From 4fcf838b42fac3bf54419c9507a0b5000abee34f Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 24 Oct 2022 11:38:12 +0200 Subject: [PATCH] More nginx proxy options. --- gcube-token-docker/nginx.default.conf.j2 | 19 +++++++++++++++++++ gcube-token-docker/pep.js.j2 | 1 + 2 files changed, 20 insertions(+) diff --git a/gcube-token-docker/nginx.default.conf.j2 b/gcube-token-docker/nginx.default.conf.j2 index 0d808bf..8395c1c 100644 --- a/gcube-token-docker/nginx.default.conf.j2 +++ b/gcube-token-docker/nginx.default.conf.j2 @@ -20,6 +20,25 @@ server { server_name {{ docker_service_host }}; subrequest_output_buffer_size 200k; + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Host $remote_addr; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header nginx-request-uri $request_uri; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering on; + proxy_buffer_size 8k; + proxy_buffers 4 8k; + proxy_busy_buffers_size 16k; + proxy_temp_file_write_size 16k; + proxy_redirect off; + proxy_connect_timeout 30s; + proxy_read_timeout 480s; + proxy_send_timeout 120s; + location /health { add_header Content-Length 0; add_header Content-Type "text/plain"; diff --git a/gcube-token-docker/pep.js.j2 b/gcube-token-docker/pep.js.j2 index 3478859..0434154 100644 --- a/gcube-token-docker/pep.js.j2 +++ b/gcube-token-docker/pep.js.j2 @@ -46,6 +46,7 @@ function enforce(r) { closeAccountingRecord(context.record, (reply.status === 200 || reply.status === 201 || reply.status === 204)) context.request.subrequest("/_accounting", { detached : true, body : JSON.stringify(context.record) }) debug(context, njs.dump(reply)) + // context.request.headersOut['Content-type'] = "text/html' r.return(reply.status, reply.responseText) }).catch(e => { log(context, "Error .... " + njs.dump(e)); context.request.return(e.message === "Unauthorized" ? 403 : 500)} )