gCubeSystem
/
d4s-nginx-pep-examples
16
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
d4s-nginx-pep-examples/shinyproxy/nginx.default.conf.j2

74 lines
2.1 KiB
Django/Jinja
Raw Blame History

upstream service {
ip_hash;
#server {{ shinyproxy_docker_stack_name }}_{{ shinyproxy_docker_service_server_name }}:{{ shinyproxy_service_port }};
}
# added to import pep script
js_import pep.js;
# added to bind enforce function
js_set $authorization pep.enforce;
# variables computed by njs and which may possibly be passed among locations
js_var $auth_token;
js_var $account_record;
proxy_cache_path /tmp levels=1:2 keys_zone=social_cache:10m max_size=10g inactive=60m use_temp_path=off;
server {
listen *:80;
listen [::]:80;
server_name {{ shinyproxy_service_host }};
subrequest_output_buffer_size 200k;
location /health {
add_header Content-Length 0;
add_header Content-Type "text/plain";
return 200;
}
location / {
proxy_read_timeout 300;
proxy_send_timeout 300;
js_content pep.enforce;
}
location /jwt_verify_request {
internal;
gunzip on;
proxy_method POST;
proxy_http_version 1.1;
proxy_set_header Authorization {{ keycloak_auth_credentials_prod }};
proxy_set_header Content-Type "application/x-www-form-urlencoded";
proxy_pass https://{{ keycloak_auth_server }}/auth/realms/d4science/protocol/openid-connect/token/introspect;
proxy_cache token_responses; # Enable caching
proxy_cache_key $source_auth; # Cache for each source authentication
proxy_cache_lock on; # Duplicate tokens must wait
proxy_cache_valid 200 10s; # How long to use each response
proxy_ignore_headers Cache-Control Expires Set-Cookie;
}
location /_backend {
internal;
proxy_read_timeout 300;
proxy_send_timeout 300;
resolver 146.48.122.10;
proxy_http_version 1.1;
proxy_set_header Authorization "$auth_token";
proxy_pass http://service$request_uri;
}
location /_accounting {
internal;
proxy_method POST;
proxy_http_version 1.1;
proxy_set_header Authorization $auth_token
proxy_set_header Content-Type "application/json";
proxy_pass https://accounting-service.d4science.org/accounting-service/record;
}
}
View Git Blame Copy Permalink