huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
49438f089d2321cdeb71d0a35ef07f942bd06316
speckle-server/packages/frontend/nginx/templates/nginx.conf.template
T
Iain Sproat 37a0fa4094 fix(frontend & frontend-2): x-frame-options header for /authn routes should be DENY (#1719) 
* fix(frontend-2): routes to /authn should set x-frame-options header to deny
* fix(frontend1): do not render authn route if in an iframe
* fix(nginx): should log in json format
2023-07-24 15:17:16 +01:00

161 lines
4.4 KiB
Plaintext
Raw Blame History

pcre_jit on;
error_log stderr info;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
# move default write paths to a custom directory
# kubernetes can mount this directory and prevent writes to the root directory
# https://github.com/openresty/docker-openresty/issues/119
client_body_temp_path /bitnami/openresty/nginx-client-body;
proxy_temp_path /bitnami/openresty/nginx-proxy;
fastcgi_temp_path /bitnami/openresty/nginx-fastcgi;
uwsgi_temp_path /bitnami/openresty/nginx-uwsgi;
scgi_temp_path /bitnami/openresty/nginx-scgi;
log_format json_combined escape=json
'{'
'"time_local":"$time_local",'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"request":"$request",'
'"status": "$status",'
'"body_bytes_sent":"$body_bytes_sent",'
'"request_time":"$request_time",'
'"http_referrer":"$http_referer",'
'"http_user_agent":"$http_user_agent"'
'}';
sendfile on;
keepalive_timeout 65;
access_log /dev/stdout json_combined;
# Speckle configuration
server_tokens off;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
#use any of the following two
real_ip_header CF-Connecting-IP;
#real_ip_header X-Forwarded-For;
server {
listen 8080;
client_max_body_size 100m;
location / {
root /app;
index index.html;
try_files $uri $uri/ /index.html;
add_header Cache-Control "no-store, no-cache, must-revalidate";
}
location ~* ^/(favicon.ico|logo.svg|loadingImage.png|og_image.png) {
root /app;
index index.html;
try_files $uri $uri/ /index.html;
expires 1d;
}
location ~* ^/(js/.*|fonts/.*|(css/.*)|(img/.*)|(assets/.*)) {
root /app;
index index.html;
try_files $uri $uri/ /index.html;
expires 1y;
}
location ~ ^/streams/.* {
default_type text/html;
content_by_lua_block {
local f = assert(io.open('/app/index.html', "rb"))
local content = f:read("*all")
f:close()
local http_host = ngx.var.http_host
content = content:gsub('<meta property=og:title (.-)>', '<meta property=og:title content="Speckle Stream">')
local stream_id = ngx.var.uri:sub(10)
local img_tag = '<meta property=og:image content="https://' .. http_host .. '/preview/' .. stream_id .. '?postprocess=og&ts=' .. ngx.now() .. '">'
content = content:gsub('<meta property=og:image (.-)>', img_tag)
ngx.say(content)
}
}
location ~* ^/(graphql|explorer|(auth/.*)|(objects/.*)|(preview/.*)|(api/.*)|(static/.*)) {
resolver 127.0.0.11 valid=30s;
set $upstream_speckle_server speckle-server;
client_max_body_size ${FILE_SIZE_LIMIT_MB}m;
proxy_pass http://$upstream_speckle_server:3000;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /app;
}
}
}
Reference in New Issue View Git Blame Copy Permalink