From da2db65bbf4a5ba2708f0849769d4e2170ffc7d7 Mon Sep 17 00:00:00 2001
From: geekup-legodevops <72587752+geekup-legodevops@users.noreply.github.com>
Date: Tue, 23 Nov 2021 12:52:09 +0700
Subject: [PATCH] Refactor to generate nginx config file with auto-redirect
 HTTPS (#9256)

Refactor flow to generate nginx configuration file corresponding Custom domain set up

Add 2 template for Nginx template for HTTP and HTTPS. HTTPS contains new block for auto-redirect for HTTPS

(cherry picked from commit 5ec733e5a238fea10c18d6b2187b141421b2ba87)
---
 Dockerfile                                    |   2 +-
 deploy/docker/scripts/init_ssl_cert.sh        |   9 +-
 deploy/docker/scripts/run-nginx.sh            |  20 +--
 .../nginx/nginx-app-http.conf.template.sh     |  74 +++++++++
 .../nginx/nginx-app-https.conf.template.sh    |  90 +++++++++++
 deploy/docker/templates/nginx_app.conf.sh     | 152 ------------------
 6 files changed, 181 insertions(+), 166 deletions(-)
 create mode 100644 deploy/docker/templates/nginx/nginx-app-http.conf.template.sh
 create mode 100644 deploy/docker/templates/nginx/nginx-app-https.conf.template.sh
 delete mode 100644 deploy/docker/templates/nginx_app.conf.sh

diff --git a/Dockerfile b/Dockerfile
index d3bea1be0a..d1e32f048c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -64,7 +64,7 @@ COPY ./app/rts/package.json ./app/rts/dist/* rts/
 COPY ./app/rts/node_modules rts/node_modules
 
 # Nginx & MongoDB config template - Configuration layer
-COPY ./deploy/docker/templates/nginx_app.conf.sh ./deploy/docker/templates/mongo-init.js.sh ./deploy/docker/templates/docker.env.sh templates/
+COPY ./deploy/docker/templates/nginx/* ./deploy/docker/templates/mongo-init.js.sh ./deploy/docker/templates/docker.env.sh templates/
 
 # Add bootstrapfile
 COPY ./deploy/docker/entrypoint.sh ./deploy/docker/scripts/* ./
diff --git a/deploy/docker/scripts/init_ssl_cert.sh b/deploy/docker/scripts/init_ssl_cert.sh
index 8e29d2c357..8fb8ba5426 100755
--- a/deploy/docker/scripts/init_ssl_cert.sh
+++ b/deploy/docker/scripts/init_ssl_cert.sh
@@ -1,10 +1,7 @@
 #!/bin/bash
 
 init_ssl_cert() {
-  echo "Start Nginx to verify certificate"
-  nginx
   APPSMITH_CUSTOM_DOMAIN="$1"
-  NGINX_SSL_CMNT=""
 
   local rsa_key_size=4096
   local data_path="/appsmith-stacks/data/certificate"
@@ -19,15 +16,19 @@ init_ssl_cert() {
   fi
 
   echo "Re-generating nginx config template with domain"
-  bash "/opt/appsmith/templates/nginx_app.conf.sh" "$NGINX_SSL_CMNT" "$APPSMITH_CUSTOM_DOMAIN" >"/etc/nginx/conf.d/nginx_app.conf.template"
+  bash "/opt/appsmith/templates/nginx-app-http.conf.template.sh" "$APPSMITH_CUSTOM_DOMAIN" >"/etc/nginx/conf.d/nginx_app.conf.template"
 
   echo "Generating nginx configuration"
   cat /etc/nginx/conf.d/nginx_app.conf.template | envsubst "$(printf '$%s,' $(env | grep -Eo '^APPSMITH_[A-Z0-9_]+'))" | sed -e 's|\${\(APPSMITH_[A-Z0-9_]*\)}||g' >/etc/nginx/sites-available/default
 
+  echo "Start Nginx to verify certificate"
+  nginx
+
   local live_path="/etc/letsencrypt/live/$APPSMITH_CUSTOM_DOMAIN"
   local ssl_path="/appsmith-stacks/ssl"
   if [[ -e "$ssl_path/fullchain.pem" ]] && [[ -e "$ssl_path/privkey.pem" ]]; then
     echo "Existing custom certificate"
+    echo "Stop Nginx"
     nginx -s stop
     return
   fi
diff --git a/deploy/docker/scripts/run-nginx.sh b/deploy/docker/scripts/run-nginx.sh
index 467fc338f2..da2bfad75a 100755
--- a/deploy/docker/scripts/run-nginx.sh
+++ b/deploy/docker/scripts/run-nginx.sh
@@ -7,20 +7,22 @@ set -o allexport
 . "$ENV_PATH"
 set +o allexport
 
-if [[ -n $APPSMITH_CUSTOM_DOMAIN ]]; then    
-  NGINX_SSL_CMNT=""
+TEMPLATE_DIR="/opt/appsmith/templates"
+APP_TEMPLATE="$TEMPLATE_DIR/nginx-app-http.conf.template.sh"
+
+# Check exist certificate with given custom domain
+if [[ -n $APPSMITH_CUSTOM_DOMAIN ]]; then
+  APP_TEMPLATE="$TEMPLATE_DIR/nginx-app-https.conf.template.sh"
+  if ! [[ -e "/etc/letsencrypt/live/$APPSMITH_CUSTOM_DOMAIN" ]]; then
+    source "/opt/appsmith/init_ssl_cert.sh"
+    init_ssl_cert "$APPSMITH_CUSTOM_DOMAIN"
+  fi
 fi
 
 echo "Re-generating nginx config template"
-bash "/opt/appsmith/templates/nginx_app.conf.sh" "$NGINX_SSL_CMNT" "$APPSMITH_CUSTOM_DOMAIN" >"/etc/nginx/conf.d/nginx_app.conf.template"
+bash "$APP_TEMPLATE" "$APPSMITH_CUSTOM_DOMAIN" >"/etc/nginx/conf.d/nginx_app.conf.template"
 
 echo "Generating nginx configuration"
 cat /etc/nginx/conf.d/nginx_app.conf.template | envsubst "$(printf '$%s,' $(env | grep -Eo '^APPSMITH_[A-Z0-9_]+'))" | sed -e 's|\${\(APPSMITH_[A-Z0-9_]*\)}||g' >/etc/nginx/sites-available/default
 
