9b125bc2c6
If X-Forwarded-Proto header is already set, pass that through instead of setting to current scheme.
134 lines
3.4 KiB
Plaintext
134 lines
3.4 KiB
Plaintext
include ./resolvers/resolvers.conf;
|
|
|
|
server {
|
|
listen 8880;
|
|
|
|
# health check for k8s
|
|
location /healthz {
|
|
return 200;
|
|
}
|
|
}
|
|
|
|
# if behind proxy passthrough X-Forwarded-Proto header
|
|
map $http_x_forwarded_proto $ingress_proto {
|
|
"" $scheme;
|
|
default $http_x_forwarded_proto;
|
|
}
|
|
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
server_name _;
|
|
proxy_buffering off;
|
|
proxy_buffers 16 64k;
|
|
proxy_buffer_size 64k;
|
|
root /usr/share/nginx/html;
|
|
index index.html index.htm;
|
|
|
|
error_page 500 501 502 503 504 /50x.html;
|
|
|
|
client_max_body_size 0;
|
|
|
|
merge_slashes off;
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
}
|
|
|
|
# fallback to index for any page
|
|
error_page 404 /index.html;
|
|
|
|
location / {
|
|
root /usr/share/nginx/html;
|
|
index index.html index.htm;
|
|
}
|
|
|
|
# serve replay service worker, RWP_BASE_URL set in Dockerfile
|
|
location /replay/sw.js {
|
|
add_header Content-Type application/javascript;
|
|
return 200 'importScripts("${RWP_BASE_URL}sw.js");';
|
|
}
|
|
|
|
location /replay/ui.js {
|
|
add_header Content-Type application/javascript;
|
|
return 307 ${RWP_BASE_URL}ui.js;
|
|
}
|
|
|
|
# used by docker only: k8s deployment handles /api directly via ingress
|
|
location /api/ {
|
|
proxy_pass http://${BACKEND_HOST}:8000;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Forwarded-Proto $ingress_proto;
|
|
}
|
|
|
|
location ~* /watch/([^/]+)/([^/]+)/([^/]+)/ws {
|
|
set $org $1;
|
|
set $crawl $2;
|
|
set $num $3;
|
|
set $auth_bearer $arg_auth_bearer;
|
|
set $svc_suffix ".crawler";
|
|
set $fqdn_suffix "${CRAWLER_FQDN_SUFFIX}";
|
|
|
|
auth_request /access_check;
|
|
|
|
proxy_pass http://crawl-$crawl-$num$svc_suffix$fqdn_suffix:9037/ws;
|
|
proxy_set_header Host "localhost";
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $http_connection;
|
|
}
|
|
|
|
location = /access_check {
|
|
internal;
|
|
proxy_pass http://${BACKEND_HOST}:8000/api/orgs/$org/crawls/$crawl/access?auth_bearer=$auth_bearer;
|
|
proxy_pass_request_body off;
|
|
proxy_set_header Content-Length "";
|
|
}
|
|
|
|
# redirect to bundled build of novnc
|
|
location ~* ^/browser/([^/]+)/core/rfb.js$ {
|
|
absolute_redirect off;
|
|
return 308 /js/novnc.js;
|
|
}
|
|
|
|
location ~* ^/browser/([^/]+)/ws$ {
|
|
set $browserid $1;
|
|
set $auth_bearer $arg_auth_bearer;
|
|
set $org $arg_oid;
|
|
set $fqdn_suffix "${CRAWLER_FQDN_SUFFIX}";
|
|
|
|
auth_request /access_check_profiles;
|
|
|
|
proxy_pass http://browser-$browserid.browser$fqdn_suffix:6080/websockify;
|
|
proxy_set_header Host "localhost";
|
|
|
|
proxy_send_timeout 10m;
|
|
proxy_read_timeout 10m;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $http_connection;
|
|
}
|
|
|
|
location ~* ^/browser/([^/]+)/$ {
|
|
set $browserid $1;
|
|
set $auth_bearer $arg_auth_bearer;
|
|
set $org $arg_oid;
|
|
set $fqdn_suffix "${CRAWLER_FQDN_SUFFIX}";
|
|
|
|
auth_request /access_check_profiles;
|
|
|
|
proxy_pass http://browser-$browserid.browser$fqdn_suffix:9223/vnc/;
|
|
proxy_set_header Host "localhost";
|
|
}
|
|
|
|
location = /access_check_profiles {
|
|
internal;
|
|
proxy_pass http://${BACKEND_HOST}:8000/api/orgs/$org/profiles/browser/$browserid/access?auth_bearer=$auth_bearer;
|
|
proxy_pass_request_body off;
|
|
proxy_set_header Content-Length "";
|
|
}
|
|
|
|
include ./includes/*.conf;
|
|
}
|