100 lines
4.0 KiB
YAML
100 lines
4.0 KiB
YAML
---
|
|
nginx_use_nginx_org_repo: true
|
|
nginx_org_modules:
|
|
- pkg_name: nginx-module-njs
|
|
mod_name: ngx_http_js_module.so
|
|
enabled: true
|
|
nginx_set_frame_origin: true
|
|
nginx_set_content_security_options: true
|
|
nginx_disable_content_security_options: true
|
|
nginx_x_frame_options: ''
|
|
nginx_pep_debug_enabled: 'true'
|
|
nginx_proxy_define_header_host: true
|
|
nginx_proxy_header_x_forwarded_proto: 'https'
|
|
nginx_conf_remote_snippets:
|
|
- url: 'https://code-repo.d4science.org/gCubeSystem/d4s-nginx-pep-examples/raw/branch/master/shinyproxy/pep.js.j2'
|
|
name: pep.js
|
|
nginx_conf_remote_global_conf:
|
|
- url: 'https://code-repo.d4science.org/gCubeSystem/d4s-nginx-pep-examples/raw/branch/master/shinyproxy/nginx_pep_gcube.conf.j2'
|
|
name: nginx_pep_gcube
|
|
- url: 'https://code-repo.d4science.org/gCubeSystem/d4s-nginx-pep-examples/raw/branch/master/shinyproxy/nginx_pep_global.conf.j2'
|
|
name: nginx_pep_global
|
|
nginx_virthosts:
|
|
- virthost_name: 'shinyproxy.garr.d4science.org'
|
|
server_name: 'shinyproxy.garr.d4science.org'
|
|
serveraliases: 'shinyproxy-sdg.d4science.org'
|
|
plain_http_enabled: false
|
|
upstream_backends:
|
|
- name: shinyproxy_sdg
|
|
servers:
|
|
- '{{ docker_garr_swarm1_ip }}:8080'
|
|
- '{{ docker_garr_swarm2_ip }}:8080'
|
|
- '{{ docker_garr_swarm3_ip }}:8080'
|
|
ssl_enabled: true
|
|
ssl_only: true
|
|
ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}'
|
|
root: '{{ nginx_webroot }}'
|
|
server_tokens: 'off'
|
|
# global_additional_options:
|
|
# - 'include /etc/nginx/snippets/nginx_pep_gcube.conf'
|
|
proxy_standard_setup: true
|
|
include_global_proxy_conf: true
|
|
proxy_additional_options:
|
|
- 'proxy_cache_path /tmp/shinyproxy_sdg levels=1:2 keys_zone=shinyproxy_sdg_cache:10m max_size=10g inactive=60m use_temp_path=off'
|
|
websockets: true
|
|
locations:
|
|
- location: '~ /app/'
|
|
other_opts:
|
|
- 'subrequest_output_buffer_size 128k'
|
|
- 'js_content pep.enforce'
|
|
- location: '~ /[^_].+'
|
|
target: 'http://shinyproxy_sdg'
|
|
other_opts:
|
|
- 'subrequest_output_buffer_size 128k'
|
|
- location: /_jwt_verify_request
|
|
target: '{{ keycloak_auth_server }}/auth/realms/d4science/protocol/openid-connect/token/introspect'
|
|
other_opts:
|
|
- 'internal'
|
|
- 'proxy_method POST'
|
|
- 'gunzip on'
|
|
- 'proxy_set_header Authorization "{{ keycloak_auth_credentials_prod }}"'
|
|
- 'proxy_set_header Content-Type "application/x-www-form-urlencoded"'
|
|
- 'proxy_cache shinyproxy_sdg_cache'
|
|
- 'proxy_cache_key $source_auth'
|
|
- 'proxy_cache_lock on'
|
|
- 'proxy_cache_valid 200 10s'
|
|
- 'proxy_ignore_headers Cache-Control Expires Set-Cookie'
|
|
- location: /_backend
|
|
other_opts:
|
|
- 'internal'
|
|
- 'subrequest_output_buffer_size 128k'
|
|
- 'resolver 146.48.122.10'
|
|
- 'proxy_set_header Host $host'
|
|
- 'proxy_set_header X-Forwarded-Proto "https"'
|
|
- 'proxy_set_header Authorization "$auth_token"'
|
|
target: 'http://shinyproxy_sdg$request_uri'
|
|
- location: /_accounting
|
|
target: 'https://accounting-service.d4science.org/accounting-service/record'
|
|
other_opts:
|
|
- 'internal'
|
|
- 'proxy_method POST'
|
|
- 'proxy_set_header Authorization "$auth_token"'
|
|
- 'proxy_set_header Content-Type "application/json"'
|
|
- location: /_homeserv
|
|
target: 'https://192.168.100.54/'
|
|
other_opts:
|
|
- 'internal'
|
|
- 'proxy_method POST'
|
|
- 'proxy_set_header Content-Type "application/x-www-form-urlencoded"'
|
|
- 'proxy_ssl_verify off'
|
|
- location: /_gcube_user_info
|
|
target: 'https://api.d4science.org/rest/2/people/profile'
|
|
other_opts:
|
|
- 'internal'
|
|
- 'proxy_method GET'
|
|
- 'gunzip on'
|
|
- 'proxy_set_header gcube-token "$auth_token"'
|
|
- 'proxy_cache shinyproxy_sdg_cache'
|
|
- 'proxy_cache_key $auth_token'
|
|
|