# nginx configuration file for Data Fair # nginx cache definition proxy_cache_path /var/cache/nginx/data-fair levels=1:2 keys_zone=data-fair-cache:10m inactive=10d max_size=10g; # this is necessary for host based routing where different hosts serve different content on the same path proxy_cache_key $scheme$host$request_uri; # log format definition for the logs sent over UDP to metrics log_format operation escape=none 'syslog_secret { "date": "$time_iso8601", "duration": $request_time, "status": {"code": $status}, "owner": $upstream_http_x_owner, "id_token": "$cookie_id_token.$cookie_id_token_sign", "id_token_org": "$cookie_id_token_org", "apiKey": "$http_x_apikey", "resource": $upstream_http_x_resource, "operation": $upstream_http_x_operation, "referer": "$http_referer", "bytes": $bytes_sent }'; server { # Listen to port 443 on both IPv4 and IPv6. listen 443 ssl default_server reuseport; listen [::]:443 ssl default_server reuseport; # Edit this part with your domain name server_name test.com; # Load the certificate files automatically created by certbot ssl_certificate /etc/letsencrypt/live/data-fair/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/data-fair/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/data-fair/chain.pem; # Transmit host, protocol and user ip, we use it for routing, rate limiting, etc. proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Client-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; # Headers we use for better private caching proxy_set_header X-Private-If-Modified-Since $http_if_modified_since; proxy_set_header X-Private-If-None-Match $http_if_none_match; # web socket support proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; # accept some occasional long queries proxy_read_timeout 600s; # body size limits are implemented by services themselves client_max_body_size 0; # direct streaming of uploads proxy_request_buffering off; # direct streaming of downloads, enabled on-demand by services using x-accel-buffering header proxy_buffering off; # allow large response headers (setCookies with large session token) proxy_buffer_size 32k; # use docker resolver to resolve service names, prevents cached ip breakage at service restart resolver 127.0.0.11 valid=10s; # send logs over UDP to the metrics service access_log syslog:server=metrics:514 operation if=$upstream_http_x_operation; # a simple cache respecting the cache-control headers proxy_cache data-fair-cache; proxy_cache_revalidate on; proxy_cache_lock on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; add_header X-Cache-Status $upstream_cache_status; # redirect root to /data-fair/ location = / { return 302 /data-fair/; } location /data-fair { rewrite ^/data-fair/(.*) /$1 break; proxy_pass http://data-fair:8080/; } location /simple-directory { rewrite ^/simple-directory/(.*) /$1 break; proxy_pass http://simple-directory:8080/; } location /mails { rewrite ^/mails/(.*) /$1 break; proxy_pass http://simple-directory:1080/; } location /portals { rewrite ^/portals/(.*) /$1 break; proxy_pass http://portals:8080/; } location /processings { rewrite ^/processings/(.*) /$1 break; proxy_pass http://processings:8080/; } location /metrics { rewrite ^/metrics/(.*) /$1 break; proxy_pass http://metrics:8080/; } location /api-doc { rewrite ^/api-doc/(.*) /$1 break; proxy_pass http://openapi-viewer:8080/; } location /capture { rewrite ^/capture/(.*) /$1 break; proxy_pass http://capture:8080/; } location /notify { rewrite ^/notify/(.*) /$1 break; proxy_pass http://notify:8080/; } location /thumbor { rewrite ^/thumbor/(.*) /$1 break; proxy_pass http://thumbor:8000/; } }