-# Check exist certificate with given custom domain
-if ! [[ -e "/etc/letsencrypt/live/$APPSMITH_CUSTOM_DOMAIN" ]] && [[ -n $APPSMITH_CUSTOM_DOMAIN ]]; then
-  source "/opt/appsmith/init_ssl_cert.sh"
-  init_ssl_cert "$APPSMITH_CUSTOM_DOMAIN"
-fi
-
 exec nginx -g "daemon off;"
\ No newline at end of file
diff --git a/deploy/docker/templates/nginx/nginx-app-http.conf.template.sh b/deploy/docker/templates/nginx/nginx-app-http.conf.template.sh
new file mode 100644
index 0000000000..55e09792d9
--- /dev/null
+++ b/deploy/docker/templates/nginx/nginx-app-http.conf.template.sh
@@ -0,0 +1,74 @@
+#!/bin/bash
+
+set -o nounset
+
+CUSTOM_DOMAIN="$1"
+
+if [ -z $CUSTOM_DOMAIN ]; then
+  CUSTOM_DOMAIN=_
+fi
+
+cat <<EOF
+server {
+  listen 80;
+  server_name $CUSTOM_DOMAIN;
+
+  client_max_body_size 100m;
+
+  gzip on;
+
+  root /opt/appsmith/editor;
+  index index.html index.htm;
+  
+  location /.well-known/acme-challenge/ {
+    root /appsmith-stacks/data/certificate/certbot;
+  }
+
+  proxy_set_header X-Forwarded-Proto \$scheme;
+  proxy_set_header X-Forwarded-Host \$host;
+
+  location / {
+    try_files \$uri /index.html =404;
+
+    sub_filter __APPSMITH_SENTRY_DSN__ '\${APPSMITH_SENTRY_DSN}';
+    sub_filter __APPSMITH_SMART_LOOK_ID__ '\${APPSMITH_SMART_LOOK_ID}';
+    sub_filter __APPSMITH_OAUTH2_GOOGLE_CLIENT_ID__ '\${APPSMITH_OAUTH2_GOOGLE_CLIENT_ID}';
+    sub_filter __APPSMITH_OAUTH2_GITHUB_CLIENT_ID__ '\${APPSMITH_OAUTH2_GITHUB_CLIENT_ID}';
+    sub_filter __APPSMITH_MARKETPLACE_ENABLED__ '\${APPSMITH_MARKETPLACE_ENABLED}';
+    sub_filter __APPSMITH_SEGMENT_KEY__ '\${APPSMITH_SEGMENT_KEY}';
+    sub_filter __APPSMITH_OPTIMIZELY_KEY__ '\${APPSMITH_OPTIMIZELY_KEY}';
+    sub_filter __APPSMITH_ALGOLIA_API_ID__ '\${APPSMITH_ALGOLIA_API_ID}';
+    sub_filter __APPSMITH_ALGOLIA_SEARCH_INDEX_NAME__ '\${APPSMITH_ALGOLIA_SEARCH_INDEX_NAME}';
+    sub_filter __APPSMITH_ALGOLIA_API_KEY__ '\${APPSMITH_ALGOLIA_API_KEY}';
+    sub_filter __APPSMITH_CLIENT_LOG_LEVEL__ '\${APPSMITH_CLIENT_LOG_LEVEL}';
+    sub_filter __APPSMITH_GOOGLE_MAPS_API_KEY__ '\${APPSMITH_GOOGLE_MAPS_API_KEY}';
+    sub_filter __APPSMITH_TNC_PP__ '\${APPSMITH_TNC_PP}';
+    sub_filter __APPSMITH_VERSION_ID__ '\${APPSMITH_VERSION_ID}';
+    sub_filter __APPSMITH_VERSION_RELEASE_DATE__ '\${APPSMITH_VERSION_RELEASE_DATE}';
+    sub_filter __APPSMITH_INTERCOM_APP_ID__ '\${APPSMITH_INTERCOM_APP_ID}';
+    sub_filter __APPSMITH_MAIL_ENABLED__ '\${APPSMITH_MAIL_ENABLED}';
+    sub_filter __APPSMITH_DISABLE_TELEMETRY__ '\${APPSMITH_DISABLE_TELEMETRY}';
+    sub_filter __APPSMITH_RECAPTCHA_SITE_KEY__ '\${APPSMITH_RECAPTCHA_SITE_KEY}';
+  }
+
+  location /api {
+    proxy_pass http://localhost:8080;
+  }
+
+  location /oauth2 {
+    proxy_pass http://localhost:8080;
+  }
+
+  location /login {
+    proxy_pass http://localhost:8080;
+  }
+
+  location /rts {
+    proxy_pass http://localhost:8091;
+    proxy_http_version 1.1;
+    proxy_set_header Host \$host;
+    proxy_set_header Connection 'upgrade';
+    proxy_set_header Upgrade \$http_upgrade;
+  }
+}
+EOF
diff --git a/deploy/docker/templates/nginx/nginx-app-https.conf.template.sh b/deploy/docker/templates/nginx/nginx-app-https.conf.template.sh
new file mode 100644
index 0000000000..11858f0349
--- /dev/null
+++ b/deploy/docker/templates/nginx/nginx-app-https.conf.template.sh
@@ -0,0 +1,90 @@
+#!/bin/bash
+
+set -o nounset
+
+CUSTOM_DOMAIN="$1"
+
+# By default, container will use the auto-generate certificate by Let's Encrypt
+SSL_CERT_PATH="/etc/letsencrypt/live/$CUSTOM_DOMAIN/fullchain.pem"
+SSL_KEY_PATH="/etc/letsencrypt/live/$CUSTOM_DOMAIN/privkey.pem"
+
+# In case of existing custom certificate, container will use them to configure SSL 
+if [[ -e "/appsmith-stacks/ssl/fullchain.pem" ]] && [[ -e "/appsmith-stacks/ssl/privkey.pem" ]]; then
+  SSL_CERT_PATH="/appsmith-stacks/ssl/fullchain.pem"
+  SSL_KEY_PATH="/appsmith-stacks/ssl/privkey.pem"
+fi
+
+cat <<EOF
+server {
+  listen 80;
+  server_name $CUSTOM_DOMAIN;
+
+  return 301 https://\$host\$request_uri;
+}
+
+server {
+  listen 443 ssl http2;
+  server_name _;
+
+  ssl_certificate $SSL_CERT_PATH;
+  ssl_certificate_key $SSL_KEY_PATH;
+
+
+  include /appsmith-stacks/data/certificate/conf/options-ssl-nginx.conf;
+  ssl_dhparam /appsmith-stacks/data/certificate/conf/ssl-dhparams.pem;
+
+  client_max_body_size 100m;
+
+  gzip on;
+
+  root /opt/appsmith/editor;
+  index index.html index.htm;
+
+  proxy_set_header X-Forwarded-Proto \$scheme;
+  proxy_set_header X-Forwarded-Host \$host;
+
+  location / {
+    try_files \$uri /index.html =404;
+
+    sub_filter __APPSMITH_SENTRY_DSN__ '\${APPSMITH_SENTRY_DSN}';
+    sub_filter __APPSMITH_SMART_LOOK_ID__ '\${APPSMITH_SMART_LOOK_ID}';
+    sub_filter __APPSMITH_OAUTH2_GOOGLE_CLIENT_ID__ '\${APPSMITH_OAUTH2_GOOGLE_CLIENT_ID}';
+    sub_filter __APPSMITH_OAUTH2_GITHUB_CLIENT_ID__ '\${APPSMITH_OAUTH2_GITHUB_CLIENT_ID}';
+    sub_filter __APPSMITH_MARKETPLACE_ENABLED__ '\${APPSMITH_MARKETPLACE_ENABLED}';
+    sub_filter __APPSMITH_SEGMENT_KEY__ '\${APPSMITH_SEGMENT_KEY}';
+    sub_filter __APPSMITH_OPTIMIZELY_KEY__ '\${APPSMITH_OPTIMIZELY_KEY}';
+    sub_filter __APPSMITH_ALGOLIA_API_ID__ '\${APPSMITH_ALGOLIA_API_ID}';
+    sub_filter __APPSMITH_ALGOLIA_SEARCH_INDEX_NAME__ '\${APPSMITH_ALGOLIA_SEARCH_INDEX_NAME}';
+    sub_filter __APPSMITH_ALGOLIA_API_KEY__ '\${APPSMITH_ALGOLIA_API_KEY}';
+    sub_filter __APPSMITH_CLIENT_LOG_LEVEL__ '\${APPSMITH_CLIENT_LOG_LEVEL}';
+    sub_filter __APPSMITH_GOOGLE_MAPS_API_KEY__ '\${APPSMITH_GOOGLE_MAPS_API_KEY}';
+    sub_filter __APPSMITH_TNC_PP__ '\${APPSMITH_TNC_PP}';
+    sub_filter __APPSMITH_VERSION_ID__ '\${APPSMITH_VERSION_ID}';
+    sub_filter __APPSMITH_VERSION_RELEASE_DATE__ '\${APPSMITH_VERSION_RELEASE_DATE}';
+    sub_filter __APPSMITH_INTERCOM_APP_ID__ '\${APPSMITH_INTERCOM_APP_ID}';
+    sub_filter __APPSMITH_MAIL_ENABLED__ '\${APPSMITH_MAIL_ENABLED}';
+    sub_filter __APPSMITH_DISABLE_TELEMETRY__ '\${APPSMITH_DISABLE_TELEMETRY}';
+    sub_filter __APPSMITH_RECAPTCHA_SITE_KEY__ '\${APPSMITH_RECAPTCHA_SITE_KEY}';
+  }
+
+  location /api {
+    proxy_pass http://localhost:8080;
+  }
+
+  location /oauth2 {
+    proxy_pass http://localhost:8080;
+  }
+
+  location /login {
+    proxy_pass http://localhost:8080;
+  }
+
+  location /rts {
+    proxy_pass http://localhost:8091;
+    proxy_http_version 1.1;
+    proxy_set_header Host \$host;
+    proxy_set_header Connection 'upgrade';
+    proxy_set_header Upgrade \$http_upgrade;
+  }
+}
+EOF
diff --git a/deploy/docker/templates/nginx_app.conf.sh b/deploy/docker/templates/nginx_app.conf.sh
deleted file mode 100644
index ed0dafd11f..0000000000
--- a/deploy/docker/templates/nginx_app.conf.sh
+++ /dev/null
@@ -1,152 +0,0 @@
-#!/bin/bash
-
-set -o nounset
-
-NGINX_SSL_CMNT="$1"
-CUSTOM_DOMAIN="$2"
-
-# By default, container will use the auto-generate certificate by Let's Encrypt
-SSL_CERT_PATH="/etc/letsencrypt/live/$CUSTOM_DOMAIN/fullchain.pem"
-SSL_KEY_PATH="/etc/letsencrypt/live/$CUSTOM_DOMAIN/privkey.pem"
-
-# In case of existing custom certificate, container will use them to configure SSL
-if [[ -e "/appsmith-stacks/ssl/fullchain.pem" ]] && [[ -e "/appsmith-stacks/ssl/privkey.pem" ]]; then
-  SSL_CERT_PATH="/appsmith-stacks/ssl/fullchain.pem"
-  SSL_KEY_PATH="/appsmith-stacks/ssl/privkey.pem"
-fi
-
-cat <<EOF
-map $http_x_forwarded_proto $origin_scheme {
-  default $http_x_forwarded_proto;
-  '' $scheme;
-}
-
-server {
-  listen 80;
-$NGINX_SSL_CMNT  server_name $CUSTOM_DOMAIN ;
-  client_max_body_size 100m;
-
-  gzip on;
-
-  root /opt/appsmith/editor;
-  index index.html index.htm;
-
-  location /.well-known/acme-challenge/ {
-    root /appsmith-stacks/data/certificate/certbot;
-  }
-
-  proxy_set_header X-Forwarded-Proto \$origin_scheme;
-  proxy_set_header X-Forwarded-Host \$host;
-
-  location / {
-    try_files \$uri /index.html =404;
-
-    sub_filter __APPSMITH_SENTRY_DSN__ '\${APPSMITH_SENTRY_DSN}';
-    sub_filter __APPSMITH_SMART_LOOK_ID__ '\${APPSMITH_SMART_LOOK_ID}';
-    sub_filter __APPSMITH_OAUTH2_GOOGLE_CLIENT_ID__ '\${APPSMITH_OAUTH2_GOOGLE_CLIENT_ID}';
-    sub_filter __APPSMITH_OAUTH2_GITHUB_CLIENT_ID__ '\${APPSMITH_OAUTH2_GITHUB_CLIENT_ID}';
-    sub_filter __APPSMITH_MARKETPLACE_ENABLED__ '\${APPSMITH_MARKETPLACE_ENABLED}';
-    sub_filter __APPSMITH_SEGMENT_KEY__ '\${APPSMITH_SEGMENT_KEY}';
-    sub_filter __APPSMITH_OPTIMIZELY_KEY__ '\${APPSMITH_OPTIMIZELY_KEY}';
-    sub_filter __APPSMITH_ALGOLIA_API_ID__ '\${APPSMITH_ALGOLIA_API_ID}';
-    sub_filter __APPSMITH_ALGOLIA_SEARCH_INDEX_NAME__ '\${APPSMITH_ALGOLIA_SEARCH_INDEX_NAME}';
-    sub_filter __APPSMITH_ALGOLIA_API_KEY__ '\${APPSMITH_ALGOLIA_API_KEY}';
-    sub_filter __APPSMITH_CLIENT_LOG_LEVEL__ '\${APPSMITH_CLIENT_LOG_LEVEL}';
-    sub_filter __APPSMITH_GOOGLE_MAPS_API_KEY__ '\${APPSMITH_GOOGLE_MAPS_API_KEY}';
-    sub_filter __APPSMITH_TNC_PP__ '\${APPSMITH_TNC_PP}';
-    sub_filter __APPSMITH_VERSION_ID__ '\${APPSMITH_VERSION_ID}';
-    sub_filter __APPSMITH_VERSION_RELEASE_DATE__ '\${APPSMITH_VERSION_RELEASE_DATE}';
-    sub_filter __APPSMITH_INTERCOM_APP_ID__ '\${APPSMITH_INTERCOM_APP_ID}';
-    sub_filter __APPSMITH_MAIL_ENABLED__ '\${APPSMITH_MAIL_ENABLED}';
-    sub_filter __APPSMITH_DISABLE_TELEMETRY__ '\${APPSMITH_DISABLE_TELEMETRY}';
-    sub_filter __APPSMITH_RECAPTCHA_SITE_KEY__ '\${APPSMITH_RECAPTCHA_SITE_KEY}';
-    sub_filter __APPSMITH_RECAPTCHA_SECRET_KEY__ '\${APPSMITH_RECAPTCHA_SECRET_KEY}';
-    sub_filter __APPSMITH_RECAPTCHA_ENABLED__ '\${APPSMITH_RECAPTCHA_ENABLED}';
-  }
-
-  location /api {
-    proxy_pass http://localhost:8080;
-  }
-
-  location /oauth2 {
-    proxy_pass http://localhost:8080;
-  }
-
-  location /login {
-    proxy_pass http://localhost:8080;
-  }
-
-  location /rts {
-    proxy_pass http://localhost:8091;
-    proxy_http_version 1.1;
-    proxy_set_header Host \$host;
-    proxy_set_header Connection 'upgrade';
-    proxy_set_header Upgrade \$http_upgrade;
-  }
-}
-
-$NGINX_SSL_CMNT server {
-$NGINX_SSL_CMNT    listen 443 ssl;
-$NGINX_SSL_CMNT    server_name $CUSTOM_DOMAIN;
-$NGINX_SSL_CMNT    client_max_body_size 100m;
-$NGINX_SSL_CMNT
-$NGINX_SSL_CMNT    ssl_certificate $SSL_CERT_PATH;
-$NGINX_SSL_CMNT    ssl_certificate_key $SSL_KEY_PATH;
-$NGINX_SSL_CMNT
-$NGINX_SSL_CMNT    include /appsmith-stacks/data/certificate/conf/options-ssl-nginx.conf;
-$NGINX_SSL_CMNT    ssl_dhparam /appsmith-stacks/data/certificate/conf/ssl-dhparams.pem;
-$NGINX_SSL_CMNT
-$NGINX_SSL_CMNT    proxy_set_header X-Forwarded-Proto \$origin_scheme;
-$NGINX_SSL_CMNT    proxy_set_header X-Forwarded-Host \$host;
-$NGINX_SSL_CMNT
-$NGINX_SSL_CMNT    root /opt/appsmith/editor;
-$NGINX_SSL_CMNT    index index.html index.htm;
-$NGINX_SSL_CMNT
-$NGINX_SSL_CMNT    location / {
-$NGINX_SSL_CMNT        try_files \$uri /index.html =404;
-$NGINX_SSL_CMNT
