2015-07-20 00:09:47 -07:00
|
|
|
# http://nginx.org/en/docs/http/websocket.html
|
|
|
|
|
map $http_upgrade $connection_upgrade {
|
|
|
|
|
default upgrade;
|
|
|
|
|
'' close;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-26 11:26:42 +02:00
|
|
|
# Allow apps to override this https://stackoverflow.com/questions/13583501/nginx-how-to-add-header-if-it-is-not-set
|
|
|
|
|
map $upstream_http_referrer_policy $hrp {
|
|
|
|
|
default $upstream_http_referrer_policy;
|
|
|
|
|
"" "same-origin";
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-26 21:50:16 -07:00
|
|
|
# http server
|
|
|
|
|
server {
|
2022-02-09 18:03:25 -08:00
|
|
|
# note listen [::]:80 only listens on ipv6 since ipv6only=on since nginx 1.3.4. listen 80 listens on ipv4 only
|
2020-09-23 22:13:02 -07:00
|
|
|
<% if (endpoint === 'ip' || endpoint === 'setup') { -%>
|
|
|
|
|
listen 80 default_server;
|
|
|
|
|
server_name _;
|
2017-10-26 21:50:16 -07:00
|
|
|
<% if (hasIPv6) { -%>
|
2020-09-23 22:13:02 -07:00
|
|
|
listen [::]:80 default_server;
|
2017-10-26 21:50:16 -07:00
|
|
|
<% } -%>
|
|
|
|
|
<% } else { -%>
|
2020-09-23 22:13:02 -07:00
|
|
|
listen 80;
|
|
|
|
|
server_name <%= vhost %>;
|
|
|
|
|
<% if (hasIPv6) { -%>
|
|
|
|
|
listen [::]:80;
|
|
|
|
|
<% } -%>
|
2017-10-26 21:50:16 -07:00
|
|
|
<% } -%>
|
|
|
|
|
|
2020-09-23 22:13:02 -07:00
|
|
|
server_tokens off; # hide version
|
|
|
|
|
|
|
|
|
|
# acme challenges
|
2017-11-02 11:29:51 -07:00
|
|
|
location /.well-known/acme-challenge/ {
|
|
|
|
|
default_type text/plain;
|
|
|
|
|
alias /home/yellowtent/platformdata/acme/;
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-08 11:02:06 -08:00
|
|
|
location /notfound.html {
|
|
|
|
|
root <%= sourceDir %>/dashboard/dist;
|
|
|
|
|
try_files /notfound.html =404;
|
|
|
|
|
internal;
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-08 09:51:15 -08:00
|
|
|
# for default server, serve the notfound page. for other endpoints, redirect to HTTPS
|
2017-10-26 21:50:16 -07:00
|
|
|
location / {
|
2021-05-05 13:13:01 -07:00
|
|
|
<% if ( endpoint === 'dashboard' || endpoint === 'setup' ) { %>
|
2017-10-26 21:50:16 -07:00
|
|
|
return 301 https://$host$request_uri;
|
2022-06-06 20:04:22 +02:00
|
|
|
<% } else if ( endpoint === 'app' || endpoint === 'external' ) { %>
|
2020-09-02 18:55:21 -07:00
|
|
|
return 301 https://$host$request_uri;
|
|
|
|
|
<% } else if ( endpoint === 'redirect' ) { %>
|
|
|
|
|
return 301 https://<%= redirectTo %>$request_uri;
|
2020-09-23 22:13:02 -07:00
|
|
|
<% } else if ( endpoint === 'ip' ) { %>
|
2021-01-08 11:02:06 -08:00
|
|
|
root /home/yellowtent/boxdata;
|
|
|
|
|
try_files /custom_pages/notfound.html /notfound.html;
|
2020-09-02 18:55:21 -07:00
|
|
|
<% } %>
|
2017-10-26 21:50:16 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# https server
|
2015-07-20 00:09:47 -07:00
|
|
|
server {
|
2020-09-23 22:13:02 -07:00
|
|
|
<% if (endpoint === 'ip' || endpoint === 'setup') { -%>
|
|
|
|
|
listen 443 ssl http2 default_server;
|
|
|
|
|
server_name _;
|
2017-09-29 19:19:21 +02:00
|
|
|
<% if (hasIPv6) { -%>
|
2020-09-23 22:13:02 -07:00
|
|
|
listen [::]:443 ssl http2 default_server;
|
2017-09-29 19:19:21 +02:00
|
|
|
<% } -%>
|
|
|
|
|
<% } else { -%>
|
2020-09-23 22:13:02 -07:00
|
|
|
listen 443 ssl http2;
|
|
|
|
|
server_name <%= vhost %>;
|
2017-09-29 19:19:21 +02:00
|
|
|
<% if (hasIPv6) { -%>
|
2020-09-23 22:13:02 -07:00
|
|
|
listen [::]:443 ssl http2;
|
2017-09-29 19:19:21 +02:00
|
|
|
<% } -%>
|
|
|
|
|
<% } -%>
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2020-07-13 09:27:42 -07:00
|
|
|
server_tokens off; # hide version
|
|
|
|
|
|
2015-07-20 00:09:47 -07:00
|
|
|
# paths are relative to prefix and not to this file
|
2015-10-28 12:42:04 +01:00
|
|
|
ssl_certificate <%= certFilePath %>;
|
|
|
|
|
ssl_certificate_key <%= keyFilePath %>;
|
2015-07-20 00:09:47 -07:00
|
|
|
ssl_session_timeout 5m;
|
2020-03-24 19:02:58 -07:00
|
|
|
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
|
|
|
|
ssl_session_tickets off;
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2016-04-28 09:59:03 -07:00
|
|
|
# https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
2020-03-24 19:02:58 -07:00
|
|
|
# https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#25-use-forward-secrecy
|
|
|
|
|
# ciphers according to https://ssl-config.mozilla.org/#server=nginx&version=1.14.0&config=intermediate&openssl=1.1.1&guideline=5.4
|
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
2020-04-10 09:49:04 -07:00
|
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256;
|
2020-03-24 19:02:58 -07:00
|
|
|
ssl_prefer_server_ciphers off;
|
2018-04-11 15:15:29 +02:00
|
|
|
|
2022-03-13 23:04:31 -07:00
|
|
|
# some apps have underscores in headers. this is apparently disabled by default because of some legacy CGI compat
|
|
|
|
|
underscores_in_headers on;
|
|
|
|
|
|
2021-11-17 11:48:06 -08:00
|
|
|
<% if (endpoint !== 'ip' && endpoint !== 'setup') { -%>
|
|
|
|
|
# dhparams is generated only after dns setup
|
2021-05-02 23:28:41 -07:00
|
|
|
ssl_dhparam /home/yellowtent/platformdata/dhparams.pem;
|
2021-11-17 11:48:06 -08:00
|
|
|
<% } -%>
|
2021-03-22 19:03:23 -07:00
|
|
|
add_header Strict-Transport-Security "max-age=63072000";
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2021-04-16 11:17:13 -07:00
|
|
|
<% if ( ocsp ) { -%>
|
|
|
|
|
# OCSP. LE certs are generated with must-staple flag so clients can enforce OCSP
|
|
|
|
|
ssl_stapling on;
|
|
|
|
|
ssl_stapling_verify on;
|
|
|
|
|
<% } %>
|
|
|
|
|
|
2017-03-08 21:33:30 -08:00
|
|
|
# https://github.com/twitter/secureheaders
|
|
|
|
|
# https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Compatibility_Matrix
|
|
|
|
|
# https://wiki.mozilla.org/Security/Guidelines/Web_Security
|
|
|
|
|
add_header X-XSS-Protection "1; mode=block";
|
2017-03-21 13:50:42 +01:00
|
|
|
proxy_hide_header X-XSS-Protection;
|
2017-03-08 21:33:30 -08:00
|
|
|
add_header X-Download-Options "noopen";
|
2017-03-21 13:50:42 +01:00
|
|
|
proxy_hide_header X-Download-Options;
|
2017-03-08 21:33:30 -08:00
|
|
|
add_header X-Content-Type-Options "nosniff";
|
2017-03-21 13:50:42 +01:00
|
|
|
proxy_hide_header X-Content-Type-Options;
|
2017-03-08 21:33:30 -08:00
|
|
|
add_header X-Permitted-Cross-Domain-Policies "none";
|
2017-03-21 13:50:42 +01:00
|
|
|
proxy_hide_header X-Permitted-Cross-Domain-Policies;
|
2021-04-26 11:26:42 +02:00
|
|
|
|
|
|
|
|
# See header handling from upstream on top of this file
|
|
|
|
|
add_header Referrer-Policy $hrp;
|
2017-03-31 16:11:54 -07:00
|
|
|
proxy_hide_header Referrer-Policy;
|
2017-03-08 21:33:30 -08:00
|
|
|
|
2019-02-20 15:12:04 -08:00
|
|
|
# gzip responses that are > 50k and not images
|
|
|
|
|
gzip on;
|
2021-02-15 11:46:36 -08:00
|
|
|
gzip_min_length 18k;
|
2019-02-20 15:12:04 -08:00
|
|
|
gzip_types text/css text/javascript text/xml text/plain application/javascript application/x-javascript application/json;
|
|
|
|
|
|
|
|
|
|
# enable for proxied requests as well
|
|
|
|
|
gzip_proxied any;
|
|
|
|
|
|
2021-05-05 13:13:01 -07:00
|
|
|
<% if ( endpoint === 'dashboard' || endpoint === 'ip' || endpoint === 'setup' ) { -%>
|
|
|
|
|
# CSP headers for the dashboard resources
|
2019-08-21 22:06:14 +02:00
|
|
|
add_header Content-Security-Policy "default-src 'none'; frame-src 'self' cloudron.io *.cloudron.io; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self';";
|
2019-10-13 18:22:03 -07:00
|
|
|
<% } else { %>
|
2019-10-14 16:59:22 -07:00
|
|
|
<% if (cspQuoted) { %>
|
|
|
|
|
add_header Content-Security-Policy <%- cspQuoted %>;
|
2019-10-13 18:22:03 -07:00
|
|
|
<% } %>
|
|
|
|
|
|
2019-10-14 16:59:22 -07:00
|
|
|
<% for (var i = 0; i < hideHeaders.length; i++) { -%>
|
|
|
|
|
proxy_hide_header <%- hideHeaders[i] %>;
|
2019-10-13 18:22:03 -07:00
|
|
|
<% } %>
|
2018-04-11 12:26:53 +02:00
|
|
|
<% } -%>
|
|
|
|
|
|
2015-07-20 00:09:47 -07:00
|
|
|
proxy_http_version 1.1;
|
2020-01-13 14:54:19 -08:00
|
|
|
# intercept errors (>= 400) and use the error_page handler
|
2015-07-20 00:09:47 -07:00
|
|
|
proxy_intercept_errors on;
|
2020-01-13 14:54:19 -08:00
|
|
|
# nginx will return 504 on connect/timeout errors
|
2015-07-20 00:09:47 -07:00
|
|
|
proxy_read_timeout 3500;
|
|
|
|
|
proxy_connect_timeout 3250;
|
|
|
|
|
|
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
|
proxy_set_header X-Forwarded-Host $host;
|
2017-07-18 15:58:46 +00:00
|
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
2015-07-20 00:09:47 -07:00
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
2016-08-17 17:46:06 -07:00
|
|
|
proxy_set_header X-Forwarded-Ssl on;
|
2015-07-20 00:09:47 -07:00
|
|
|
|
|
|
|
|
# upgrade is a hop-by-hop header (http://nginx.org/en/docs/http/websocket.html)
|
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
|
|
2015-11-13 09:39:33 +01:00
|
|
|
# only serve up the status page if we get proxy gateway errors
|
2018-03-15 14:01:20 -07:00
|
|
|
root <%= sourceDir %>/dashboard/dist;
|
2020-01-13 14:54:19 -08:00
|
|
|
# some apps use 503 to indicate updating or maintenance
|
2020-02-04 17:32:38 -08:00
|
|
|
error_page 502 504 /app_error_page;
|
|
|
|
|
location /app_error_page {
|
|
|
|
|
root /home/yellowtent/boxdata;
|
|
|
|
|
# the first argument looks for file under the root
|
2020-03-06 17:01:45 -08:00
|
|
|
try_files /custom_pages/$request_uri /custom_pages/app_not_responding.html /appstatus.html;
|
2020-02-04 17:32:38 -08:00
|
|
|
# internal means this is for internal routing and cannot be accessed as URL from browser
|
|
|
|
|
internal;
|
|
|
|
|
}
|
2015-07-20 00:09:47 -07:00
|
|
|
|
2020-04-15 16:12:56 -07:00
|
|
|
location @wellknown-upstream {
|
2021-05-05 13:13:01 -07:00
|
|
|
<% if ( endpoint === 'dashboard' ) { %>
|
2020-04-15 16:12:56 -07:00
|
|
|
proxy_pass http://127.0.0.1:3000;
|
|
|
|
|
<% } else if ( endpoint === 'app' ) { %>
|
2020-11-18 23:24:34 -08:00
|
|
|
proxy_pass http://<%= ip %>:<%= port %>;
|
2022-06-06 20:04:22 +02:00
|
|
|
<% } else if ( endpoint === 'external' ) { %>
|
2022-09-30 10:14:03 +02:00
|
|
|
# without a variable, nginx will not start if upstream is down or
|
|
|
|
|
resolver 127.0.0.1 valid=30s;
|
|
|
|
|
set $upstream <%= upstreamUri %>;
|
|
|
|
|
proxy_ssl_verify off;
|
|
|
|
|
proxy_pass $upstream;
|
2020-04-15 16:12:56 -07:00
|
|
|
<% } else if ( endpoint === 'redirect' ) { %>
|
|
|
|
|
return 302 https://<%= redirectTo %>$request_uri;
|
|
|
|
|
<% } %>
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-08 23:11:37 -07:00
|
|
|
# user defined .well-known resources
|
2020-12-22 17:19:26 -08:00
|
|
|
location /.well-known/ {
|
|
|
|
|
error_page 404 = @wellknown-upstream;
|
|
|
|
|
proxy_pass http://127.0.0.1:3000/well-known-handler/;
|
2020-04-08 23:11:37 -07:00
|
|
|
}
|
|
|
|
|
|
2021-01-08 14:10:11 -08:00
|
|
|
# increase the proxy buffer sizes to not run into buffer issues (http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers)
|
|
|
|
|
proxy_buffer_size 128k;
|
|
|
|
|
proxy_buffers 4 256k;
|
|
|
|
|
proxy_busy_buffers_size 256k;
|
|
|
|
|
|
|
|
|
|
# No buffering to temp files, it fails for large downloads
|
|
|
|
|
proxy_max_temp_file_size 0;
|
|
|
|
|
|
|
|
|
|
# Disable check to allow unlimited body sizes. this allows apps to accept whatever size they want
|
|
|
|
|
client_max_body_size 0;
|
|
|
|
|
|
|
|
|
|
<% if (robotsTxtQuoted) { %>
|
|
|
|
|
location = /robots.txt {
|
|
|
|
|
return 200 <%- robotsTxtQuoted %>;
|
|
|
|
|
}
|
|
|
|
|
<% } %>
|
|
|
|
|
|
2021-05-05 13:13:01 -07:00
|
|
|
<% if ( endpoint === 'dashboard' || endpoint === 'setup' ) { %>
|
2021-01-08 14:10:11 -08:00
|
|
|
location /api/ {
|
|
|
|
|
proxy_pass http://127.0.0.1:3000;
|
2022-03-01 11:28:34 -08:00
|
|
|
client_max_body_size 2m;
|
2021-01-08 14:10:11 -08:00
|
|
|
}
|
|
|
|
|
|
2021-11-12 11:14:21 +01:00
|
|
|
location ~ ^/api/v1/cloudron/login$ {
|
2021-01-08 14:10:11 -08:00
|
|
|
proxy_pass http://127.0.0.1:3000;
|
|
|
|
|
client_max_body_size 1m;
|
|
|
|
|
limit_req zone=admin_login burst=5;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# the read timeout is between successive reads and not the whole connection
|
2022-05-16 10:26:30 -07:00
|
|
|
location ~ ^/api/v1/apps/.*/exec/.*/start$ {
|
2021-01-08 14:10:11 -08:00
|
|
|
proxy_pass http://127.0.0.1:3000;
|
|
|
|
|
proxy_read_timeout 30m;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location ~ ^/api/v1/apps/.*/upload$ {
|
|
|
|
|
proxy_pass http://127.0.0.1:3000;
|
|
|
|
|
client_max_body_size 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location ~ ^/api/v1/apps/.*/files/ {
|
|
|
|
|
proxy_pass http://127.0.0.1:3000;
|
|
|
|
|
client_max_body_size 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location ~ ^/api/v1/volumes/.*/files/ {
|
|
|
|
|
proxy_pass http://127.0.0.1:3000;
|
|
|
|
|
client_max_body_size 0;
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-14 19:41:32 +02:00
|
|
|
location ~ ^/api/v1/profile/backgroundImage {
|
|
|
|
|
proxy_pass http://127.0.0.1:3000;
|
|
|
|
|
client_max_body_size 0;
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-08 14:10:11 -08:00
|
|
|
# graphite paths (uncomment block below and visit /graphite-web/dashboard)
|
|
|
|
|
# remember to comment out the CSP policy as well to access the graphite dashboard
|
|
|
|
|
# location ~ ^/graphite-web/ {
|
2022-10-10 19:52:29 +02:00
|
|
|
# proxy_pass http://172.18.0.6:8000;
|
2021-01-08 14:10:11 -08:00
|
|
|
# client_max_body_size 1m;
|
|
|
|
|
# }
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
|
root <%= sourceDir %>/dashboard/dist;
|
|
|
|
|
index index.html index.htm;
|
|
|
|
|
}
|
|
|
|
|
<% } else if ( endpoint === 'app' ) { %>
|
|
|
|
|
location = /appstatus.html {
|
|
|
|
|
root /home/yellowtent/box/dashboard/dist;
|
|
|
|
|
}
|
2020-11-09 20:34:48 -08:00
|
|
|
|
2021-01-08 14:10:11 -08:00
|
|
|
<% if (proxyAuth.enabled) { %>
|
2020-11-10 23:39:57 -08:00
|
|
|
location = /proxy-auth {
|
2020-11-09 20:34:48 -08:00
|
|
|
internal;
|
2020-11-10 23:39:57 -08:00
|
|
|
proxy_pass http://127.0.0.1:3001/auth;
|
2020-11-09 20:34:48 -08:00
|
|
|
proxy_pass_request_body off;
|
2020-11-11 13:25:52 -08:00
|
|
|
# repeat proxy headers since we addded proxy_set_header at this location level
|
|
|
|
|
proxy_set_header X-App-ID "<%= proxyAuth.id %>";
|
2020-11-09 20:34:48 -08:00
|
|
|
proxy_set_header Content-Length "";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location ~ ^/(login|logout)$ {
|
|
|
|
|
proxy_pass http://127.0.0.1:3001;
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-10 23:39:57 -08:00
|
|
|
location @proxy-auth-login {
|
2021-02-09 13:44:34 -08:00
|
|
|
if ($http_user_agent ~* "docker") {
|
2021-01-26 23:25:56 -08:00
|
|
|
return 401;
|
|
|
|
|
}
|
2021-08-13 09:36:06 -07:00
|
|
|
if ($http_user_agent ~* "container") {
|
|
|
|
|
return 401;
|
|
|
|
|
}
|
2020-11-10 23:39:57 -08:00
|
|
|
return 302 /login?redirect=$request_uri;
|
|
|
|
|
}
|
2020-11-20 18:13:23 -08:00
|
|
|
|
2021-01-08 14:10:11 -08:00
|
|
|
location <%= proxyAuth.location %> {
|
2020-11-10 23:39:57 -08:00
|
|
|
auth_request /proxy-auth;
|
2020-11-09 20:34:48 -08:00
|
|
|
