chore: init minio proxy config

bento-platform · Dec 17, 2024 · 3e0d63c · 3e0d63c
1 parent 2115482
commit 3e0d63c
Show file tree

Hide file tree

Showing 3 changed files with 103 additions and 0 deletions.
diff --git a/conf/minio.conf.tpl b/conf/minio.conf.tpl
@@ -0,0 +1,72 @@
+upstream minio {
+    server ${BENTO_MINIO_CONTAINER_NAME}:${BENTO_MINIO_INTERNAL_PORT};
+}
+
+upstream minio_console {
+    server ${BENTO_MINIO_CONTAINER_NAME}:${BENTO_MINIO_CONSOLE_PORT};
+}
+
+server {
+    # tpl__tls_yes__start
+    # Use 444 for internal SSL to allow streaming back to self (above)
+    listen 444 ssl;
+    # tpl__tls_yes__end
+
+    # tpl__tls_no__start
+    listen 80;
+    # tpl__tls_no__end
+
+    server_name ${BENTO_MINIO_DOMAIN};
+
+    # Allow special characters in headers
+    ignore_invalid_headers off;
+
+    # Allow any size file to be uploaded.
+    # Set to a value such as 1000m; to restrict file size to a specific value
+    client_max_body_size 0;
+
+    # Disable buffering
+    proxy_buffering off;
+    proxy_request_buffering off;
+
+    location / {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_connect_timeout 300;
+        # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        chunked_transfer_encoding off;
+
+        proxy_pass http://minio;
+    }
+
+    location /minio/ui/ {
+        rewrite ^/minio/ui/(.*) /$1 break;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-NginX-Proxy true;
+
+        # This is necessary to pass the correct IP to be hashed
+        real_ip_header X-Real-IP;
+
+        proxy_connect_timeout 300;
+
+        # To support websockets in MinIO versions released after January 2023
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
+        # Uncomment the following line to set the Origin request to an empty string
+        # proxy_set_header Origin '';
+
+        chunked_transfer_encoding off;
+
+        proxy_pass http://minio_console; # This uses the upstream directive definition to load balance
+   }
+}
diff --git a/conf/nginx.conf.tpl b/conf/nginx.conf.tpl
@@ -266,4 +266,8 @@ http {
     }
     # tpl__redirect_yes__end
 
+    # tpl__use_minio__start
+    include minio.conf;
+    # tpl__use_minio__end
+
 }
diff --git a/entrypoint.bash b/entrypoint.bash
@@ -72,6 +72,10 @@ envsubst "$(cat ./VARIABLES)" \
   < ./conf/nginx.conf.tpl \
   > ./nginx.conf.pre
 
+echo "[bento_gateway] [entrypoint] creating minio.conf.pre"
+envsubst "$(cat ./VARIABLES)" \
+  < ./conf/minio.conf.tpl \
+  > ./minio.conf.pre
 # ----------------------------------------------------------------------------------------------------------------------
 
 # Run "fine-tuning", i.e., processing the configuration files to *remove* chunks that aren't relevant to the environment
@@ -92,6 +96,19 @@ else
       ./cbioportal.conf.pre
 fi
 
+# Run fine-tuning on minio.conf.pre
+if [[ "${use_tls}" == 0 ]]; then
+  echo "[bento_gateway] [entrypoint] Fine-tuning minio.conf to not use TLS"
+  sed -i.bak \
+      '/tpl__tls_yes__start/,/tpl__tls_yes__end/d' \
+      ./minio.conf.pre
+else
+  echo "[bento_gateway] [entrypoint] Fine-tuning minio.conf to use TLS"
+  sed -i.bak \
+      '/tpl__tls_no__start/,/tpl__tls_no__end/d' \
+      ./minio.conf.pre
+fi
+
 # Run fine-tuning on nginx.conf.pre
 if [[ "${use_tls}" == 0 ]]; then
   echo "[bento_gateway] [entrypoint] Fine-tuning nginx.conf to not use TLS"
@@ -139,11 +156,21 @@ else
       '/tpl__redirect_yes__start/,/tpl__redirect_yes__end/d' \
       ./nginx.conf.pre
 fi
+if [[ "$(true_values_to_1 $BENTO_MINIO_ENABLED)" == 1]]; then
+  echo "[bento_gateway] [entrypoint] Fine-tuning nginx.conf to use Minio"
+else
+  echo "[bento_gateway] [entrypoint] Fine-tuning nginx.conf to disable Minio"
+  sed -i.bak \
+      '/tpl__use_minio__start/,/tpl__use_minio__end/d' \
+      ./nginx.conf.pre
+
 # ----------------------------------------------------------------------------------------------------------------------
 
 # Generate final configuration files / locations -----------------------------------------------------------------------
 #  - Move cbioportal.conf into position
 cp ./cbioportal.conf.pre "${BENTO_GATEWAY_CONF_DIR}/cbioportal.conf"
+#  - Move minio.conf into position
+cp ./minio.conf.pre "${BENTO_GATEWAY_CONF_DIR}/minio.conf"
 #  - Move nginx.conf into position
 cp ./nginx.conf.pre "${BENTO_GATEWAY_CONF_DIR}/nginx.conf"
 #  - Remove pre-final configuration files + any backups