-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx-noauth.conf
135 lines (111 loc) · 5.33 KB
/
nginx-noauth.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
server {
listen 443 ssl default_server;
server_name api.bourbaki.network;
ssl_certificate /etc/letsencrypt/live/api.bourbaki.network/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.bourbaki.network/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/api.bourbaki.network/chain.pem;
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
location / {
return 200;
}
location /v1 {
resolver 1.1.1.1 valid=30s;
proxy_pass http://graphql-engine:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
dav_methods PUT DELETE;
proxy_buffering off;
proxy_http_version 1.1;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}
location /auth {
resolver 1.1.1.1 valid=30s;
proxy_pass http://hasura-backend-plus:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
dav_methods PUT DELETE;
proxy_buffering off;
proxy_http_version 1.1;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}
location /storage {
resolver 1.1.1.1 valid=30s;
proxy_pass http://hasura-backend-plus:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
dav_methods PUT DELETE;
proxy_buffering off;
proxy_http_version 1.1;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}
location /console {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,x-setu-env,X-Setu-Partner-ID,X-Setu-Product-ID,Authorization';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
# Every request after this should be authenticated
resolver 1.1.1.1 valid=30s;
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,x-setu-env,X-Setu-Partner-ID,X-Setu-Product-ID,Authorization';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,x-setu-env,X-Setu-Partner-ID,X-Setu-Product-ID,Authorization';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'PUT') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,x-setu-env,X-Setu-Partner-ID,X-Setu-Product-ID,Authorization';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'DELETE') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,x-setu-env,X-Setu-Partner-ID,X-Setu-Product-ID,Authorization';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
proxy_pass http://graphql-engine:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
dav_methods PUT DELETE;
proxy_buffering off;
proxy_http_version 1.1;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}
}