kaicode/_etc_nginx_conf.d_termserver.conf

## _etc_nginx_conf.d_termserver.conf
map $http_cookie $ihtsdo_cookie { default ""; "~(;\s|^)dev-ims-ihtsdo=(?<token>[^\;]+)" "dev-ims-ihtsdo=$token"; }

server {
  server_name _;
  listen 80;
  rewrite ^ https://$host$request_uri permanent;
  #endofhttpServer
}

server {
  server_name _;
  listen 443 ssl;

# Private SSL Config Removed from this file

  add_header Strict-Transport-Security max-age=15768000;

  set $secure off;
  if ($scheme = https) { set $secure on; }

  #maintenance mode with selective maintenace
  set $maintenance "";
  if ( -f /opt/maint/state/all)  { set $maintenance "1"; }
  if ( -f /opt/maint/state/$host) { set $maintenance "1"; }
  if ( $maintenance = "1" ) { return 503; }

  #proxy_pass directives
  proxy_http_version 1.1;
  proxy_set_header Connection "";
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_connect_timeout 150;
  proxy_send_timeout 100;
  proxy_read_timeout 100;
  proxy_buffers 4 32k;
  client_max_body_size 1024m;
  client_body_buffer_size 128k;
  proxy_busy_buffers_size    64k;
  proxy_temp_file_write_size 64k;
  proxy_set_header X-Forwarded-Proto "https";
  proxy_set_header X-Url-Scheme $scheme;
  proxy_redirect http:// https://;
  proxy_set_header X-Forwarded-Ssl $secure;
  proxy_set_header X-Forwarded-Host $host;

  root /opt/authoring-ui/lib;
  index index.html test-components.html;

  location / { try_files $uri $uri/ =404; }
  location /ims-api {
	proxy_pass https://dev-ims.ihtsdotools.org/api;
  	proxy_set_header Accept "application/json";
  }
  location /traceability-service { proxy_pass http://localhost:8085/; }
  location /classification-service { proxy_pass http://localhost:8089/classification-service; }
  location /authoring { alias /opt/template-based-authoring-frontend/lib; }
  location /tslogs { alias /tslogs; }
  location /config { alias /opt/authoring-ui/conf; }
  location /css-refactor { alias /opt/css-refactor/lib; }
  location /browser { alias /opt/terminology-server-browser/lib; }
  location /spellcheck-service { proxy_pass http://localhost:8087/spellcheck-service; }
  location /monitoring { proxy_pass http://localhost:8080/snowowl; }
  location /ads-api { proxy_pass https://dev-ads.ihtsdotools.org/ads-api; }
  location /ihtsdo-crs { proxy_pass https://dev-request.ihtsdotools.org/ihtsdo-crs; }
  location = /auth {
    proxy_pass https://dev-ims.ihtsdotools.org/api/account;
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
    proxy_set_header Accept "application/json";
    proxy_method GET;
    proxy_intercept_errors on;
    error_page 302 404 400 =403 @unauthorised;
  }

  location /snowowl {
      proxy_pass http://localhost:8080/snowowl;
      auth_request /auth;
      auth_request_set $auth_username $upstream_http_x_auth_username;
      auth_request_set $auth_roles $upstream_http_x_auth_roles;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-AUTH-username $auth_username;
      proxy_set_header X-AUTH-roles $auth_roles;
      proxy_set_header X-AUTH-token $ihtsdo_cookie;

      # Simple auth base64 encoded "someUsername:somePassword"
      proxy_set_header Authorization "Basic c29tZVVzZXJuYW1lOnNvbWVQYXNzd29yZA==";

      location ~ .*/exports/.*/archive$ {
        rewrite ^(.$) $1;
        proxy_pass http://localhost:8080;
        proxy_send_timeout 10000;
        proxy_read_timeout 10000;
      }
  }

  location /authoring-services/ui-configuration {
      proxy_pass http://localhost:8081/authoring-services/ui-configuration;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Host $host;
      # Simple auth base64 encoded "someUsername:somePassword"
      proxy_set_header Authorization "Basic c29tZVVzZXJuYW1lOnNvbWVQYXNzd29yZA==";

