aula-backend/nginx-reverse-proxy.conf at main · aula-app/aula-backend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# automatically adjust number of nginx processes according to the number of available CPU cores
worker_processes auto;
events {
  worker_connections 256;
}

http {
  # Custom logging format that includes aula headers
  log_format main '[$time_iso8601] [$http_aula_instance_code] '
    '"$request" $status $body_bytes_sent $request_time "$http_referer" '
    '$remote_addr|$http_x_forwarded_for "$http_aula_frontend_version" "$http_user_agent"';
  access_log /dev/stdout main;

  upstream backend-legacy {
    server aula-backend-legacy:80;
  }
  upstream backend-v2 {
    server aula-backend.v2:80;
  }

  server {
    listen 80;
    listen [::]:80;

    server_name               "localhost";

    # seems to be necessary when adding docker containers to the network
    # that aren't originally defined in the initial docker-compose setup
    # valid=10s means nginx will ignore DNS TTL
    # however, for the resolver to be used during the runtime,
    # proxy_pass directives must dynamically resolve the upstreams (see all location blocks)
    # https://www.f5.com/company/blog/nginx/dns-service-discovery-nginx-plus
    resolver 127.0.0.11 valid=10s;
    resolver_timeout 5s;

    location ~ ^/(api/v2|manager|public)/.*$ {
      proxy_pass              http://backend-v2;
      proxy_http_version      1.1;
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_set_header        X-Original-URI $request_uri;

      proxy_hide_header Access-Control-Allow-Origin;
      proxy_hide_header Access-Control-Allow-Credentials;
      proxy_hide_header Access-Control-Allow-Headers;
      proxy_hide_header Access-Control-Expose-Headers;
      proxy_hide_header Access-Control-Allow-Methods;

      add_header 'Access-Control-Allow-Origin' '*' always;
      add_header 'Access-Control-Allow-Credentials' 'true' always;
      add_header 'Access-Control-Allow-Headers' 'Origin,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Referer,Authorization,User-Agent,Aula-Instance-Code,Aula-Frontend-Version' always;
      add_header 'Access-Control-Expose-Headers' 'Authorization,Content-Length,Content-Range,Content-Type,Referer,User-Agent' always;
      add_header 'Access-Control-Allow-Methods' 'GET,HEAD,OPTIONS,POST,PUT,PATCH,DELETE' always;
    }

    location ~ ^/api/c.*$ {
      proxy_pass              http://backend-legacy;
      proxy_http_version      1.1;
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_set_header        X-Original-URI $request_uri;
    }
  }
}

# vim: set ft=nginx:ts=2:shiftwidth=2: