diff --git a/3node/helm-charts/nginx-private-ingress/.helmignore b/kubernetes/helm_charts/nginx-private-ingress/.helmignore
similarity index 100%
rename from 3node/helm-charts/nginx-private-ingress/.helmignore
rename to kubernetes/helm_charts/nginx-private-ingress/.helmignore
diff --git a/3node/helm-charts/nginx-private-ingress/Chart.yaml b/kubernetes/helm_charts/nginx-private-ingress/Chart.yaml
similarity index 100%
rename from 3node/helm-charts/nginx-private-ingress/Chart.yaml
rename to kubernetes/helm_charts/nginx-private-ingress/Chart.yaml
diff --git a/3node/helm-charts/nginx-private-ingress/templates/_helpers.tpl b/kubernetes/helm_charts/nginx-private-ingress/templates/_helpers.tpl
similarity index 100%
rename from 3node/helm-charts/nginx-private-ingress/templates/_helpers.tpl
rename to kubernetes/helm_charts/nginx-private-ingress/templates/_helpers.tpl
diff --git a/3node/helm-charts/nginx-private-ingress/templates/configMap.yaml b/kubernetes/helm_charts/nginx-private-ingress/templates/configMap.yaml
similarity index 100%
rename from 3node/helm-charts/nginx-private-ingress/templates/configMap.yaml
rename to kubernetes/helm_charts/nginx-private-ingress/templates/configMap.yaml
diff --git a/3node/helm-charts/nginx-private-ingress/templates/deployment.yaml b/kubernetes/helm_charts/nginx-private-ingress/templates/deployment.yaml
similarity index 100%
rename from 3node/helm-charts/nginx-private-ingress/templates/deployment.yaml
rename to kubernetes/helm_charts/nginx-private-ingress/templates/deployment.yaml
diff --git a/3node/helm-charts/nginx-private-ingress/values.j2 b/kubernetes/helm_charts/nginx-private-ingress/values.j2
similarity index 100%
rename from 3node/helm-charts/nginx-private-ingress/values.j2
rename to kubernetes/helm_charts/nginx-private-ingress/values.j2
diff --git a/kubernetes/helm_charts/nginx-private-ingress/values.yaml b/kubernetes/helm_charts/nginx-private-ingress/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e595e74f94c3c2024ac0af6252724c8f9b7e73c1
--- /dev/null
+++ b/kubernetes/helm_charts/nginx-private-ingress/values.yaml
@@ -0,0 +1 @@
+namespace: {{ env }}
diff --git a/kubernetes/helm_charts/nginx-public-ingress/.helmignore b/kubernetes/helm_charts/nginx-public-ingress/.helmignore
new file mode 100644
index 0000000000000000000000000000000000000000..50af0317254197a5a019f4ac2f8ecc223f93f5a7
--- /dev/null
+++ b/kubernetes/helm_charts/nginx-public-ingress/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/kubernetes/helm_charts/nginx-public-ingress/Chart.yaml b/kubernetes/helm_charts/nginx-public-ingress/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ded713533bb5c24ba7e77aa365a93af917d3685e
--- /dev/null
+++ b/kubernetes/helm_charts/nginx-public-ingress/Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v2
+name: nginx-public-ingress
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application.
+appVersion: 1.16.0
diff --git a/kubernetes/helm_charts/nginx-public-ingress/templates/_helpers.tpl b/kubernetes/helm_charts/nginx-public-ingress/templates/_helpers.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..0af5bc238a4e98266988def11468971eef84b9c4
--- /dev/null
+++ b/kubernetes/helm_charts/nginx-public-ingress/templates/_helpers.tpl
@@ -0,0 +1,63 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "nginx-public-ingress.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "nginx-public-ingress.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "nginx-public-ingress.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "nginx-public-ingress.labels" -}}
+helm.sh/chart: {{ include "nginx-public-ingress.chart" . }}
+{{ include "nginx-public-ingress.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "nginx-public-ingress.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "nginx-public-ingress.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "nginx-public-ingress.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "nginx-public-ingress.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/helm_charts/nginx-public-ingress/templates/configMap.yaml b/kubernetes/helm_charts/nginx-public-ingress/templates/configMap.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..54a469558fc7c355204ac0c9bb48ff97d10ff1c2
--- /dev/null
+++ b/kubernetes/helm_charts/nginx-public-ingress/templates/configMap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: proxy-default
+data:
+ proxy-default.conf: |
+ {{ .Values.proxyconfig | nindent 4 }}
diff --git a/kubernetes/helm_charts/nginx-public-ingress/templates/deployment.yaml b/kubernetes/helm_charts/nginx-public-ingress/templates/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0824f6753585155775548428471cb7fc19065b2a
--- /dev/null
+++ b/kubernetes/helm_charts/nginx-public-ingress/templates/deployment.yaml
@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "nginx-public-ingress.fullname" . }}
+ labels:
+ {{- include "nginx-public-ingress.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "nginx-public-ingress.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "nginx-public-ingress.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "nginx-public-ingress.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - name: http
+ containerPort: 80
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /
+ port: http
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/kubernetes/helm_charts/nginx-public-ingress/values.j2 b/kubernetes/helm_charts/nginx-public-ingress/values.j2
new file mode 100644
index 0000000000000000000000000000000000000000..9e32de597ea12ba905a5163475221436a7386852
--- /dev/null
+++ b/kubernetes/helm_charts/nginx-public-ingress/values.j2
@@ -0,0 +1,506 @@
+namespace: {{ namespace }}
+proxyconfig: |
+ {% if proto=='https' %}
+ server {
+ listen 80;
+ listen [::]:80;
+ server_name {{ proxy_server_name }};
+ # Limitting open connection per ip
+ limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
+
+ return 301 https://{{ proxy_server_name }}$request_uri;
+ }
+ {% endif %}
+ server {
+ {% if proto=='http' %}
+ listen 80;
+ listen [::]:80;
+ {% else %}
+ listen 443 ssl;
+ ssl_certificate /run/secrets/site.crt;
+ ssl_certificate_key /run/secrets/site.key;
+ {% endif %}
+ server_name {{ proxy_server_name }};
+
+ # Limitting open connection per ip
+ limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-SSL on;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
+ resolver 127.0.0.11 valid=5s;
+
+ location ~* ^/auth/realms/(.+)/token/introspect/ {
+ return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect;
+ }
+ location ~* ^/auth/realms/(.+)/token/ {
+ return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/;
+ }
+ location ~* ^/auth/realms/(.+)/userinfo/ {
+ return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/;
+ }
+ location ~* ^/auth/realms/(.+)/logout/ {
+ return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/;
+ }
+ location ~* ^/auth/realms/(.+)/certs/ {
+ return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/;
+ }
+ location ~* ^/auth/realms/(.+)/clients-registrations/ {
+ return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/;