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
2022-04-21 15:47:50 -07:00
|
|
|
|
|
|
|
|
auth_request_set $user $upstream_http_x_remote_user;
|
|
|
|
|
auth_request_set $email $upstream_http_x_remote_email;
|
|
|
|
|
auth_request_set $name $upstream_http_x_remote_name;
|
|
|
|
|
|
2020-11-10 23:39:57 -08:00
|
|
|
error_page 401 = @proxy-auth-login;
|
2020-11-20 18:13:23 -08:00
|
|
|
|
|
|
|
|
proxy_pass http://<%= ip %>:<%= port %>;
|
|
|
|
|
}
|
2021-01-11 21:52:41 -08:00
|
|
|
|
|
|
|
|
<% if (proxyAuth.location !== '/') { %>
|
|
|
|
|
location / {
|
|
|
|
|
proxy_pass http://<%= ip %>:<%= port %>;
|
|
|
|
|
}
|
|
|
|
|
<% } %>
|
|
|
|
|
|
|
|
|
|
<% } else { %>
|
|
|
|
|
location / {
|
|
|
|
|
proxy_pass http://<%= ip %>:<%= port %>;
|
|
|
|
|
}
|
2020-11-09 20:34:48 -08:00
|
|
|
<% } %>
|
|
|
|
|
|
2022-04-21 15:47:50 -07:00
|
|
|
<% if (proxyAuth.enabled) { %>
|
|
|
|
|
# workaround caching issue after /logout. if max-age is set, browser uses cache and user thinks they have not logged out
|
|
|
|
|
# IMPORTANT: have to keep all the add_headers at top level here to avoid repeating all the add_headers and proxy_set_headers in location block
|
|
|
|
|
proxy_hide_header Cache-Control;
|
|
|
|
|
add_header Cache-Control no-cache;
|
|
|
|
|
add_header Set-Cookie $auth_cookie;
|
|
|
|
|
|
2022-04-26 14:59:38 -07:00
|
|
|
# To prevent header spoofing from a client, these variables must always be set (or removed with '') for all proxyAuth routes
|
2022-04-21 15:47:50 -07:00
|
|
|
proxy_set_header X-App-ID "<%= proxyAuth.id %>";
|
|
|
|
|
proxy_set_header X-Remote-User $user;
|
|
|
|
|
proxy_set_header X-Remote-Email $email;
|
|
|
|
|
proxy_set_header X-Remote-Name $name;
|
|
|
|
|
<% } %>
|
|
|
|
|
|
2018-06-29 16:14:13 +02:00
|
|
|
<% } else if ( endpoint === 'redirect' ) { %>
|
2021-02-18 09:30:39 -08:00
|
|
|
location / {
|
2018-07-15 17:26:37 -07:00
|
|
|
# redirect everything to the app. this is temporary because there is no way
|
|
|
|
|
# to clear a permanent redirect on the browser
|
|
|
|
|
return 302 https://<%= redirectTo %>$request_uri;
|
2021-02-18 09:30:39 -08:00
|
|
|
}
|
2022-06-06 20:04:22 +02:00
|
|
|
<% } else if ( endpoint === 'external' ) { %>
|
|
|
|
|
location / {
|
2022-09-30 10:14:03 +02:00
|
|
|
# without a variable, nginx will not start if upstream is down or unavailable
|
|
|
|
|
resolver 127.0.0.1 valid=30s;
|
|
|
|
|
set $upstream <%= upstreamUri %>;
|
|
|
|
|
proxy_ssl_verify off;
|
|
|
|
|
proxy_pass $upstream;
|
2022-06-06 20:04:22 +02:00
|
|
|
}
|
2020-09-23 22:13:02 -07:00
|
|
|
<% } else if ( endpoint === 'ip' ) { %>
|
2021-01-08 14:10:11 -08:00
|
|
|
location /notfound.html {
|
|
|
|
|
root <%= sourceDir %>/dashboard/dist;
|
|
|
|
|
try_files /notfound.html =404;
|
|
|
|
|
internal;
|
2015-07-20 00:09:47 -07:00
|
|
|
}
|
2021-01-08 14:10:11 -08:00
|
|
|
|
|
|
|
|
location / {
|
|
|
|
|
root /home/yellowtent/boxdata;
|
|
|
|
|
try_files /custom_pages/notfound.html /notfound.html;
|
|
|
|
|
}
|
|
|
|
|
<% } %>
|
2015-07-20 00:09:47 -07:00
|
|
|
}
|