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_SENTRY_DSN__ '\${APPSMITH_SENTRY_DSN}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_SMART_LOOK_ID__ '\${APPSMITH_SMART_LOOK_ID}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_OAUTH2_GOOGLE_CLIENT_ID__ '\${APPSMITH_OAUTH2_GOOGLE_CLIENT_ID}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_OAUTH2_GITHUB_CLIENT_ID__ '\${APPSMITH_OAUTH2_GITHUB_CLIENT_ID}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_MARKETPLACE_ENABLED__ '\${APPSMITH_MARKETPLACE_ENABLED}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_SEGMENT_KEY__ '\${APPSMITH_SEGMENT_KEY}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_OPTIMIZELY_KEY__ '\${APPSMITH_OPTIMIZELY_KEY}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_ALGOLIA_API_ID__ '\${APPSMITH_ALGOLIA_API_ID}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_ALGOLIA_SEARCH_INDEX_NAME__ '\${APPSMITH_ALGOLIA_SEARCH_INDEX_NAME}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_ALGOLIA_API_KEY__ '\${APPSMITH_ALGOLIA_API_KEY}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_CLIENT_LOG_LEVEL__ '\${APPSMITH_CLIENT_LOG_LEVEL}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_GOOGLE_MAPS_API_KEY__ '\${APPSMITH_GOOGLE_MAPS_API_KEY}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_TNC_PP__ '\${APPSMITH_TNC_PP}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_VERSION_ID__ '\${APPSMITH_VERSION_ID}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_VERSION_RELEASE_DATE__ '\${APPSMITH_VERSION_RELEASE_DATE}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_INTERCOM_APP_ID__ '\${APPSMITH_INTERCOM_APP_ID}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_MAIL_ENABLED__ '\${APPSMITH_MAIL_ENABLED}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_DISABLE_TELEMETRY__ '\${APPSMITH_DISABLE_TELEMETRY}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_RECAPTCHA_SITE_KEY__ '\${APPSMITH_RECAPTCHA_SITE_KEY}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_RECAPTCHA_SECRET_KEY__ '\${APPSMITH_RECAPTCHA_SECRET_KEY}';
-$NGINX_SSL_CMNT        sub_filter __APPSMITH_RECAPTCHA_ENABLED__ '\${APPSMITH_RECAPTCHA_ENABLED}';
-$NGINX_SSL_CMNT    }
-$NGINX_SSL_CMNT
-$NGINX_SSL_CMNT    location /api {
-$NGINX_SSL_CMNT        proxy_pass http://localhost:8080;
-$NGINX_SSL_CMNT    }
-$NGINX_SSL_CMNT
-$NGINX_SSL_CMNT    location /oauth2 {
-$NGINX_SSL_CMNT        proxy_pass http://localhost:8080;
-$NGINX_SSL_CMNT    }
-$NGINX_SSL_CMNT
-$NGINX_SSL_CMNT    location /login {
-$NGINX_SSL_CMNT        proxy_pass http://localhost:8080;
-$NGINX_SSL_CMNT    }
-$NGINX_SSL_CMNT
-$NGINX_SSL_CMNT	   location /socket.io {
-$NGINX_SSL_CMNT        proxy_pass http://localhost:8091;
-$NGINX_SSL_CMNT        proxy_http_version 1.1;
-$NGINX_SSL_CMNT        proxy_set_header Host \$host;
-$NGINX_SSL_CMNT        proxy_set_header Connection 'upgrade';
-$NGINX_SSL_CMNT        proxy_set_header Upgrade \$http_upgrade;
-$NGINX_SSL_CMNT    }
-$NGINX_SSL_CMNT
-$NGINX_SSL_CMNT }
-EOF