-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf
134 lines (108 loc) · 4.44 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
events {
worker_connections 1024;
}
http {
map $http_x_forwarded_for $client_ip {
# Default to $remote_addr if X-Forwarded-For is empty
"" $remote_addr;
# Extract the second to last IP
~^(?:[^,]+,)*([^,]+),[^,]+$ $1;
# Use the only IP if there's just one
~^[^,]+$ $1;
}
limit_req_zone $client_ip zone=addr_limit:10m rate=10r/s;
limit_req_status 429;
# Add headers for rate limiting
add_header X-RateLimit-Limit 10 always;
add_header X-RateLimit-Burst 20 always;
add_header X-RateLimit-Delay 5 always;
server_tokens off;
server {
# Use the mapped $client_ip
set_real_ip_from 10.0.0.0/8;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
listen 8080;
server_name default_server;
limit_req zone=addr_limit burst=20 delay=5;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
client_max_body_size 50M;
# Compression
# Enable Gzip compressed.
gzip on;
# Enable compression both for HTTP/1.0 and HTTP/1.1.
gzip_http_version 1.1;
# Compression level (1-9).
# 5 is a perfect compromise between size and cpu usage, offering about
# 75% reduction for most ascii files (almost identical to level 9).
gzip_comp_level 5;
# Don't compress anything that's already small and unlikely to shrink much
# if at all (the default is 20 bytes, which is bad as that usually leads to
# larger files after gzipping).
gzip_min_length 256;
# Compress data even for clients that are connecting to us via proxies,
# identified by the "Via" header (required for CloudFront).
gzip_proxied any;
# Tell proxies to cache both the gzipped and regular version of a resource
# whenever the client's Accept-Encoding capabilities header varies;
# Avoids the issue where a non-gzip capable client (which is extremely rare
# today) would display gibberish if their proxy gave them the gzipped version.
gzip_vary on;
# Compress all output labeled with one of the following MIME-types.
gzip_types
application/javascript
application/json
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
# Routes that have both frontend and backend implementation, dependent on requested content type
# The problem is cors call for server. Because it has accept html, would it be sent to frontend server, which does not implement cors
# as a work-around, we implement cors here in nginx for both cases
location ~* /dataset-catalogs {
proxy_pass http://dataset-catalog-gui:8080;
}
location ~* /catalogs {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, DELETE, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($http_accept ~* "application/json") {
proxy_pass http://dataset-catalog:8080;
}
if ($http_accept ~* "text/turtle") {
proxy_pass http://dataset-catalog:8080;
}
proxy_pass http://new-dataset-catalog-gui:8080;
}
location /search {
proxy_pass http://dataset-catalog:8080;
}
location /terms-and-conditions {
proxy_pass http://terms-and-conditions-gui:8080;
}
location / {
proxy_pass http://registration-portal:8080;
}
}
}