Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
debcc6d0af
PromucFlow_constructor/deploy/docker/templates/nginx/nginx-app.conf.sh
Shrikant Sharat Kandula a44ea34902
chore: Refactor NGINX config templates, merge them, to reduce duplicate code (#26066) 
Majority of the NGINX config is the same, for both HTTP and HTTPS.
Having two separate templates for them is making configuration changes
error-prone, where we often risk forgetting making the same change in
the other file.

This PR merges the two files into one, so the above risk isn't there. It
also makes it easier to experiment with the file while developing, since
we have to make every single change twice during development.

Note: This _will_ cause conflicts in sync, after being merged.

Why are we doing this? This will be a step towards simplifying our
`Dockerfile` with reduced layers and improved caching performance. The
image build time in CI should be faster once this is done.
2023-08-09 21:48:58 +05:30

155 lines
3.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -o nounset
use_https="$1"
custom_domain="${2:-_}"
if [[ $use_https == 1 ]]; then
# By default, container will use the auto-generate certificate by Let's Encrypt
ssl_cert_path="/etc/letsencrypt/live/$custom_domain/fullchain.pem"
ssl_key_path="/etc/letsencrypt/live/$custom_domain/privkey.pem"
# In case of existing custom certificate, container will use them to configure SSL
if [[ -e "/appsmith-stacks/ssl/fullchain.pem" ]] && [[ -e "/appsmith-stacks/ssl/privkey.pem" ]]; then
ssl_cert_path="/appsmith-stacks/ssl/fullchain.pem"
ssl_key_path="/appsmith-stacks/ssl/privkey.pem"
fi
fi
additional_downstream_headers='
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
add_header X-Content-Type-Options "nosniff";
'
cat <<EOF
map \$http_x_forwarded_proto \$origin_scheme {
default \$http_x_forwarded_proto;
'' \$scheme;
}
map \$http_x_forwarded_host \$origin_host {
default \$http_x_forwarded_host;
'' \$host;
}
map \$http_forwarded \$final_forwarded {
default '\$http_forwarded, host=\$host;proto=\$scheme';
'' '';
}
# redirect log to stdout for supervisor to capture
access_log /dev/stdout;
server_tokens off;
server {
$(
if [[ $use_https == 1 ]]; then
echo "
listen 80;
server_name $custom_domain;
return 301 https://\$host\$request_uri;
}
server {
listen 443 ssl http2;
server_name _;
ssl_certificate $ssl_cert_path;
ssl_certificate_key $ssl_key_path;
include /appsmith-stacks/data/certificate/conf/options-ssl-nginx.conf;
ssl_dhparam /appsmith-stacks/data/certificate/conf/ssl-dhparams.pem;
"
else
echo "
listen ${PORT:-80} default_server;
server_name $custom_domain;
"
fi
)
client_max_body_size 150m;
gzip on;
gzip_types *;
root /opt/appsmith/editor;
index index.html;
error_page 404 /;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
add_header Content-Security-Policy "frame-ancestors ${APPSMITH_ALLOWED_FRAME_ANCESTORS-'self' *}";
$additional_downstream_headers
location /.well-known/acme-challenge/ {
root /appsmith-stacks/data/certificate/certbot;
}
location = /supervisor {
return 301 /supervisor/;
}
location /supervisor/ {
proxy_http_version 1.1;
proxy_buffering off;
proxy_max_temp_file_size 0;
proxy_redirect off;
proxy_set_header Host \$http_host/supervisor/;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$origin_scheme;
proxy_set_header X-Forwarded-Host \$origin_host;
proxy_set_header Connection "";
proxy_pass http://localhost:9001/;
auth_basic "Protected";
auth_basic_user_file /etc/nginx/passwords;
}
proxy_set_header X-Forwarded-Proto \$origin_scheme;
proxy_set_header X-Forwarded-Host \$origin_host;
proxy_set_header Forwarded \$final_forwarded;
location / {
try_files /loading.html \$uri /index.html =404;
}
location ~ ^/static/(js|css|media)\b {
# Files in these folders are hashed, so we can set a long cache time.
add_header Cache-Control "max-age=31104000, immutable"; # 360 days
$additional_downstream_headers
access_log off;
}
# If the path has an extension at the end, then respond with 404 status if the file not found.
location ~ ^/(?!supervisor/).*\.[a-z]+$ {
try_files \$uri =404;
}
location /api {
proxy_read_timeout ${APPSMITH_SERVER_TIMEOUT:-60};
proxy_send_timeout ${APPSMITH_SERVER_TIMEOUT:-60};
proxy_pass http://localhost:8080;
}
location /oauth2 {
proxy_pass http://localhost:8080;
}
location /login {
proxy_pass http://localhost:8080;
}
location /rts {
proxy_pass http://localhost:${APPSMITH_RTS_PORT:-8091};
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header Connection 'upgrade';
proxy_set_header Upgrade \$http_upgrade;
}
}
EOF
Reference in New Issue View Git Blame Copy Permalink