fix: updated include location, removed keycloak block

f72a5bf1 · keshavprasadms · 4c99ba93 · f72a5bf1
Commit f72a5bf1 authored 3 years ago by keshavprasadms
Hide whitespace changes
Inline Side-by-side

Showing

with 1 addition and 132 deletions
+1 -132
--- a/kubernetes/helm_charts/core/nginx-public-ingress/values.j2
+++ b/kubernetes/helm_charts/core/nginx-public-ingress/values.j2
@@ -172,42 +172,6 @@ proxyconfig: |-
      proxy_set_header X-Request-ID $sb_request_id;
      proxy_pass http://kong;
    }
-    location /auth/ {
-      rewrite ^/auth/(.*) /auth/$1 break;
-      proxy_set_header X-Request-ID $sb_request_id;
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
-      proxy_set_header X-Scheme $scheme;
-      proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Connection "";
-      proxy_http_version 1.1;
-      proxy_pass http://keycloak;
-    }
-    # Caching keycloak static assets
-    location ~ /auth/resources/(.+\.(png|svg|ico|js|eot|ttf|woff|woff2|css)) {
-      # Enabling caching
-      proxy_cache_key $proxy_host$request_uri;
-      proxy_cache proxy_cache;
-      add_header X-Proxy-Cache $upstream_cache_status;
-      add_header X-Proxy-Cache-Date $upstream_http_date;
-      proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-      proxy_cache_revalidate on;
-      proxy_cache_background_update on;
-      proxy_cache_lock on;
-      proxy_cache_valid 200 3600s;
-      rewrite ^/auth/(.*) /auth/$1 break;
-      proxy_set_header Connection "";
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
-      proxy_set_header X-Scheme $scheme;
-      proxy_set_header    X-Forwarded-For   {{ nginx_client_public_ip_header | d('$remote_addr') }};
-      proxy_connect_timeout 5;
-      proxy_send_timeout 60;
-      proxy_read_timeout 70;
-      proxy_http_version 1.1;
-      proxy_pass http://keycloak;
-  }
    # This is Caching mechanism for POST requests location search
    location ~ /learner/data/v1/location/search {
      # Enabling caching
@@ -858,7 +822,7 @@ nginxconfig: |
          keepalive 1000;
      }
      
-      include /etc/nginx/conf.d/*.conf;
+      include /etc/nginx/defaults.d/*.conf;
      # local caching for images and files
      proxy_cache_path /tmp/proxy_cache levels=1:2 keys_zone=tmp_cache:5m max_size=10m inactive=60m use_temp_path=off;
      proxy_cache_path /tmp/api_cache levels=1:2 keys_zone=proxy_cache:5m max_size=300m inactive=60m use_temp_path=off;
@@ -880,101 +844,6 @@ nginxconfig: |
     }
  }

-keycloakconf: |
-  server {
-    listen 80;
-    listen [::]:80;
-    server_name {{ merge_proxy_server_name }};
-    # Limitting open connection per ip
-    limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
-    return 301 https://{{ merge_proxy_server_name }}$request_uri;
-  }
-  server {
-    listen                443 ssl;
-    ssl_certificate       /etc/secrets-merge/tls.crt;
-    ssl_certificate_key   /etc/secrets-merge/tls.key;
-    server_name           {{ merge_proxy_server_name }};
-    # Limitting open connection per ip
-    limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
-    proxy_set_header    Host              $host;
-    proxy_set_header    X-Real-IP         {{ nginx_client_public_ip_header | d('$remote_addr') }};
-    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
-    proxy_set_header    X-Forwarded-SSL   on;
-    proxy_set_header    X-Forwarded-Proto $scheme;
-    ignore_invalid_headers off;  #pass through headers from Jenkins which are considered invalid by Nginx server.
-    resolver 127.0.0.11 valid=5s;
-    location ~* ^/auth/(.*)/impersonation {
-      return 301 {{proto}}://{{ proxy_server_name }};
-    }
-    location ~* ^/auth/realms/master {
-      return 301 {{proto}}://{{ proxy_server_name }};
-    }
-    location ~* ^/auth/admin/master/console/ {
-      return 301 {{proto}}://{{ proxy_server_name }};
-    }
-    location ~* ^/auth/realms/(.+)/token/introspect/ {
-          return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect;
-    }
-    location ~* ^/auth/realms/(.+)/token/ {
-      return 301  {{proto}}://$host/api/auth/v1/realms/$1/token/;
-    }
-    location ~* ^/auth/realms/(.+)/userinfo/ {
-      return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/;
-    }
-    location ~* ^/auth/realms/(.+)/logout/ {
-      return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/;
-    }
-    location ~* ^/auth/realms/(.+)/certs/ {
-      return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/;
-    }
-    location ~* ^/auth/realms/(.+)/clients-registrations/ {
-      return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/;
-    }
-    location ~* ^/auth/v1/refresh/token  {
-      rewrite ^/auth/(.*) /auth/$1 break;
-      proxy_set_header Connection "";
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
-      proxy_set_header X-Scheme $scheme;
-      proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_connect_timeout 5;
-      proxy_send_timeout 60;
-      proxy_read_timeout 70;
-      proxy_http_version 1.1;
-      proxy_set_header X-Request-ID $sb_request_id;
-      proxy_pass http://kong;
-    }
-    location ~* ^/auth/admin/master/console/ {
-      return 301 {{proto}}://{{ merge_proxy_server_name }};
-    }
-    location /auth/ {
-      set $target {{ keycloak_url }};
-      rewrite ^/auth/(.*) /auth/$1 break;
-      proxy_set_header X-Request-ID $sb_request_id;
-      proxy_pass $target;
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
-      proxy_set_header X-Scheme $scheme;
-      proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
-      proxy_set_header X-Forwarded-Proto $scheme;
-    }
-    location / {
-      rewrite ^/(.*) /$1 break;
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP {{ nginx_client_public_ip_header | d('$remote_addr') }};
-      proxy_set_header X-Scheme $scheme;
-      proxy_connect_timeout 5;
-      proxy_send_timeout 60;
-      proxy_read_timeout 70;
-      proxy_set_header    X-Forwarded-Proto $scheme;
-      proxy_set_header Connection "";
-      proxy_http_version 1.1;
-      proxy_set_header X-Request-ID $request_id;
-      proxy_pass http://player;
-    }
-  }
-
 serviceMonitor:
  enabled: true
  labels: # labels with which the prometheus choose the serviceMonitor