include ./resolvers/resolvers.conf; server { listen 8880; # health check for k8s location /healthz { return 200; } } # if behind proxy passthrough X-Forwarded-Proto header map $http_x_forwarded_proto $ingress_proto { "" $scheme; default $http_x_forwarded_proto; } server { listen 80 default_server; server_name _; proxy_buffering off; proxy_buffers 16 64k; proxy_buffer_size 64k; root /usr/share/nginx/html; index index.html index.htm; error_page 500 501 502 503 504 /50x.html; client_max_body_size 0; merge_slashes off; location = /50x.html { root /usr/share/nginx/html; } location / { root /usr/share/nginx/html; index index.html index.htm; try_files $uri /index.html; } location ~* /docs/(.*)$ { set $docs_url "${DOCS_URL}"; if ($docs_url != "") { return 307 $docs_url$1; } root /usr/share/nginx/html; index index.html index.htm; } # serve replay service worker, RWP_BASE_URL set in Dockerfile location /replay/sw.js { add_header Content-Type application/javascript; return 200 'importScripts("${RWP_BASE_URL}sw.js");'; } location /replay/ui.js { add_header Content-Type application/javascript; return 307 ${RWP_BASE_URL}ui.js; } # serve a 404 page for /replay/ path, as that should be taken over by RWP location /replay/ { default_type application/json; return 404 "{\"error\": \"placeholder_for_replay\"}"; } # used by docker only: k8s deployment handles /api directly via ingress location /api/ { proxy_pass http://${BACKEND_HOST}:8000; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $ingress_proto; } # used by docker only: k8s deployment handles /api directly via ingress location /api/orgs/import/json { proxy_pass http://${BACKEND_HOST}:8000; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $ingress_proto; # for larger uploads to not timeout proxy_http_version 1.1; proxy_read_timeout 300; proxy_request_buffering off; } location ~* /watch/([^/]+)/([^/]+)/([^/]+)/ws { set $org $1; set $crawl $2; set $num $3; set $auth_bearer $arg_auth_bearer; set $svc_suffix ".crawler"; set $fqdn_suffix "${CRAWLER_FQDN_SUFFIX}"; auth_request /access_check; proxy_pass http://crawl-$crawl-$num$svc_suffix$fqdn_suffix:9037/ws; proxy_set_header Host "localhost"; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } location = /access_check { internal; proxy_pass http://${BACKEND_HOST}:8000/api/orgs/$org/crawls/$crawl/access?auth_bearer=$auth_bearer; proxy_pass_request_body off; proxy_set_header Content-Length ""; } # redirect to bundled build of novnc location ~* ^/browser/([^/]+)/core/rfb.js$ { absolute_redirect off; return 308 /js/novnc.js; } location ~* ^/browser/([^/]+)/ws$ { set $browserid $1; set $auth_bearer $arg_auth_bearer; set $org $arg_oid; set $fqdn_suffix "${CRAWLER_FQDN_SUFFIX}"; auth_request /access_check_profiles; proxy_pass http://browser-$browserid.browser$fqdn_suffix:6080/websockify; proxy_set_header Host "localhost"; proxy_send_timeout 10m; proxy_read_timeout 10m; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } location ~* ^/browser/([^/]+)/$ { set $browserid $1; set $auth_bearer $arg_auth_bearer; set $org $arg_oid; set $fqdn_suffix "${CRAWLER_FQDN_SUFFIX}"; auth_request /access_check_profiles; proxy_pass http://browser-$browserid.browser$fqdn_suffix:9223/vnc/; proxy_set_header Host "localhost"; } location = /access_check_profiles { internal; proxy_pass http://${BACKEND_HOST}:8000/api/orgs/$org/profiles/browser/$browserid/access?auth_bearer=$auth_bearer; proxy_pass_request_body off; proxy_set_header Content-Length ""; } include ./includes/*.conf; }