  }
  location /authoring-services/authoring-services-websocket {
  	proxy_pass http://localhost:8081/authoring-services/authoring-services-websocket;
  	proxy_set_header Upgrade $http_upgrade;
  	proxy_set_header Connection "Upgrade";
  }
  location /authoring-services {
      proxy_pass http://localhost:8081/authoring-services;
      auth_request /auth;
      auth_request_set $auth_username $upstream_http_x_auth_username;
      auth_request_set $auth_roles $upstream_http_x_auth_roles;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-AUTH-username $auth_username;
      proxy_set_header X-AUTH-roles $auth_roles;
      proxy_set_header X-AUTH-token $ihtsdo_cookie;
      # Simple auth base64 encoded "someUsername:somePassword"
      proxy_set_header Authorization "Basic c29tZVVzZXJuYW1lOnNvbWVQYXNzd29yZA==";
  }

  location /template-service {
       proxy_pass http://localhost:8086/template-service;
       auth_request /auth;
       auth_request_set $auth_username $upstream_http_x_auth_username;
       auth_request_set $auth_roles $upstream_http_x_auth_roles;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-Host $host;
       proxy_set_header X-AUTH-username $auth_username;
       proxy_set_header X-AUTH-roles $auth_roles;
       proxy_set_header X-AUTH-token $ihtsdo_cookie;
      # Simple auth base64 encoded "someUsername:somePassword"
      proxy_set_header Authorization "Basic c29tZVVzZXJuYW1lOnNvbWVQYXNzd29yZA==";
  }

  location /schedule-manager {
       proxy_pass http://localhost:8089/schedule-manager;
       auth_request /auth;
       auth_request_set $auth_username $upstream_http_x_auth_username;
       auth_request_set $auth_roles $upstream_http_x_auth_roles;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-Host $host;
       proxy_set_header X-AUTH-username $auth_username;
       proxy_set_header X-AUTH-roles $auth_roles;
       proxy_set_header X-AUTH-token $ihtsdo_cookie;
      # Simple auth base64 encoded "someUsername:somePassword"
      proxy_set_header Authorization "Basic c29tZVVzZXJuYW1lOnNvbWVQYXNzd29yZA==";
  }

  error_page 503 @maintenance;
  location @unauthorised  { return 403; }
  location @maintenance {
                root /opt/maint;
                rewrite ^(.*)$ /maintain.html break;
  }

#endofhttpsServer
}
	map $http_cookie $ihtsdo_cookie { default ""; "~(;\s\|^)dev-ims-ihtsdo=(?<token>[^\;]+)" "dev-ims-ihtsdo=$token"; }

	server {
	server_name _;
	listen 80;
	rewrite ^ https://$host$request_uri permanent;
	#endofhttpServer
	}

	server {
	server_name _;
	listen 443 ssl;

	# Private SSL Config Removed from this file

	add_header Strict-Transport-Security max-age=15768000;

	set $secure off;
	if ($scheme = https) { set $secure on; }

	#maintenance mode with selective maintenace
	set $maintenance "";
	if ( -f /opt/maint/state/all) { set $maintenance "1"; }
	if ( -f /opt/maint/state/$host) { set $maintenance "1"; }
	if ( $maintenance = "1" ) { return 503; }

	#proxy_pass directives
	proxy_http_version 1.1;
	proxy_set_header Connection "";
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_connect_timeout 150;
	proxy_send_timeout 100;
	proxy_read_timeout 100;
	proxy_buffers 4 32k;
	client_max_body_size 1024m;
	client_body_buffer_size 128k;
	proxy_busy_buffers_size 64k;
	proxy_temp_file_write_size 64k;
	proxy_set_header X-Forwarded-Proto "https";
	proxy_set_header X-Url-Scheme $scheme;
	proxy_redirect http:// https://;
	proxy_set_header X-Forwarded-Ssl $secure;
	proxy_set_header X-Forwarded-Host $host;

	root /opt/authoring-ui/lib;
	index index.html test-components.html;

