nginx proxy configs

This commit is contained in:
Martin McKeaveney 2022-01-14 14:44:40 +01:00
parent 93caf5bede
commit 3544c8ac82
4 changed files with 70 additions and 839 deletions

View File

@ -80,9 +80,9 @@ services:
proxy-service: proxy-service:
restart: always restart: always
image: envoyproxy/envoy:v1.16-latest image: nginx:latest
volumes: volumes:
- ./envoy.yaml:/etc/envoy/envoy.yaml - ./proxy/nginx.conf:/etc/envoy/envoy.yaml
ports: ports:
- "${MAIN_PORT}:10000" - "${MAIN_PORT}:10000"
depends_on: depends_on:

View File

@ -1,9 +1,8 @@
user nginx; user nginx;
error_log /var/log/nginx/error.log warn; error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
worker_processes auto; worker_processes auto;
# worker_rlimit_nofile 33282; worker_rlimit_nofile 33282;
# sendfile_max_chunk 512k;
events { events {
worker_connections 1024; worker_connections 1024;
@ -25,32 +24,9 @@ http {
listen 10000 default_server; listen 10000 default_server;
server_name _; server_name _;
# security headers
add_header X-Frame-Options SAMEORIGIN always;
# proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# budibase services
# set $app_service http://{{ address }}:4001;
# set $worker_service http://{{ address }}:4002;
# set $builder http://{{ address }}:3000;
# set $minio http://minio-service:9000;
# set $couchdb http://couchdb-service:5984;
# config options
client_header_timeout 60;
client_body_timeout 60;
keepalive_timeout 60;
gzip off;
gzip_comp_level 4;
location = / { location = / {
return 301 /builder/; absolute_redirect off;
return 301 /builder;
} }
location /db/ { location /db/ {
@ -75,7 +51,7 @@ http {
location /app/ { location /app/ {
proxy_pass http://{{ address }}:4001; proxy_pass http://{{ address }}:4001;
rewrite ^/app/(.*)$ $1 break; rewrite ^/app/(.*)$ /$1 break;
} }
location /builder { location /builder {
@ -85,10 +61,23 @@ http {
location /builder/ { location /builder/ {
proxy_pass http://{{ address }}:3000; proxy_pass http://{{ address }}:3000;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} }
location / { location / {
proxy_pass http://minio-service:9000; proxy_pass http://minio-service:9000;
} }
client_header_timeout 60;
client_body_timeout 60;
keepalive_timeout 60;
gzip off;
gzip_comp_level 4;
} }
} }

View File

@ -1,87 +1,78 @@
user nginx; user nginx;
worker_processes 5; error_log /var/log/nginx/error.log debug;
error_log logs/error.log; pid /var/run/nginx.pid;
pid logs/nginx.pid; worker_processes auto;
worker_rlimit_nofile 8192; worker_rlimit_nofile 33282;
events { events {
worker_connections 4096; worker_connections 1024;
} }
http { http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
include /etc/nginx/proxy.conf; default_type application/octet-stream;
# include /etc/nginx/fastcgi.conf;
# index index.html index.htm index.php;
default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" '
log_format main '$remote_addr - $remote_user [$time_local] $status ' '$status $body_bytes_sent "$http_referer" '
'"$request" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main; map $http_upgrade $connection_upgrade {
default "upgrade";
}
server { server {
listen 10000 default_server; listen 10000 default_server;
listen [::]:10000 default_server;
server_name _; server_name _;
access_log logs/budiproxy.access.log main;
# security headers location = / {
add_header X-Frame-Options SAMEORIGIN always; proxy_pass http://app-service:4002;
upstream app-service {
server app-service:4002
}
upstream worker-service {
server worker-service:4003
} }
location = /v1/update { location = /v1/update {
proxy_pass http://watchtower-service:8080; proxy_pass http://watchtower-service:8080;
} }
location /app/ { location /builder/ {
proxy_pass http://app-service; proxy_pass http://app-service:4002;
}
# location ^/(app_|builder) {
# proxy_pass http://app-service:4002;
# }
location /app_ {
proxy_pass http://app-service;
} }
location /builder { location /builder {
proxy_pass http://app-service; proxy_pass http://app-service:4002;
} }
location ~ ^/(global|admin|system)/ { location /app_ {
proxy_pass http://worker-service; proxy_pass http://app-service:4002;
} }
location = / { location ~ ^/api/(system|admin|global)/ {
proxy_pass http://app-service; proxy_pass http://worker-service:4003;
} }
location /api/ { location /api/ {
proxy_read_timeout 120s; proxy_read_timeout 120s;
proxy_connect_timeout 120s; proxy_connect_timeout 120s;
proxy_send_timeout 120s; proxy_send_timeout 120s;
proxy_pass http://app-service; proxy_pass http://app-service:4002;
} }
location /worker/ { location /worker/ {
proxy_pass http://app-service; proxy_pass http://worker-service:4003;
rewrite ^/worker/(.*)$ /$1 break;
} }
location /db/ { location /db/ {
proxy_pass http://couchdb-service:5984; proxy_pass http://couchdb-service:5984;
rewrite ^/db/(.*)$ /$1 break;
} }
location / { location / {
proxy_pass http://minio-service:9000; proxy_pass http://minio-service:9000;
} }
client_header_timeout 60;
client_body_timeout 60;
keepalive_timeout 60;
gzip off;
gzip_comp_level 4;
} }
} }

File diff suppressed because it is too large Load Diff