Skip to content

Instantly share code, notes, and snippets.

@brecke

brecke/nginx.conf Secret

Last active August 9, 2021 10:06
Show Gist options
  • Save brecke/b287c56072dca7ab8bf8162fa5f2995b to your computer and use it in GitHub Desktop.
Save brecke/b287c56072dca7ab8bf8162fa5f2995b to your computer and use it in GitHub Desktop.
Download ZIP
Nginx config for cake
Raw
nginx.conf
user root nogroup;
worker_processes 1;
worker_rlimit_nofile 8192;
events {
worker_connections 4096;
}
http {
# Allows us to have "server_name" strings up to 32 characters
server_names_hash_bucket_size 64;
####################
## PROXY SETTINGS ##
####################
proxy_next_upstream error timeout http_502;
# Only give the app server 5 seconds for a request before assuming it's down and retrying
proxy_connect_timeout 5;
proxy_read_timeout 5;
# Rewrite http headers to upstream servers
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
###################
## GZIP SETTINGS ##
###################
gzip on;
gzip_min_length 1000;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_proxied any;
gzip_types text/css text/plain text/xml application/xml application/xml+rss text/javascript application/javascript application/x-javascript application/json;
##########################
## MAXIMUM REQUEST SIZE ##
##########################
# Determines the maximum filesize that a user can upload.
client_max_body_size 4096M;
##################
##################
## GLOBAL ADMIN ##
##################
##################
####################
## LOAD BALANCING ##
####################
upstream globaladminworkers {
server host.docker.internal:2000;
# Add extra app nodes here.
}
# here goes admin server
###################
###################
## TENANT SERVER ##
###################
###################
####################
## LOAD BALANCING ##
####################
upstream tenantworkers {
server host.docker.internal:2001;
}
upstream frontend {
server host.docker.internal:5000;
}
server {
listen 80;
# listen 443 ssl;
include /etc/nginx/self-signed.conf;
include /etc/nginx/ssl-params.conf;
server_name guest.oae.com;
#########################
## APP SERVER REQUESTS ##
#########################
location /api/auth/shibboleth/callback {
expires -1;
proxy_read_timeout 120;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location /api/config {
expires 15m;
proxy_pass http://tenantworkers;
}
location /api/content/create {
expires -1;
proxy_read_timeout 300;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location ~* /api/content/([^\/]+)/messages {
expires -1;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location ~* /api/content/([^\/]+)/newversion {
expires -1;
proxy_read_timeout 300;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location ~* /api/content/([^\/]+)/publish {
expires -1;
proxy_read_timeout 300;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location ~* /api/content/([^\/]+)/revisions/([^\/]+)/previews {
expires -1;
proxy_read_timeout 1200;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location ~* /api/content/([^\/]+)/revisions/([^\/]+)/restore {
expires -1;
proxy_read_timeout 300;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location /api/discussion/create {
expires -1;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location ~* /api/discussion/([^\/]+)/messages {
expires -1;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
# This can be cached indefinitely because we use signatures that change over time to control invalidation
location /api/download/signed {
expires max;
proxy_pass http://tenantworkers;
}
location /api/folder {
expires -1;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location /api/group/create {
expires -1;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location ~* /api/group/([^\/]+)/picture {
expires -1;
proxy_read_timeout 60;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location /api/ui/skin {
expires 15m;
proxy_pass http://tenantworkers;
}
location ~* /api/group/([^\/]+)/picture {
expires -1;
proxy_read_timeout 60;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location /api/ui/staticbatch {
expires max;
proxy_read_timeout 300;
proxy_pass http://tenantworkers;
}
location /api/tenant/landingPage {
expires 15m;
proxy_pass http://tenantworkers;
}
location /api/ui/widgets {
expires 15m;
proxy_pass http://tenantworkers;
}
location /api/user/create {
expires -1;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location /api/user/createTenantAdminUser {
expires -1;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location /api/user/import {
expires -1;
proxy_read_timeout 300;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
location ~* /api/user/([^\/]+)/picture {
expires -1;
proxy_read_timeout 60;
proxy_next_upstream error http_502;
proxy_pass http://tenantworkers;
}
########################
## PUSH NOTIFICATIONS ##
########################
location /api/push/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_pass http://tenantworkers;
proxy_redirect off;
proxy_buffering off;
proxy_read_timeout 3600;
}
# Explicitly don't cache any other API requests
location /api/ {
expires -1;
proxy_read_timeout 300;
proxy_pass http://tenantworkers;
}
####################
## FILE DOWNLOADS ##
####################
# An internal endpoint that is used by the local file storage backend.
# Change the alias so that it points to the directory that will contain the file bodies.
# This should match with the oae-content/storage/local-dir config value as configured
# in the admin UI.
location /files {
internal;
alias /usr/share/files;
}
#######################
## ETHERCALC SERVERS ##
#######################
location /ethercalc/0 {
expires 15m;
rewrite ^/ethercalc/0(.*)$ $1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://host.docker.internal:8000;
proxy_buffering off;
proxy_read_timeout 60;
}
location /ethercalc/0/socket.io/ {
rewrite ^/ethercalc/0(.*)$ $1 break;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_pass http://host.docker.internal:8000;
proxy_buffering off;
proxy_read_timeout 60;
}
location /zappa/socket/__local/ {
# rewrite (.*) $1 break;
rewrite ^/ethercalc/0(.*)$ $1 break;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_pass http://host.docker.internal:8000;
proxy_buffering off;
proxy_read_timeout 60;
}
######################
## ETHERPAD SERVERS ##
######################
location /etherpad/0 {
expires 15m;
rewrite ^/etherpad/0(.*)$ $1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://host.docker.internal:9001;
proxy_buffering off;
proxy_read_timeout 60;
}
location /etherpad/0/socket.io/1/websocket/ {
rewrite ^/etherpad/0(.*)$ $1 break;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_pass http://host.docker.internal:9001;
proxy_buffering off;
proxy_read_timeout 60;
}
location / {
# I have no idea whether the first 3 directives are necessary
include /etc/nginx/mime.conf;
add_header Access-Control-Allow-Origin "*";
add_header X-Content-Type-Options nosniff;
proxy_pass http://frontend;
}
}
# here goes tenant server
include /etc/nginx/mime.conf;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment