/
openlmis.conf
122 lines (107 loc) · 4.13 KB
/
openlmis.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
{{ $loaded_services := services }}
{{ $resources := tree (env "RESOURCES_PATH") }}
{{ range $loaded_services }}
{{- if in .Tags (env "SERVICE_TAG") -}}
{{- $current_service := service .Name "any" -}}
{{- if not (eq (len $current_service) 0) }}
upstream {{ .Name }} {
least_conn;
keepalive 128;
{{ range $current_service }}server {{ .Address }}:{{ .Port }};
{{ end }}
}
{{ end -}}
{{- end -}}
{{ end }}
log_format upstream_time '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$request_time $upstream_connect_time '
'$upstream_header_time $upstream_response_time '
'$pipe $bytes_sent $request_length';
server {
listen 80;
gzip off;
access_log {{ env "NGINX_LOG_DIR" }}/access.log upstream_time buffer=64k flush=30s;
error_log {{ env "NGINX_LOG_DIR" }}/error.log;
server_name {{ env "VIRTUAL_HOST" }};
client_max_body_size {{ env "CLIENT_MAX_BODY_SIZE" }};
proxy_connect_timeout {{ env "PROXY_CONNECT_TIMEOUT" }};
proxy_send_timeout {{ env "PROXY_SEND_TIMEOUT" }};
proxy_read_timeout {{ env "PROXY_READ_TIMEOUT" }};
proxy_set_header Connection "";
proxy_http_version 1.1;
send_timeout {{ env "SEND_TIMEOUT" }};
{{ $paramRegex := "{[\\w-]+}" }}
{{ $allRegex := "<[\\w-]+>" }}
{{ $globalAllRegex := "^<[\\w-]+>$" }}
{{ $paramReplace := "[\\w-]+" }}
{{ $allReplace := ".+" }}
# First retrieve paths without parameters
{{ range $resources }} {{ $location := .Key }} {{ $upstream := .Value }}
{{- if not (or (regexMatch $paramRegex $location) (regexMatch $allRegex $location)) }}
location ~ /{{ $location }}/?$ {
{{- if eq (env "REQUIRE_SSL") "true" }}
if ($http_x_forwarded_proto != "https") {
return 307 https://$host$request_uri;
}
{{ end }}
proxy_pass http://{{ $upstream }};
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
{{ end -}}
{{ end }}
# Retrieve paths with {param} wildcard
{{ range $resources }} {{ $location := .Key }} {{ $upstream := .Value }}
{{- if regexMatch $paramRegex $location }}
{{ $location := ($location | regexReplaceAll $paramRegex $paramReplace) }}
location ~ /{{ $location }}/?$ {
{{- if eq (env "REQUIRE_SSL") "true" }}
if ($http_x_forwarded_proto != "https") {
return 307 https://$host$request_uri;
}
{{ end }}
proxy_pass http://{{ $upstream }};
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
{{ end -}}
{{ end }}
# Retrieve paths with <all> wildcard, but without global wildcard
{{ range $resources }} {{ $location := .Key }} {{ $upstream := .Value }}
{{- if and (regexMatch $allRegex $location) (not (regexMatch $globalAllRegex $location)) }}
{{ $location := ($location | regexReplaceAll $allRegex $allReplace) }}
location ~ /{{ $location }}/?$ {
{{- if eq (env "REQUIRE_SSL") "true" }}
if ($http_x_forwarded_proto != "https") {
return 307 https://$host$request_uri;
}
{{ end }}
proxy_pass http://{{ $upstream }};
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
{{ end -}}
{{ end }}
# Retrieve global <all> wildcard (if existent)
{{ range $resources }} {{ $location := .Key }} {{ $upstream := .Value }}
{{- if regexMatch $globalAllRegex $location }}
location ~ / {
{{- if eq (env "REQUIRE_SSL") "true" }}
if ($http_x_forwarded_proto != "https") {
return 307 https://$host$request_uri;
}
{{ end }}
proxy_pass http://{{ $upstream }};
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ /.+$ {
{{- if eq (env "REQUIRE_SSL") "true" }}
if ($http_x_forwarded_proto != "https") {
return 307 https://$host$request_uri;
}
{{ end }}
proxy_pass http://{{ $upstream }};
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
{{ end -}}
{{ end }}
}