159,10 @@ proxyconfig: |-
add_header Content-Type text/plain;
return 200;
}
- set $s3_bucket "{{plugin_upstream_url}}";
+ set $bucket "{{upstream_url}}";
set $url_full '$1';
proxy_http_version 1.1;
- proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
+ proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}";
proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
@@ -731,202 +175,18 @@ proxyconfig: |-
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods GET;
proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$s3_bucket/content-plugins/$url_full;
- }
- location /thirdparty {
- # Enabling cache for Response code 200
- expires 1M;
- add_header Pragma public;
- add_header Cache-Control "public";
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
- rewrite ^/(.*) /$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://player;
+ proxy_pass https://$bucket/$url_full;
}
- location ~* ^/desktop/(.*) {
- # Enabling cache for Response code 200
- expires 1M;
- add_header Pragma public;
- add_header Cache-Control "public";
- # Enabling compression
- gzip on;
- gzip_min_length 100000;
- gzip_proxied expired no-cache no-store private auth;
- gzip_types application/javascript application/x-javascript text/css text/javascript;
- if ($request_method = OPTIONS ) {
- add_header Access-Control-Allow-Origin "*" ;
- add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
- add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
- # add_header Access-Control-Allow-Credentials "true";
- add_header Content-Length 0;
- add_header Content-Type text/plain;
- return 200;
+
+ if ( $arg_eHVyhwSdt ) {
+ set $custom_header "Bearer $arg_eHVyhwSdt";
+ }
+ if ( $http_authorization ) {
+ set $custom_header "$http_authorization";
}
- set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}";
- set $url_full '$1';
- proxy_http_version 1.1;
- proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}";
- proxy_set_header Authorization '';
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Methods;
- proxy_hide_header x-amz-id-2;
- proxy_hide_header x-amz-request-id;
- proxy_hide_header Set-Cookie;
- proxy_ignore_headers "Set-Cookie";
- proxy_buffering off;
- proxy_intercept_errors on;
- add_header Access-Control-Allow-Origin "*";
- add_header Access-Control-Allow-Methods GET;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass https://$offline_bucket/$url_full;
- }
- # compression for svg certs download
- location /api/certreg/v2/certs/download {
- rewrite ^/api/(.*) /$1 break;
- include /etc/nginx/defaults.d/compression.conf;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For $remote_addr;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- }
- location /learner/certreg/v2/certs/download {
- # Compression
- gzip on;
- gzip_comp_level 5;
- gzip_min_length 50000; # 50KB
- gzip_proxied any;
- gzip_vary on;
- # Content types for compression
- gzip_types
- application/atom+xml
- application/javascript
- application/json
- application/ld+json
- application/manifest+json
- application/rss+xml
- application/vnd.geo+json
- application/vnd.ms-fontobject
- application/x-font-ttf
- application/x-web-app-manifest+json
- application/xhtml+xml
- application/xml
- font/opentype
- image/bmp
- image/svg+xml
- image/x-icon
- text/cache-manifest
- text/css
- text/plain
- add_header test hello;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://player;
- }
- location / {
- rewrite ^/(.*) /$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://player;
- }
- location /v3/device/register {
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- proxy_set_header Connection "";
- rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- }
- location /action/data/v3/metrics {
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- proxy_set_header Connection "";
- rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break;
- proxy_http_version 1.1;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- }
- location ~ /resourcebundles/v1/read|/learner/data/v1/(role/read|system/settings/get)|/v1/tenant/info {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://player;
- }
- location /api/channel/v1/read {
- # Enabling compression
include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.medium_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- rewrite ^/api/channel/v1/read/(.*) /channel/v1/read/$1 break;
+ proxy_set_header Authorization $custom_header;
+ rewrite ^/api/(.*) /$1 break;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
@@ -938,49 +198,8 @@ proxyconfig: |-
proxy_http_version 1.1;
proxy_set_header X-Request-ID $sb_request_id;
proxy_pass http://kong;
- }
- location ~ ^/chatapi/ {
- set $target http://router-service.{{ namespace }}.svc.cluster.local:8000;
- rewrite ^/chatapi/(.*) /$1 break;
- proxy_pass $target;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- }
- location /oauth2callback {
