222 lines
8.3 KiB
Nginx Configuration File
222 lines
8.3 KiB
Nginx Configuration File
|
|
#user nobody;
|
|
worker_processes 1;
|
|
|
|
#error_log logs/error.log;
|
|
#error_log logs/error.log notice;
|
|
#error_log logs/error.log info;
|
|
|
|
#pid logs/nginx.pid;
|
|
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
|
|
http {
|
|
include mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
log_format custom_log_format '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for" '
|
|
'rt=$request_time ut=$upstream_response_time';
|
|
|
|
access_log /var/log/nginx/access.log custom_log_format;
|
|
error_log /var/log/nginx/error.log info;
|
|
|
|
sendfile on;
|
|
#tcp_nopush on;
|
|
|
|
#keepalive_timeout 0;
|
|
keepalive_timeout 65;
|
|
|
|
client_max_body_size 50M;
|
|
|
|
#gzip on;
|
|
|
|
client_header_buffer_size 4k;
|
|
large_client_header_buffers 4 8k;
|
|
|
|
server {
|
|
listen 80;
|
|
listen 8080;
|
|
server_name ${NGINX_SERVER_NAME};
|
|
|
|
#charset koi8-r;
|
|
|
|
#access_log logs/host.access.log main;
|
|
|
|
location = / {
|
|
return 301 /admin/;
|
|
}
|
|
|
|
location / {
|
|
root /etc/nginx/public;
|
|
index index.html index.htm;
|
|
}
|
|
|
|
location /reset {
|
|
rewrite ^/reset(.*)$ /admin/reset$1 permanent;
|
|
}
|
|
|
|
location /static/ {
|
|
alias /etc/nginx/static/;
|
|
}
|
|
|
|
#error_page 404 /404.html;
|
|
|
|
# redirect server error pages to the static page /50x.html
|
|
#
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /etc/nginx/public;
|
|
}
|
|
|
|
# location /chat/ {
|
|
# proxy_pass http://eveai_chat:5002/;
|
|
#
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
# proxy_buffering off;
|
|
#
|
|
# # Add CORS headers
|
|
# add_header 'Access-Control-Allow-Origin' '*' always;
|
|
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
|
# add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization' always;
|
|
# add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
# }
|
|
|
|
location /chat-client/ {
|
|
proxy_pass http://eveai_chat_client:8080/;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Prefix /chat-client;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_buffering off;
|
|
|
|
# Add CORS headers
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
|
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization' always;
|
|
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
}
|
|
|
|
location /admin/ {
|
|
# include uwsgi_params;
|
|
# uwsgi_pass 127.0.0.1:5001;
|
|
# uwsgi_read_timeout 300;
|
|
proxy_pass http://eveai_app:8080/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Prefix /admin; # Required for Flask views (used in nginx_utils
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_buffering off;
|
|
proxy_buffer_size 16k;
|
|
proxy_buffers 4 32k;
|
|
proxy_busy_buffers_size 64k;
|
|
|
|
# # Ensure these headers are set for secure connections
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
# proxy_set_header X-Forwarded-Host $host;
|
|
# proxy_set_header X-Forwarded-Port $server_port;
|
|
|
|
proxy_connect_timeout 60s;
|
|
proxy_send_timeout 60s;
|
|
proxy_read_timeout 60s;
|
|
send_timeout 60s;
|
|
|
|
# Subfilter to hide admin prefix from app
|
|
sub_filter_once off;
|
|
sub_filter_types text/html text/css application/javascript;
|
|
|
|
# General HTML sub_filters
|
|
sub_filter 'href="/static/' 'href="/static/';
|
|
sub_filter 'src="/static/' 'src="/static/';
|
|
sub_filter 'url("/static/' 'url("/static/';
|
|
sub_filter 'href="/' 'href="/admin/'; # Rewrites for other content
|
|
sub_filter 'src="/' 'src="/admin/';
|
|
sub_filter 'action="/' 'action="/admin/';
|
|
sub_filter 'url("/' 'url("/admin/';
|
|
|
|
# Sub_filters for JavaScript URLs
|
|
sub_filter 'url: "/' 'url: "/admin/';
|
|
sub_filter 'url: \"/' 'url: "/admin/';
|
|
sub_filter 'url("/' 'url("/admin/';
|
|
sub_filter 'url(\\"/' 'url("/admin/';
|
|
|
|
# Sub_filters for AJAX requests
|
|
sub_filter 'url: \'/user/' 'url: \'/admin/user/';
|
|
sub_filter 'url: "/user/' 'url: "/admin/user/';
|
|
sub_filter 'url: "/api/' 'url: "/admin/api/';
|
|
sub_filter 'url: \'/api/' 'url: \'/admin/api/';
|
|
|
|
}
|
|
|
|
location /api/ {
|
|
# Handle preflight requests
|
|
if ($request_method = 'OPTIONS') {
|
|
add_header 'Access-Control-Allow-Origin' $http_origin always;
|
|
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
|
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
|
|
add_header 'Access-Control-Max-Age' 1728000;
|
|
add_header 'Content-Type' 'text/plain charset=UTF-8';
|
|
add_header 'Content-Length' 0;
|
|
return 204;
|
|
}
|
|
# Mirror the Origin header if it's allowed by the application
|
|
# The application will handle the actual origin validation
|
|
add_header 'Access-Control-Allow-Origin' $http_origin always;
|
|
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
|
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
|
|
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
|
|
|
|
proxy_pass http://eveai_api:8080/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Prefix /api;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_buffering off;
|
|
proxy_buffer_size 16k;
|
|
proxy_buffers 4 32k;
|
|
proxy_busy_buffers_size 64k;
|
|
|
|
proxy_connect_timeout 60s;
|
|
proxy_send_timeout 60s;
|
|
proxy_read_timeout 60s;
|
|
send_timeout 60s;
|
|
}
|
|
|
|
location /flower/ {
|
|
proxy_pass http://flower:5555/flower/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|
|
|
|
include sites-enabled/*;
|
|
}
|