	location / { try_files $uri $uri/ =404; }
	location /ims-api {
	proxy_pass https://dev-ims.ihtsdotools.org/api;
	proxy_set_header Accept "application/json";
	}
	location /traceability-service { proxy_pass http://localhost:8085/; }
	location /classification-service { proxy_pass http://localhost:8089/classification-service; }
	location /authoring { alias /opt/template-based-authoring-frontend/lib; }
	location /tslogs { alias /tslogs; }
	location /config { alias /opt/authoring-ui/conf; }
	location /css-refactor { alias /opt/css-refactor/lib; }
	location /browser { alias /opt/terminology-server-browser/lib; }
	location /spellcheck-service { proxy_pass http://localhost:8087/spellcheck-service; }
	location /monitoring { proxy_pass http://localhost:8080/snowowl; }
	location /ads-api { proxy_pass https://dev-ads.ihtsdotools.org/ads-api; }
	location /ihtsdo-crs { proxy_pass https://dev-request.ihtsdotools.org/ihtsdo-crs; }
	location = /auth {
	proxy_pass https://dev-ims.ihtsdotools.org/api/account;
	proxy_pass_request_body off;
	proxy_set_header Content-Length "";
	proxy_set_header Accept "application/json";
	proxy_method GET;
	proxy_intercept_errors on;
	error_page 302 404 400 =403 @unauthorised;
	}

	location /snowowl {
	proxy_pass http://localhost:8080/snowowl;
	auth_request /auth;
	auth_request_set $auth_username $upstream_http_x_auth_username;
	auth_request_set $auth_roles $upstream_http_x_auth_roles;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-AUTH-username $auth_username;
	proxy_set_header X-AUTH-roles $auth_roles;
	proxy_set_header X-AUTH-token $ihtsdo_cookie;

	# Simple auth base64 encoded "someUsername:somePassword"
	proxy_set_header Authorization "Basic c29tZVVzZXJuYW1lOnNvbWVQYXNzd29yZA==";

	location ~ ./exports/./archive$ {
	rewrite ^(.$) $1;
	proxy_pass http://localhost:8080;
	proxy_send_timeout 10000;
	proxy_read_timeout 10000;
	}
	}

	location /authoring-services/ui-configuration {
	proxy_pass http://localhost:8081/authoring-services/ui-configuration;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-Host $host;
	# Simple auth base64 encoded "someUsername:somePassword"
	proxy_set_header Authorization "Basic c29tZVVzZXJuYW1lOnNvbWVQYXNzd29yZA==";

	}
	location /authoring-services/authoring-services-websocket {
	proxy_pass http://localhost:8081/authoring-services/authoring-services-websocket;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	}
	location /authoring-services {
	proxy_pass http://localhost:8081/authoring-services;
	auth_request /auth;
	auth_request_set $auth_username $upstream_http_x_auth_username;
	auth_request_set $auth_roles $upstream_http_x_auth_roles;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-AUTH-username $auth_username;
	proxy_set_header X-AUTH-roles $auth_roles;
	proxy_set_header X-AUTH-token $ihtsdo_cookie;
	# Simple auth base64 encoded "someUsername:somePassword"
	proxy_set_header Authorization "Basic c29tZVVzZXJuYW1lOnNvbWVQYXNzd29yZA==";
	}

	location /template-service {
	proxy_pass http://localhost:8086/template-service;
	auth_request /auth;
	auth_request_set $auth_username $upstream_http_x_auth_username;
	auth_request_set $auth_roles $upstream_http_x_auth_roles;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-AUTH-username $auth_username;
	proxy_set_header X-AUTH-roles $auth_roles;
	proxy_set_header X-AUTH-token $ihtsdo_cookie;
	# Simple auth base64 encoded "someUsername:somePassword"
	proxy_set_header Authorization "Basic c29tZVVzZXJuYW1lOnNvbWVQYXNzd29yZA==";
	}

	location /schedule-manager {
	proxy_pass http://localhost:8089/schedule-manager;
	auth_request /auth;
	auth_request_set $auth_username $upstream_http_x_auth_username;
	auth_request_set $auth_roles $upstream_http_x_auth_roles;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-AUTH-username $auth_username;
	proxy_set_header X-AUTH-roles $auth_roles;
	proxy_set_header X-AUTH-token $ihtsdo_cookie;
	# Simple auth base64 encoded "someUsername:somePassword"
	proxy_set_header Authorization "Basic c29tZVVzZXJuYW1lOnNvbWVQYXNzd29yZA==";
	}

	error_page 503 @maintenance;
	location @unauthorised { return 403; }
	location @maintenance {
	root /opt/maint;
	rewrite ^(.*)$ /maintain.html break;
	}

	#endofhttpsServer
	}