diff --git a/conf/minio.conf.tpl b/conf/minio.conf.tpl new file mode 100644 index 0000000..1876eab --- /dev/null +++ b/conf/minio.conf.tpl @@ -0,0 +1,72 @@ +upstream minio { + server ${BENTO_MINIO_CONTAINER_NAME}:${BENTO_MINIO_INTERNAL_PORT}; +} + +upstream minio_console { + server ${BENTO_MINIO_CONTAINER_NAME}:${BENTO_MINIO_CONSOLE_PORT}; +} + +server { + # tpl__tls_yes__start + # Use 444 for internal SSL to allow streaming back to self (above) + listen 444 ssl; + # tpl__tls_yes__end + + # tpl__tls_no__start + listen 80; + # tpl__tls_no__end + + server_name ${BENTO_MINIO_DOMAIN}; + + # Allow special characters in headers + ignore_invalid_headers off; + + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + + # Disable buffering + proxy_buffering off; + proxy_request_buffering off; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 300; + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 + proxy_http_version 1.1; + proxy_set_header Connection ""; + chunked_transfer_encoding off; + + proxy_pass http://minio; + } + + location /minio/ui/ { + rewrite ^/minio/ui/(.*) /$1 break; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-NginX-Proxy true; + + # This is necessary to pass the correct IP to be hashed + real_ip_header X-Real-IP; + + proxy_connect_timeout 300; + + # To support websockets in MinIO versions released after January 2023 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) + # Uncomment the following line to set the Origin request to an empty string + # proxy_set_header Origin ''; + + chunked_transfer_encoding off; + + proxy_pass http://minio_console; # This uses the upstream directive definition to load balance + } +} diff --git a/conf/nginx.conf.tpl b/conf/nginx.conf.tpl index f0496cc..bd41371 100644 --- a/conf/nginx.conf.tpl +++ b/conf/nginx.conf.tpl @@ -266,4 +266,8 @@ http { } # tpl__redirect_yes__end + # tpl__use_minio__start + include minio.conf; + # tpl__use_minio__end + } diff --git a/entrypoint.bash b/entrypoint.bash index 2aa2d82..0c268f4 100644 --- a/entrypoint.bash +++ b/entrypoint.bash @@ -72,6 +72,10 @@ envsubst "$(cat ./VARIABLES)" \ < ./conf/nginx.conf.tpl \ > ./nginx.conf.pre +echo "[bento_gateway] [entrypoint] creating minio.conf.pre" +envsubst "$(cat ./VARIABLES)" \ + < ./conf/minio.conf.tpl \ + > ./minio.conf.pre # ---------------------------------------------------------------------------------------------------------------------- # Run "fine-tuning", i.e., processing the configuration files to *remove* chunks that aren't relevant to the environment @@ -92,6 +96,19 @@ else ./cbioportal.conf.pre fi +# Run fine-tuning on minio.conf.pre +if [[ "${use_tls}" == 0 ]]; then + echo "[bento_gateway] [entrypoint] Fine-tuning minio.conf to not use TLS" + sed -i.bak \ + '/tpl__tls_yes__start/,/tpl__tls_yes__end/d' \ + ./minio.conf.pre +else + echo "[bento_gateway] [entrypoint] Fine-tuning minio.conf to use TLS" + sed -i.bak \ + '/tpl__tls_no__start/,/tpl__tls_no__end/d' \ + ./minio.conf.pre +fi + # Run fine-tuning on nginx.conf.pre if [[ "${use_tls}" == 0 ]]; then echo "[bento_gateway] [entrypoint] Fine-tuning nginx.conf to not use TLS" @@ -139,11 +156,21 @@ else '/tpl__redirect_yes__start/,/tpl__redirect_yes__end/d' \ ./nginx.conf.pre fi +if [[ "$(true_values_to_1 $BENTO_MINIO_ENABLED)" == 1]]; then + echo "[bento_gateway] [entrypoint] Fine-tuning nginx.conf to use Minio" +else + echo "[bento_gateway] [entrypoint] Fine-tuning nginx.conf to disable Minio" + sed -i.bak \ + '/tpl__use_minio__start/,/tpl__use_minio__end/d' \ + ./nginx.conf.pre + # ---------------------------------------------------------------------------------------------------------------------- # Generate final configuration files / locations ----------------------------------------------------------------------- # - Move cbioportal.conf into position cp ./cbioportal.conf.pre "${BENTO_GATEWAY_CONF_DIR}/cbioportal.conf" +# - Move minio.conf into position +cp ./minio.conf.pre "${BENTO_GATEWAY_CONF_DIR}/minio.conf" # - Move nginx.conf into position cp ./nginx.conf.pre "${BENTO_GATEWAY_CONF_DIR}/nginx.conf" # - Remove pre-final configuration files + any backups