-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx-local-https.conf
138 lines (109 loc) · 4.16 KB
/
nginx-local-https.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
server {
listen 443 ssl;
server_name workbench.local.phema.science;
ssl_certificate /opt/phema/workbench/certs/local.phema.science.fullchain.pem;
ssl_certificate_key /opt/phema/workbench/certs/local.phema.science.privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# CORS hack because nginx if statements suck
set $cors_origin "";
set $cors_cred "";
set $cors_header "";
set $cors_method "";
set $cors_expose "";
set $vary "";
set $cors_age "";
set $cors_content "";
set $cors_length "";
if ($request_method = 'OPTIONS') {
set $cors_origin $http_origin;
set $cors_cred 'true';
set $cors_header 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
set $cors_method 'GET, POST, OPTIONS';
set $cors_expose 'Content-Length,Content-Range';
set $vary 'Origin';
set $cors_age 1728000;
set $cors_content 'text/plain; charset=utf-8';
set $cors_length 0;
return 204;
}
# Clear headers
add_header 'Access-Control-Allow-Origin' $cors_origin;
add_header 'Access-Control-Allow-Credentials' $cors_cred;
add_header 'Access-Control-Allow-Headers' $cors_header;
add_header 'Access-Control-Allow-Methods' $cors_method;
add_header 'Access-Control-Expose-Headers' $cors_expose;
# OPTIONS Stuff
add_header 'Vary' $vary;
add_header 'Access-Control-Max-Age' $cors_age;
add_header 'Content-Type' $cors_content;
add_header 'Content-Length' $cors_length;
# Return success before invoking auth
if ($request_method = 'OPTIONS') {
return 204;
}
# basic auth
auth_basic "PhEMA Workbench";
auth_basic_user_file /opt/phema/workbench/.htpasswd;
# proxy workbench API
location /api/v1 {
proxy_pass http://phema-workbench-api:8083/api/v1;
# # Fix up headers for API requests
# proxy_hide_header 'Access-Control-Allow-Origin';
# proxy_hide_header 'Access-Control-Allow-Credentials';
# add_header 'Access-Control-Allow-Origin' $http_origin;
# add_header 'Access-Control-Allow-Credentials' 'true';
}
# proxy FHIR base URL
location /fhir {
proxy_pass http://phema-cqf-ruler:8080/cqf-ruler-r4/fhir;
# Fix up headers for FHIR requests
# proxy_hide_header 'Access-Control-Allow-Origin';
# proxy_hide_header 'Access-Control-Allow-Credentials';
# add_header 'Access-Control-Allow-Origin' $http_origin;
# add_header 'Access-Control-Allow-Credentials' 'true';
}
# proxy various hapi web overlay resources
location /hapi {
proxy_pass http://phema-cqf-ruler:8080/cqf-ruler-r4/;
}
location /cqf-ruler-r4/ {
proxy_pass http://phema-cqf-ruler:8080/cqf-ruler-r4/;
}
location /css {
proxy_pass http://phema-cqf-ruler:8080/cqf-ruler-r4/css;
}
location /js {
proxy_pass http://phema-cqf-ruler:8080/cqf-ruler-r4/js;
}
location /img {
proxy_pass http://phema-cqf-ruler:8080/cqf-ruler-r4/img;
}
# data api
location /data/ {
# Set headers for Data requests
add_header 'Access-Control-Allow-Origin' $http_origin;
add_header 'Vary' 'Origin';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
add_header 'Access-Control-Allow-Credentials' 'true';
proxy_pass http://phema-workbench-repo-api:3000/;
}
# default to workbench app
location / {
proxy_pass http://phema-workbench-app;
}
}
server {
listen 443 ssl;
server_name cors.local.phema.science;
ssl_certificate /opt/phema/workbench/certs/local.phema.science.fullchain.pem;
ssl_certificate_key /opt/phema/workbench/certs/local.phema.science.privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# cors proxy
location / {
proxy_pass http://phema-cors-proxy:8080;
}
}