navsqi/NGINX _auth.conf

## loadbalancer.conf
upstream App1 {
  server 127.0.01:5001;
  server 127.0.01:5002;
  server 127.0.01:5003;
}

server {
    listen 80;
    listen [::]:80;
    server_name apidev.qwerty.id;
    server_tokens off;
    client_max_body_size 100M;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }

}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name apidev.qwerty.id;
    server_tokens off;
    client_max_body_size 100M;

    if ($host != "apidev.qwerty.id") {
     return 404;
    }

    ssl_certificate /etc/letsencrypt/live/apidev.qwerty.id/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/apidev.qwerty.id/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://App1;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }
}


## loadbalancer2
upstream nodejs {
   least_conn;
    server localhost:5001;
    server 10.104.0.6:5002;
}

server {
    listen 80;
    listen [::]:80;

    server_name x.kasisolusi.com;
    server_tokens off;
    client_max_body_size 100M;

    return 301 https://$server_name$request_uri;

}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    ssl_certificate         /etc/ssl/certs/cert.pem; #path to your public key
    ssl_certificate_key     /etc/ssl/private/cert.key; #path to your private key

    server_name x.kasisolusi.com;

    location / {
        proxy_pass http://nodejs;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        # proxy_cache_bypass $http_upgrade;
        proxy_cache_bypass $http_pragma;
        proxy_cache_bypass $http_cache_control;
    }
}

## NGINX _auth.conf
server {
    listen 80;
    listen [::]:80;
    server_name "";
    server_tokens off;
    client_max_body_size 100M;

    # Docs: https://nginx.org/en/docs/http/ngx_http_auth_request_module.html
    location / {
        # Sebelum request masuk, akan melewati /auth terlebih dahulu
        # Jika response status = 200 : request akan diteruskan
        # Jika response status = 401 / 403 : request akan dihentikan
        auth_request /auth;

        # Mengambil header dari response /auth
        # misal res.setHeader('token', 'HALO SEMUA SAYA TOKEN HEHE');
        # auth_request_set $variable value
        # $upstream_http_namakeyheader => untuk mendapatkan header response auth
        auth_request_set $Token $upstream_http_token;

        # Set header
        proxy_set_header keyname $Token;

        proxy_pass http://host.docker.internal:5001;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }

    # Middleware auth
    location = /auth {
        internal;
        proxy_pass http://host.docker.internal:5001/auth/verify/;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_set_header X-Real-Ip $remote_addr;
        proxy_set_header Authorization $http_authorization;
    }
}


# https://stackoverflow.com/questions/40431767/conditional-nginx-auth-request
# https://stackoverflow.com/questions/31431436/nginx-is-it-possible-to-get-response-retuned-from-auth-request
# https://stackoverflow.com/questions/51545971/nginx-microservices-authentication
# https://stackoverflow.com/questions/40645270/nginx-auth-request-handler-accessing-post-request-body
	upstream App1 {
	server 127.0.01:5001;
	server 127.0.01:5002;
	server 127.0.01:5003;
	}

	server {
	listen 80;
	listen [::]:80;
	server_name apidev.qwerty.id;
	server_tokens off;
	client_max_body_size 100M;

	location /.well-known/acme-challenge/ {
	root /var/www/certbot;
	}

	location / {
	return 301 https://$host$request_uri;
	}

	}

	server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name apidev.qwerty.id;
	server_tokens off;
	client_max_body_size 100M;

	if ($host != "apidev.qwerty.id") {
	return 404;
	}

	ssl_certificate /etc/letsencrypt/live/apidev.qwerty.id/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/apidev.qwerty.id/privkey.pem;
	include /etc/letsencrypt/options-ssl-nginx.conf;
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

	location / {
	proxy_pass http://App1;
	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
	}
	upstream nodejs {
	least_conn;
	server localhost:5001;
	server 10.104.0.6:5002;
	}

	server {
	listen 80;
	listen [::]:80;

	server_name x.kasisolusi.com;
	server_tokens off;
	client_max_body_size 100M;

	return 301 https://$server_name$request_uri;

	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	ssl_certificate /etc/ssl/certs/cert.pem; #path to your public key
	ssl_certificate_key /etc/ssl/private/cert.key; #path to your private key

	server_name x.kasisolusi.com;

	location / {
	proxy_pass http://nodejs;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	# proxy_cache_bypass $http_upgrade;
	proxy_cache_bypass $http_pragma;
	proxy_cache_bypass $http_cache_control;
	}
	}