+ }
+
+ location ~* ^/auth/v1/refresh/token {
+ set $target http://player:3000;
+ rewrite ^/auth/(.*) /auth/$1 break;
+ proxy_pass $target;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ }
+
+ location ~* ^/auth/admin/master/console/ {
+ return 301 {{proto}}://{{ proxy_server_name }};
+ }
+
+ location /auth/ {
+ set $target {{ keycloak_url }};
+ rewrite ^/auth/(.*) /auth/$1 break;
+ proxy_pass $target;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+ location /registry/ {
+ set $target http://registry_registry:8080;
+ rewrite ^/registry/(.*) /$1 break;
+ proxy_pass $target;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_connect_timeout 1;
+ proxy_send_timeout 30;
+ proxy_read_timeout 40;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ # root /usr/share/nginx/www;
+ }
+ location /api/ {
+ if ($request_method = OPTIONS ) {
+ add_header Access-Control-Allow-Origin "*" ;
+ add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
+ add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
+ add_header Content-Length 0;
+ add_header Content-Type text/plain;
+ return 200;
+ }
+ client_max_body_size 60M;
+ rewrite ^/api/(.*) /$1 break;
+ proxy_set_header Connection "";
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_connect_timeout 5;
+ proxy_send_timeout 60;
+ proxy_read_timeout 70;
+ proxy_http_version 1.1;
+ header_filter_by_lua_block {
+ local h = ngx.req.get_headers()
+
+ ngx.log(ngx.WARN, "Deviceid: ", h["x-device-id"], " Channelid: ", h["x-channel-id"], " Appid: ", h["x-app-id"])
+ }
+ proxy_pass http://kong;
+ }
+
+ # Oauth2 config
+ location /oauth2/ {
+ set $target http://{{swarm_dashboard}}:4111;
+ proxy_pass $target;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_set_header X-Auth-Request-Redirect $request_uri;
+ }
+
+ location = /oauth2/auth {
+ set $target http://{{swarm_dashboard}}:4111;
+ proxy_pass $target;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ # nginx auth_request includes headers but not body
+ proxy_set_header Content-Length "";
+ proxy_pass_request_body off;
+ }
+
+ location /dashboard/ {
+ auth_request /oauth2/auth;
+ error_page 401 = /oauth2/sign_in;
+
+ # Setting target url
+ auth_request_set $target http://{{swarm_dashboard}}:5601;
+ # pass information via X-User and X-Email headers to backend,
+ # requires running with --set-xauthrequest flag
+ auth_request_set $user $upstream_http_x_auth_request_user;
+ auth_request_set $email $upstream_http_x_auth_request_email;
+ proxy_set_header X-User $user;
+ proxy_set_header X-Email $email;
+
+ # if you enabled --cookie-refresh, this is needed for it to work with auth_request
+ auth_request_set $auth_cookie $upstream_http_set_cookie;
+ add_header Set-Cookie $auth_cookie;
+ rewrite ^/dashboard/(.*) /$1 break;
+ proxy_pass $target;
+
+ }
+
+ location /dashboard-old/ {
+ auth_request /oauth2/auth;
+ error_page 401 = /oauth2/sign_in;
+
+ # Setting target url
+ auth_request_set $target http://{{swarm_dashboard}}:5602;
+ # pass information via X-User and X-Email headers to backend,
+ # requires running with --set-xauthrequest flag
+ auth_request_set $user $upstream_http_x_auth_request_user;
+ auth_request_set $email $upstream_http_x_auth_request_email;
+ proxy_set_header X-User $user;
+ proxy_set_header X-Email $email;
+
+ # if you enabled --cookie-refresh, this is needed for it to work with auth_request
+ auth_request_set $auth_cookie $upstream_http_set_cookie;
+ add_header Set-Cookie $auth_cookie;
+ rewrite ^/dashboard-old/(.*) /$1 break;
+ proxy_pass $target;
+
+ }
+
+ location /pipeline-dashboard/ {
+ auth_request /oauth2/auth;
+ error_page 401 = /oauth2/sign_in;
+
+ # Setting Target url
+ auth_request_set $target http://{{ ep_es_host}}:5601;
+
+ # pass information via X-User and X-Email headers to backend,
+ # requires running with --set-xauthrequest flag
+ auth_request_set $user $upstream_http_x_auth_request_user;
+ auth_request_set $email $upstream_http_x_auth_request_email;
+ proxy_set_header X-User $user;
+ proxy_set_header X-Email $email;
+
+ # if you enabled --cookie-refresh, this is needed for it to work with auth_request
+ auth_request_set $auth_cookie $upstream_http_set_cookie;
+ add_header Set-Cookie $auth_cookie;
