tea/browsertrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
10640feeef
browsertrix/frontend/frontend.conf.template
Tessa Walsh f076e7d9e3
Add superuser API endpoints to export and import org data (#1394) 
Fixes #890 

This PR introduces new streaming superuser-only API endpoints to export
and import database information for an organization. New Adminstrator
deployment documentation on how to manage the process and copy files
between S3 buckets as needed is also included.

---------

Co-authored-by: Henry Wilkinson <henry@wilkinson.graphics>
Co-authored-by: Ilya Kreymer <ikreymer@gmail.com>
2024-07-02 17:14:34 -04:00

149 lines
4.0 KiB
Plaintext
Raw Blame History

include ./resolvers/resolvers.conf;
server {
listen 8880;
# health check for k8s
location /healthz {
return 200;
}
}
# if behind proxy passthrough X-Forwarded-Proto header
map $http_x_forwarded_proto $ingress_proto {
"" $scheme;
default $http_x_forwarded_proto;
}
server {
listen 80 default_server;
server_name _;
proxy_buffering off;
proxy_buffers 16 64k;
proxy_buffer_size 64k;
root /usr/share/nginx/html;
index index.html index.htm;
error_page 500 501 502 503 504 /50x.html;
client_max_body_size 0;
merge_slashes off;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri /index.html;
}
# serve replay service worker, RWP_BASE_URL set in Dockerfile
location /replay/sw.js {
add_header Content-Type application/javascript;
return 200 'importScripts("${RWP_BASE_URL}sw.js");';
}
location /replay/ui.js {
add_header Content-Type application/javascript;
return 307 ${RWP_BASE_URL}ui.js;
}
# serve a 404 page for /replay/ path, as that should be taken over by RWP
location /replay/ {
default_type application/json;
return 404 "{\"error\": \"placeholder_for_replay\"}";
}
# used by docker only: k8s deployment handles /api directly via ingress
location /api/ {
proxy_pass http://${BACKEND_HOST}:8000;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $ingress_proto;
}
# used by docker only: k8s deployment handles /api directly via ingress
location /api/orgs/import/json {
proxy_pass http://${BACKEND_HOST}:8000;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $ingress_proto;
# for larger uploads to not timeout
proxy_http_version 1.1;
proxy_read_timeout 300;
proxy_request_buffering off;
}
location ~* /watch/([^/]+)/([^/]+)/([^/]+)/ws {
set $org $1;
set $crawl $2;
set $num $3;
set $auth_bearer $arg_auth_bearer;
set $svc_suffix ".crawler";
set $fqdn_suffix "${CRAWLER_FQDN_SUFFIX}";
auth_request /access_check;
proxy_pass http://crawl-$crawl-$num$svc_suffix$fqdn_suffix:9037/ws;
proxy_set_header Host "localhost";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
location = /access_check {
internal;
proxy_pass http://${BACKEND_HOST}:8000/api/orgs/$org/crawls/$crawl/access?auth_bearer=$auth_bearer;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
# redirect to bundled build of novnc
location ~* ^/browser/([^/]+)/core/rfb.js$ {
absolute_redirect off;
return 308 /js/novnc.js;
}
location ~* ^/browser/([^/]+)/ws$ {
set $browserid $1;
set $auth_bearer $arg_auth_bearer;
set $org $arg_oid;
set $fqdn_suffix "${CRAWLER_FQDN_SUFFIX}";
auth_request /access_check_profiles;
proxy_pass http://browser-$browserid.browser$fqdn_suffix:6080/websockify;
proxy_set_header Host "localhost";
proxy_send_timeout 10m;
proxy_read_timeout 10m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
location ~* ^/browser/([^/]+)/$ {
set $browserid $1;
set $auth_bearer $arg_auth_bearer;
set $org $arg_oid;
set $fqdn_suffix "${CRAWLER_FQDN_SUFFIX}";
auth_request /access_check_profiles;
proxy_pass http://browser-$browserid.browser$fqdn_suffix:9223/vnc/;
proxy_set_header Host "localhost";
}
location = /access_check_profiles {
internal;
proxy_pass http://${BACKEND_HOST}:8000/api/orgs/$org/profiles/browser/$browserid/access?auth_bearer=$auth_bearer;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
include ./includes/*.conf;
}
Reference in New Issue View Git Blame Copy Permalink