From 736bddf9d3b031b76b7cf9411ccfdf3b9ee1771a Mon Sep 17 00:00:00 2001 From: vladd-bit Date: Wed, 16 Aug 2023 07:09:04 +0100 Subject: [PATCH] Services: nginx conf update. --- services/nginx/config/nginx.conf | 53 ++++++--------- services/nginx/config/nginx.conf.template | 82 +++++++++++------------ 2 files changed, 63 insertions(+), 72 deletions(-) diff --git a/services/nginx/config/nginx.conf b/services/nginx/config/nginx.conf index c0b71f25..2d619c27 100644 --- a/services/nginx/config/nginx.conf +++ b/services/nginx/config/nginx.conf @@ -57,20 +57,11 @@ http { #server { # listen 5601; # server_name kibana.local; - # ssl_certificate /etc/nginx/es_certificates/elastic-stack-ca.crt.pem; - # ssl_certificate_key /etc/nginx/es_certificates/elastic-stack-ca.key.pem; - - # - # proxy_ssl_certificate /etc/nginx/es_certificates/elasticsearch/elasticsearch/elasticsearch-1/elasticsearch-1.crt; - # proxy_ssl_certificate_key /etc/nginx/es_certificates/elasticsearch/elasticsearch/elasticsearch-1/elasticsearch-1.pem; - - # proxy_ssl_trusted_certificate /etc/nginx/es_certificates/elasticsearch/elasticsearch/elasticsearch-1/elasticsearch-1.crt; - # proxy_ssl_server_name on; # location / { # proxy_pass http://kibana; # - # proxy_set_header X-ProxyScheme https; + # proxy_set_header X-ProxyScheme http; # proxy_set_header X-ProxyHost nginx.docker.localhost; # proxy_set_header X-ProxyPort 5601; # proxy_set_header X-ProxyContextPath /; @@ -81,7 +72,7 @@ http { # listen 80; # listen [::]:80; # server_name nginx.local; - # return 301 https://hostrequest_uri; + # return 301 https://$host$request_uri; #} @@ -100,10 +91,10 @@ http { location / { proxy_set_header Host nifi; proxy_set_header X-Real-IP nifi; - proxy_set_header X-ProxyHost host; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-ProxyContextPath /; proxy_set_header X-Forwarded-Context /; proxy_pass https://nifi; @@ -112,44 +103,44 @@ http { location ^~ /nifi { proxy_set_header Host nifi; proxy_set_header X-Real-IP nifi; - proxy_set_header X-ProxyHost host; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-Forwarded-Context /nifi; proxy_set_header X-ProxyContextPath /nifi; proxy_pass https://nifi; } location ^~ /nifi-api/ { - proxy_set_header Host NIFI; - proxy_set_header X-Real-IP NIFI; - proxy_set_header X-ProxyHost NIFI; + proxy_set_header Host nifi; + proxy_set_header X-Real-IP nifi; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-ProxyContextPath ""; proxy_pass https://nifi/nifi-api/; } location ^~ /nifi-content-viewer/ { - proxy_set_header Host NIFI; - proxy_set_header X-Real-IP NIFI; - proxy_set_header X-ProxyHost host; + proxy_set_header Host nifi; + proxy_set_header X-Real-IP nifi; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-ProxyContextPath ""; proxy_pass https://nifi/nifi-content-viewer/; } location ^~ /nifi-registry-api/ { - proxy_set_header Host NIFI; + proxy_set_header Host nifi; proxy_set_header X-Real-IP nifi; - proxy_set_header X-ProxyHost host; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-ProxyContextPath ""; proxy_pass https://nifi/nifi-registry-api/; } diff --git a/services/nginx/config/nginx.conf.template b/services/nginx/config/nginx.conf.template index 49346d0d..af6b955f 100644 --- a/services/nginx/config/nginx.conf.template +++ b/services/nginx/config/nginx.conf.template @@ -82,7 +82,7 @@ http { # listen 80; # listen [::]:80; # server_name nginx.local; - # return 301 https://${DOLLAR}host${DOLLAR}request_uri; + # return 301 https://$host$request_uri; #} @@ -99,91 +99,91 @@ http { proxy_ssl_server_name on; location / { - proxy_set_header Host ${DOLLAR}host; - proxy_set_header X-Real-IP ${DOLLER}remote_addr; - proxy_set_header X-ProxyHost ${DOLLAR}proxy_host; + proxy_set_header Host nifi; + proxy_set_header X-Real-IP nifi; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme ${DOLLAR}scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-ProxyContextPath /; proxy_set_header X-Forwarded-Context /; proxy_pass https://nifi; } location ^~ /nifi { - proxy_set_header Host ${DOLLAR}host; - proxy_set_header X-Real-IP ${DOLLER}remote_addr; - proxy_set_header X-ProxyHost ${DOLLAR}proxy_host; + proxy_set_header Host nifi; + proxy_set_header X-Real-IP nifi; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme ${DOLLAR}scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-Forwarded-Context /nifi; proxy_set_header X-ProxyContextPath /nifi; proxy_pass https://nifi; } location ^~ /nifi-api/ { - proxy_set_header Host ${DOLLAR}host; - proxy_set_header X-Real-IP ${DOLLER}remote_addr; - proxy_set_header X-ProxyHost ${DOLLAR}proxy_host; + proxy_set_header Host nifi; + proxy_set_header X-Real-IP nifi; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme ${DOLLAR}scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-ProxyContextPath ""; proxy_pass https://nifi/nifi-api/; } location ^~ /nifi-content-viewer/ { - proxy_set_header Host ${DOLLAR}host; - proxy_set_header X-Real-IP ${DOLLER}remote_addr; - proxy_set_header X-ProxyHost ${DOLLAR}proxy_host; + proxy_set_header Host nifi; + proxy_set_header X-Real-IP nifi; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme ${DOLLAR}scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-ProxyContextPath ""; proxy_pass https://nifi/nifi-content-viewer/; } location ^~ /nifi-registry-api/ { - proxy_set_header Host ${DOLLAR}host; - proxy_set_header X-Real-IP ${DOLLER}remote_addr; - proxy_set_header X-ProxyHost ${DOLLAR}proxy_host; + proxy_set_header Host nifi; + proxy_set_header X-Real-IP nifi; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme ${DOLLAR}scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-ProxyContextPath ""; proxy_pass https://nifi/nifi-registry-api/; } location ^~ /tenants { - proxy_set_header Host ${DOLLAR}host; - proxy_set_header X-Real-IP ${DOLLER}remote_addr; - proxy_set_header X-ProxyHost ${DOLLAR}proxy_host; + proxy_set_header Host nifi; + proxy_set_header X-Real-IP nifi; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme ${DOLLAR}scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-ProxyContextPath ""; proxy_pass https://nifi/tenants/; } location ^~ /controller { - proxy_set_header Host ${DOLLAR}host; - proxy_set_header X-Real-IP ${DOLLER}remote_addr; - proxy_set_header X-ProxyHost ${DOLLAR}proxy_host; + proxy_set_header Host nifi; + proxy_set_header X-Real-IP nifi; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme ${DOLLAR}scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-ProxyContextPath ""; proxy_pass https://nifi/controller/; } location ^~ /policies { - proxy_set_header Host ${DOLLAR}host; - proxy_set_header X-Real-IP ${DOLLER}remote_addr; - proxy_set_header X-ProxyHost ${DOLLAR}proxy_host; + proxy_set_header Host nifi; + proxy_set_header X-Real-IP nifi; + proxy_set_header X-ProxyHost $host; proxy_set_header X-ProxyPort 8443; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-ProxyScheme ${DOLLAR}scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-ProxyScheme $scheme; proxy_set_header X-ProxyContextPath ""; proxy_pass https://nifi/policies/; }