- return 200 'OK';
- add_header Content-Type text/plain;
- }
- location /dial/ {
- if ($dial_upstream_host = kong) {
- rewrite ^/dial/(.*) /api/dialcode/v2/read/$1;
- }
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://$dial_upstream_host;
- }
-{% if apple_app_site_association is defined %}
- location /apple-app-site-association {
- alias /var/www/html/;
- index apple-app-site-association.json;
- }
-{% endif %}
- {# Including custom configuration #}
- {{ proxy_custom_config }}}
+ }
+ }
nginxconfig: |
user nginx;
@@ -1041,10 +260,7 @@ nginxconfig: |
default $upstream_cache_status;
'' "NONE";
}
- map $http_accept $dial_upstream_host {
- default player;
- application/ld+json kong;
- }
+
# Defining metrics
init_worker_by_lua_block {
prometheus = require("prometheus").init("prometheus_metrics")
@@ -1074,16 +290,8 @@ nginxconfig: |
server kong:8000;
keepalive 1000;
}
- upstream encryption {
- server enc-service:8013;
- keepalive 1000;
- }
- upstream keycloak {
- server {{ keycloak_url.split('//')[-1] }};
- keepalive 1000;
- }
- upstream player {
- server player:3000;
+ upstream portal {
+ server inquiryportal-service:3000;
keepalive 1000;
}
include /etc/nginx/defaults.d/*.conf;
@@ -1117,116 +325,8 @@ nginxconfig: |
}
}
}
- }
-
-keycloakconf: |
- server {
- listen 80;
- listen [::]:80;
- server_name {{ merge_proxy_server_name }};
- # Limitting open connection per ip
- limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
- return 301 https://{{ merge_proxy_server_name }}$request_uri;
- }
- server {
- listen 443 ssl;
- ssl_certificate /etc/secrets-merge/tls.crt;
- ssl_certificate_key /etc/secrets-merge/tls.key;
- server_name {{ merge_proxy_server_name }};
- # Limitting open connection per ip
- limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-SSL on;
- proxy_set_header X-Forwarded-Proto $scheme;
- ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
- resolver 127.0.0.11 valid=5s;
- # Refresh token endpoint being routed to kong
- location ~* ^/auth/v1/refresh/token {
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_pass http://kong;
- }
- # Admin API Endpoints for sunbird realm fpr forgot password flow
- location ~ /auth/admin/realms/sunbird/users/ {
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_pass http://keycloak;
- }
- # Sunbird realm keycloak API endpoints
- location ~ /auth/realms/sunbird/(get-required-action-link|login-actions/(action-token|authenticate|required-action)|protocol/openid-connect/(auth|certs|logout|token|userinfo)|.well-known/openid-configuration) {
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header X-Request-ID $sb_request_id;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_pass http://keycloak;
- }
- # Static Assets for keycloak endpoints with caching
- location ~ /auth/(resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))|welcome-content/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css))) {
- # Enabling compression
- include /etc/nginx/defaults.d/compression.conf;
- # Enabling caching
- # caching include Accept-Encoding header also, to provide gziped or plain content as per request
- proxy_cache_key "$http_accept_encoding|$request_uri|$request_body";
- proxy_cache {{proxy_cache_path.small_cache.keys_zone.split(':') | first}};
- add_header X-Proxy-Cache $upstream_cache_status;
- add_header X-Proxy-Cache-Date $upstream_http_date;
- proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
- proxy_cache_revalidate on;
- proxy_cache_background_update on;
- proxy_cache_lock on;
- proxy_cache_valid 200 {{proxy_cache_valid.long_validity}};
- rewrite ^/auth/(.*) /auth/$1 break;
- proxy_set_header Connection "";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Forwarded-For {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_http_version 1.1;
- proxy_pass http://keycloak;
- }
- location / {
- rewrite ^/(.*) /$1 break;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
- proxy_set_header X-Scheme $scheme;
- proxy_connect_timeout 5;
- proxy_send_timeout 60;
- proxy_read_timeout 70;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_http_version 1.1;
- proxy_set_header X-Request-ID $request_id;
- proxy_pass http://player;
- }
- }
-
+ }
+
compressionConfig: |-
# Compression
gzip on;
@@ -1265,4 +365,4 @@ serviceMonitor:
{# Add the apple site association json contents in a single line within single quotes as shown below in Core/common.yml #}
{# apple_app_site_association: '{"applinks":{"apps":[],"details":[{"appID":"123456.dev.sunbird.app","paths":["/explore","/dial/*","/get/dial","/play/content","/play/collection","/learn/course","/explore-course/course","/explore-course","/search","/search/Library","/faq","/profile","/play/quiz","/explore","/learn","/resources"]}]}}' #}
-apple_universal_links: '{{ apple_app_site_association | default("") }}'
\ No newline at end of file
+apple_universal_links: '{{ apple_app_site_association | default("") }}'