onprem-deploy/external_ports_https_v2/nginx/default.conf.tmpl

169 lines
5.1 KiB
Cheetah

server {
server_name ${BASENAME_FOR_SUBDOMAIN} ${MINIO_YNT_HOST} ${MINIO_ADMIN_YNT_HOST} ${KC_YNT_HOST};
listen 80;
return 301 https://${DOLLAR}host${DOLLAR}request_uri;
}
server {
server_name ${BASENAME_FOR_SUBDOMAIN};
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/server.crt.pem;
ssl_certificate_key /etc/nginx/ssl/server.key.pem;
proxy_http_version 1.1;
proxy_busy_buffers_size 512k;
proxy_buffers 4 512k;
proxy_buffer_size 256k;
proxy_connect_timeout 75s;
location / {
proxy_pass http://yonote:3000;
proxy_set_header Host ${DOLLAR}host;
proxy_set_header Connection '';
chunked_transfer_encoding off;
proxy_cache off;
}
location ^~/realtime {
proxy_http_version 1.1;
proxy_set_header Upgrade ${DOLLAR}http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host ${DOLLAR}host;
proxy_pass http://yonote:3000;
}
location ^~/collaboration {
proxy_http_version 1.1;
proxy_set_header Upgrade ${DOLLAR}http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host ${DOLLAR}host;
proxy_pass http://yonote:3000;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name ${MINIO_YNT_HOST};
ssl_certificate /etc/nginx/ssl/server.crt.pem;
ssl_certificate_key /etc/nginx/ssl/server.key.pem;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
# Use Docker DNS
# You might not need this section but in case you need to resolve
# docker service names inside the container then this can be useful.
# resolver 127.0.0.11 valid=10s;
# resolver_timeout 5s;
# Apparently the following line might prevent caching of DNS lookups
# and force nginx to resolve the name on each request via the internal
# Docker DNS.
# set ${DOLLAR}upstream "s3";
# Proxy requests to the Minio API on port 9000
location / {
proxy_pass http://s3:9000;
proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
proxy_set_header Host ${DOLLAR}http_host;
proxy_connect_timeout 300;
# To support websocket
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Upgrade ${DOLLAR}http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name ${MINIO_ADMIN_YNT_HOST};
ssl_certificate /etc/nginx/ssl/server.crt.pem;
ssl_certificate_key /etc/nginx/ssl/server.key.pem;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
# Use Docker DNS
# You might not need this section but in case you need to resolve
# docker service names inside the container then this can be useful.
# resolver 127.0.0.11 valid=10s;
# resolver_timeout 5s;
# Apparently the following line might prevent caching of DNS lookups
# and force nginx to resolve the name on each request via the internal
# Docker DNS.
# set ${DOLLAR}upstream "s3";
# Minio Console (UI)
location / {
# This was really the key for me. Even though the Nginx docs say
# that with a URI part in the `proxy_pass` directive, the `/console/`
# URI should automatically be rewritten, this wasn't working for me.
# rewrite ^/console/(.*)${DOLLAR} /${DOLLAR}1 break;
proxy_pass http://s3:9001;
proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
proxy_set_header Host ${DOLLAR}http_host;
proxy_connect_timeout 300;
proxy_set_header Connection "";
chunked_transfer_encoding off;
# To support websocket
proxy_http_version 1.1;
proxy_set_header Upgrade ${DOLLAR}http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Origin '';
}
}
server {
server_name ${KC_YNT_HOST};
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/server.crt.pem;
ssl_certificate_key /etc/nginx/ssl/server.key.pem;
proxy_http_version 1.1;
proxy_busy_buffers_size 512k;
proxy_buffers 4 512k;
proxy_buffer_size 256k;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
proxy_set_header Host ${DOLLAR}host; # to forward the original host requested by the client
proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
proxy_set_header X-Forwarded-Host ${DOLLAR}host;
proxy_set_header X-Forwarded-Port 9443;
proxy_set_header X-Forwarded-Server ${DOLLAR}host;
proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; # To forward the original client's IP address
proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; # to forward the original protocol (HTTP or HTTPS)
location / {
proxy_pass http://keycloak:8080;
}
}