Created
May 11, 2021 01:47
-
-
Save toddysm/d3f6a656a182105d0842bc33a3e6d133 to your computer and use it in GitHub Desktop.
Azure IoT Edge API Proxy Configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
events { } | |
http { | |
proxy_buffers 32 160k; | |
proxy_buffer_size 160k; | |
proxy_read_timeout 3600; | |
error_log /dev/stdout info; | |
access_log /dev/stdout; | |
map $http_authorization $auth { | |
default $http_authorization; | |
"" "${SAS_TOKEN}"; | |
} | |
server { | |
listen ${NGINX_DEFAULT_PORT} ssl default_server; | |
chunked_transfer_encoding on; | |
ssl_certificate server.crt; | |
ssl_certificate_key private_key_server.pem; | |
ssl_client_certificate trustedCA.crt; | |
ssl_verify_depth 7; | |
ssl_verify_client optional_no_ca; | |
#if_tag ${BLOB_UPLOAD_ROUTE_ADDRESS} | |
if ($http_x_ms_version) | |
{ | |
rewrite ^(.*)$ /storage$1 last; | |
} | |
#endif_tag ${BLOB_UPLOAD_ROUTE_ADDRESS} | |
#if_tag !${BLOB_UPLOAD_ROUTE_ADDRESS} | |
if ($http_x_ms_version) | |
{ | |
rewrite ^(.*)$ /parent$1 last; | |
} | |
#endif_tag ${BLOB_UPLOAD_ROUTE_ADDRESS} | |
#if_tag ${DOCKER_REQUEST_ROUTE_ADDRESS} | |
if ($uri ~ ^/v2*.) | |
{ | |
rewrite ^(.*)$ /registry$1 last; | |
} | |
#endif_tag ${DOCKER_REQUEST_ROUTE_ADDRESS} | |
#if_tag !${DOCKER_REQUEST_ROUTE_ADDRESS} | |
if ($uri ~ ^/v2*.) | |
{ | |
rewrite ^(.*)$ /parent$1 last; | |
} | |
#endif_tag ${DOCKER_REQUEST_ROUTE_ADDRESS} | |
#if_tag ${DOCKER_REQUEST_ROUTE_ADDRESS} | |
location ~^/registry/(.*) { | |
proxy_http_version 1.1; | |
resolver 127.0.0.11; | |
set $upstream_endpoint http://${DOCKER_REQUEST_ROUTE_ADDRESS}/$1$is_args$args; | |
proxy_pass $upstream_endpoint; | |
} | |
#endif_tag ${DOCKER_REQUEST_ROUTE_ADDRESS} | |
#if_tag ${BLOB_UPLOAD_ROUTE_ADDRESS} | |
location ~^/storage/(.*){ | |
resolver 127.0.0.11; | |
proxy_http_version 1.1; | |
set $upstream_endpoint http://${BLOB_UPLOAD_ROUTE_ADDRESS}/$1$is_args$args; | |
proxy_pass $upstream_endpoint; | |
} | |
#endif_tag ${BLOB_UPLOAD_ROUTE_ADDRESS} | |
#if_tag ${CONNECTED_ACR_ROUTE_ADDRESS} | |
location /v2 { | |
resolver 127.0.0.11; | |
proxy_http_version 1.1; | |
proxy_pass http://${CONNECTED_ACR_ROUTE_ADDRESS}; | |
proxy_set_header X-Forwarded-Host $http_host; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
} | |
location /acr { | |
resolver 127.0.0.11; | |
proxy_http_version 1.1; | |
proxy_pass http://${CONNECTED_ACR_ROUTE_ADDRESS}; | |
proxy_set_header X-Forwarded-Host $http_host; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
} | |
#endif_tag ${CONNECTED_ACR_ROUTE_ADDRESS} | |
#if_tag ${IOTEDGE_PARENTHOSTNAME} | |
location ~^/parent/(.*) { | |
proxy_http_version 1.1; | |
resolver 127.0.0.11; | |
#proxy_ssl_certificate identity.crt; | |
#proxy_ssl_certificate_key private_key_identity.pem; | |
proxy_ssl_server_name on; | |
proxy_ssl_name ${IOTEDGE_PARENTAPIPROXYNAME}; | |
proxy_ssl_trusted_certificate trustedCA.crt; | |
proxy_ssl_verify_depth 7; | |
proxy_ssl_verify on; | |
proxy_pass https://${IOTEDGE_PARENTHOSTNAME}:${NGINX_DEFAULT_PORT}/$1$is_args$args; | |
} | |
#endif_tag ${IOTEDGE_PARENTHOSTNAME} | |
location ~^/devices|twins/ { | |
resolver 127.0.0.11; | |
proxy_http_version 1.1; | |
proxy_ssl_verify off; | |
proxy_set_header x-ms-edge-clientcert $ssl_client_escaped_cert; | |
proxy_set_header Authorization $auth; | |
set $upstream_endpoint https://edgeHub; | |
proxy_pass $upstream_endpoint; | |
} | |
location ~^/.iothub/websocket { | |
resolver 127.0.0.11; | |
proxy_ssl_verify off; | |
proxy_set_header x-ms-edge-clientcert $ssl_client_escaped_cert; | |
proxy_set_header Authorization $auth; | |
set $upstream_endpoint https://edgeHub; | |
proxy_pass $upstream_endpoint; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "Upgrade"; | |
proxy_set_header Host $host; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment