argos/deployment/proxy/ProxyNginx.conf

148 lines
5.8 KiB
Plaintext

server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name "";
return 444;
}
server {
listen 8080;
server_name ${APP_HOST}${APP_PORT};
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 8081 ssl;
ssl_certificate /certifcates/cert.crt;
ssl_certificate_key /certifcates/key.key;
server_name ${APP_HOST}${APP_PORT};
proxy_pass_header Server;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header Referrer-Policy 'strict-origin' always;
add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://opendmp.frontend:8080;
proxy_read_timeout 90;
proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT};
}
location /api/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://opendmp.backend:8080;
proxy_read_timeout 90;
proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api;
}
location /api/notification/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://opendmp.notification:8080;
proxy_read_timeout 90;
proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification;
}
location /api/annotation/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://opendmp.annotation:8080;
proxy_read_timeout 90;
proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation;
}
}
server {
listen 8082 ssl;
ssl_certificate /certifcates/cert.crt;
ssl_certificate_key /certifcates/key.key;
server_name ${MS_HOST};
proxy_pass_header Server;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header Referrer-Policy 'strict-origin' always;
add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always;
add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always;
location /keycloak/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass https://opendmp.keycloak:8443;
proxy_read_timeout 90;
proxy_redirect http://opendmp.keycloak:8443 https://${MS_HOST}${MS_PORT}/keycloak;
}
location /rabbitmq/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass https://opendmp.rabbitmq:15672;
proxy_read_timeout 90;
proxy_redirect http://opendmp.rabbitmq:15672 https://${MS_HOST}${MS_PORT}/rabbitmq;
}
location /elastic/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass https://opendmp.kibana:5601;
proxy_read_timeout 90;
proxy_redirect http://opendmp.kibana:5601 https://${MS_HOST}${MS_PORT}/elastic;
}
}