+
+ rewrite ^/pipeline-dashboard/(.*) /$1 break;
+ proxy_pass $target;
+
+ }
+
+ location /grafana/ {
+ set $target http://{{swarm_dashboard}}:3001;
+ rewrite ^/grafana/(.*) /$1 break;
+ proxy_pass $target;
+ }
+
+ {% if proxy_prometheus==true %}
+ location /{{prometheus_alertmanager_route_prefix}}/ {
+ set $target http://monitor_alertmanager:9093;
+ rewrite ^/{{prometheus_alertmanager_route_prefix}}/(.*) /{{prometheus_alertmanager_route_prefix}}/$1 break;
+ proxy_pass $target;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_connect_timeout 1;
+ proxy_send_timeout 30;
+ proxy_read_timeout 40;
+
+ auth_basic "Prometheus Alert manager";
+ auth_basic_user_file /run/secrets/prom_admin_creds;
+ }
+
+ location /{{prometheus_route_prefix}}/ {
+ set $target http://monitor_prometheus:9090;
+ rewrite ^/(.*) /$1 break;
+ proxy_pass $target;
+ }
+ {% endif %}
+
+ location /encryption/ {
+ set $target http://encryption-service:8013;
+ rewrite ^/encryption/(.*) /$1 break;
+ proxy_pass $target;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_connect_timeout 1;
+ proxy_send_timeout 30;
+ proxy_read_timeout 40;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ # root /usr/share/nginx/www;
+ }
+
+
+ location /badging/ {
+ set $target http://badger-service:8004;
+ rewrite ^/badging/(.*) /$1 break;
+ proxy_pass $target;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_connect_timeout 1;
+ proxy_send_timeout 30;
+ proxy_read_timeout 40;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ }
+
+
+ location ~* ^/assets/public/(.*) {
+ # Enabling cache for Response code 200
+ expires 1M;
+ add_header Pragma public;
+ add_header Cache-Control "public";
+
+ # Enabling compression
+ gzip on;
+ gzip_min_length 100000;
+ gzip_proxied expired no-cache no-store private auth;
+ gzip_types application/javascript application/x-javascript text/javascript;
+
+ if ($request_method = OPTIONS ) {
+ add_header Access-Control-Allow-Origin "*" ;
+ add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
+ add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
+ # add_header Access-Control-Allow-Credentials "true";
+ add_header Content-Length 0;
+ add_header Content-Type text/plain;
+ return 200;
+ }
+
+ set $bucket "{{upstream_url}}";
+ set $url_full '$1';
+ proxy_http_version 1.1;
+ proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}";
+ proxy_set_header Authorization '';
+ proxy_hide_header Access-Control-Allow-Origin;
+ proxy_hide_header Access-Control-Allow-Methods;
+ proxy_hide_header x-amz-id-2;
+ proxy_hide_header x-amz-request-id;
+ proxy_hide_header Set-Cookie;
+ proxy_ignore_headers "Set-Cookie";
+ proxy_buffering off;
+ proxy_intercept_errors on;
+ add_header Access-Control-Allow-Origin "*";
+ add_header Access-Control-Allow-Methods GET;
+ proxy_pass https://$bucket/$url_full;
+ }
+
+
+ location ~* ^/content/preview/(.*) {
+ # Enabling compression
+ gzip on;
+ gzip_min_length 100000;
+ gzip_proxied expired no-cache no-store private auth;
+ gzip_types application/javascript application/x-javascript text/css text/javascript;
+
+ if ($request_method = OPTIONS ) {
+ add_header Access-Control-Allow-Origin "*" ;
+ add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
+ add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
+ # add_header Access-Control-Allow-Credentials "true";
+ add_header Content-Length 0;
+ add_header Content-Type text/plain;
+ return 200;
+ }
+
+ set $s3_bucket "{{plugin_upstream_url}}";
+ set $url_full '$1';
+ proxy_http_version 1.1;
+ proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
+ proxy_set_header Authorization '';
+ proxy_hide_header Access-Control-Allow-Origin;
+ proxy_hide_header Access-Control-Allow-Methods;
+ proxy_hide_header x-amz-id-2;
+ proxy_hide_header x-amz-request-id;
+ proxy_hide_header Set-Cookie;
+ proxy_ignore_headers "Set-Cookie";
+ proxy_buffering off;
+ proxy_intercept_errors on;
+ add_header Access-Control-Allow-Origin "*" ;
+ add_header Access-Control-Allow-Methods GET;
+ proxy_pass https://$s3_bucket/v3/preview/$url_full;
+ }
+
+ location ~* ^/content-plugins/(.*) {
+ # Enabling cache for Response code 200
+ expires 1M;
+ add_header Pragma public;
+ add_header Cache-Control "public";
