74 lines
2.1 KiB
Django/Jinja
74 lines
2.1 KiB
Django/Jinja
upstream service {
|
|
ip_hash;
|
|
#server {{ shinyproxy_docker_stack_name }}_{{ shinyproxy_docker_service_server_name }}:{{ shinyproxy_service_port }};
|
|
}
|
|
|
|
# added to import pep script
|
|
js_import pep.js;
|
|
|
|
# added to bind enforce function
|
|
js_set $authorization pep.enforce;
|
|
|
|
# variables computed by njs and which may possibly be passed among locations
|
|
js_var $auth_token;
|
|
js_var $account_record;
|
|
|
|
proxy_cache_path /tmp levels=1:2 keys_zone=social_cache:10m max_size=10g inactive=60m use_temp_path=off;
|
|
|
|
server {
|
|
|
|
listen *:80;
|
|
listen [::]:80;
|
|
|
|
server_name {{ shinyproxy_service_host }};
|
|
|
|
subrequest_output_buffer_size 200k;
|
|
|
|
location /health {
|
|
add_header Content-Length 0;
|
|
add_header Content-Type "text/plain";
|
|
return 200;
|
|
}
|
|
|
|
location / {
|
|
proxy_read_timeout 300;
|
|
proxy_send_timeout 300;
|
|
js_content pep.enforce;
|
|
}
|
|
|
|
location /jwt_verify_request {
|
|
internal;
|
|
gunzip on;
|
|
proxy_method POST;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Authorization {{ keycloak_auth_credentials_prod }};
|
|
proxy_set_header Content-Type "application/x-www-form-urlencoded";
|
|
proxy_pass https://{{ keycloak_auth_server }}/auth/realms/d4science/protocol/openid-connect/token/introspect;
|
|
proxy_cache token_responses; # Enable caching
|
|
proxy_cache_key $source_auth; # Cache for each source authentication
|
|
proxy_cache_lock on; # Duplicate tokens must wait
|
|
proxy_cache_valid 200 10s; # How long to use each response
|
|
proxy_ignore_headers Cache-Control Expires Set-Cookie;
|
|
}
|
|
|
|
|
|
location /_backend {
|
|
internal;
|
|
proxy_read_timeout 300;
|
|
proxy_send_timeout 300;
|
|
resolver 146.48.122.10;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Authorization "$auth_token";
|
|
proxy_pass http://service$request_uri;
|
|
}
|
|
|
|
location /_accounting {
|
|
internal;
|
|
proxy_method POST;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Authorization $auth_token
|
|
proxy_set_header Content-Type "application/json";
|
|
proxy_pass https://accounting-service.d4science.org/accounting-service/record;
|
|
}
|
|
}
|