+
+ # Enabling compression
+ gzip on;
+ gzip_min_length 100000;
+ gzip_proxied expired no-cache no-store private auth;
+ gzip_types application/javascript application/x-javascript text/css text/javascript;
+
+ if ($request_method = OPTIONS ) {
+ add_header Access-Control-Allow-Origin "*" ;
+ add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
+ add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
+ # add_header Access-Control-Allow-Credentials "true";
+ add_header Content-Length 0;
+ add_header Content-Type text/plain;
+ return 200;
+ }
+ set $s3_bucket "{{plugin_upstream_url}}";
+
+ set $url_full '$1';
+ proxy_http_version 1.1;
+ proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
+ proxy_set_header Authorization '';
+ proxy_hide_header Access-Control-Allow-Origin;
+ proxy_hide_header Access-Control-Allow-Methods;
+ proxy_hide_header x-amz-id-2;
+ proxy_hide_header x-amz-request-id;
+ proxy_hide_header Set-Cookie;
+ proxy_ignore_headers "Set-Cookie";
+ proxy_buffering off;
+ proxy_intercept_errors on;
+ add_header Access-Control-Allow-Origin "*";
+ add_header Access-Control-Allow-Methods GET;
+ proxy_pass https://$s3_bucket/content-plugins/$url_full;
+ }
+
+ location /thirdparty {
+ # Enabling cache for Response code 200
+ expires 1M;
+ add_header Pragma public;
+ add_header Cache-Control "public";
+
+ # Enabling compression
+ gzip on;
+ gzip_min_length 100000;
+ gzip_proxied expired no-cache no-store private auth;
+ gzip_types application/javascript application/x-javascript text/css text/javascript;
+
+ rewrite ^/(.*) /$1 break;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_connect_timeout 5;
+ proxy_send_timeout 60;
+ proxy_read_timeout 70;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Connection "";
+ proxy_http_version 1.1;
+ proxy_pass http://player;
+ }
+
+ location ~* ^/desktop/(.*) {
+ # Enabling cache for Response code 200
+ expires 1M;
+ add_header Pragma public;
+ add_header Cache-Control "public";
+
+ # Enabling compression
+ gzip on;
+ gzip_min_length 100000;
+ gzip_proxied expired no-cache no-store private auth;
+ gzip_types application/javascript application/x-javascript text/css text/javascript;
+
+ if ($request_method = OPTIONS ) {
+ add_header Access-Control-Allow-Origin "*" ;
+ add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
+ add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
+ # add_header Access-Control-Allow-Credentials "true";
+ add_header Content-Length 0;
+ add_header Content-Type text/plain;
+ return 200;
+ }
+ set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}";
+
+ set $url_full '$1';
+ proxy_http_version 1.1;
+ proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}";
+ proxy_set_header Authorization '';
+ proxy_hide_header Access-Control-Allow-Origin;
+ proxy_hide_header Access-Control-Allow-Methods;
+ proxy_hide_header x-amz-id-2;
+ proxy_hide_header x-amz-request-id;
+ proxy_hide_header Set-Cookie;
+ proxy_ignore_headers "Set-Cookie";
+ proxy_buffering off;
+ proxy_intercept_errors on;
+ add_header Access-Control-Allow-Origin "*";
+ add_header Access-Control-Allow-Methods GET;
+ proxy_pass https://$offline_bucket/$url_full;
+ }
+
+ location / {
+ rewrite ^/(.*) /$1 break;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_connect_timeout 5;
+ proxy_send_timeout 60;
+ proxy_read_timeout 70;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Connection "";
+ proxy_http_version 1.1;
+ proxy_pass http://player;
+ }
+
+ location /v3/device/register {
+ proxy_pass http://kong;
+ proxy_set_header Connection "";
+ rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_connect_timeout 5;
+ proxy_send_timeout 60;
+ proxy_read_timeout 70;
+ proxy_http_version 1.1;
+ }
+
+ location /action/data/v3/metrics {
+ proxy_pass http://kong;
+ proxy_set_header Connection "";
+ rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break;
+
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_connect_timeout 5;
+ proxy_send_timeout 60;
+ proxy_read_timeout 70;
+ }
+
+ location /oauth2callback {
+ return 200 'OK';
+ add_header Content-Type text/plain;
+ }
+
+ {# Including custom configuration #}
+ {{ proxy_custom_config }}
+ client_max_body_size 60M;
+ }