-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx.conf
142 lines (117 loc) · 3.91 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
map $proxy_host $is_allowed {
default 0; # Deny by default
include /etc/nginx/allowed_jupyter_proxy_hosts.conf;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=proxy_jupyter_cache:10m max_size=10g inactive=60m use_temp_path=off;
resolver 8.8.8.8 8.8.4.4;
# remove the log stuff after debugging
log_format custom '$proxy_protocol_addr - $remote_user [$time_local] "$request" '
'proxy_host=$proxy_host '
'proxy_uri=$proxy_uri '
'request_uri=$request_uri '
'proxy_pass_url="https://$proxy_host$proxy_uri" '
'status=$status '
'body_bytes_sent=$body_bytes_sent '
'referer=$http_referer '
'user_agent=$http_user_agent';
access_log /var/log/nginx/access.log custom;
server {
listen 80;
server_name frontend;
port_in_redirect off;
include mime.types;
types {
application/javascript mjs;
}
location = / {
return 302 /static/lecture/;
}
location /files {
alias /usr/share/nginx/htmlsecuredfiles;
secure_link $arg_md5,$arg_expires;
secure_link_md5 "$secure_link_expires$uri ${FAILS_STATIC_SECRET}";
if ($secure_link = "") { return 403; }
if ($secure_link = "0") { return 410; }
}
location /config {
root /usr/share/nginx/html;
}
location /static/app {
root /usr/share/nginx/html;
index index.html
try_files $uri /index.html;
}
location /static/lecture {
root /usr/share/nginx/html;
index index.html
try_files $uri /index.html;
}
location /static/experimental/app {
root /usr/share/nginx/html;
index index.html
try_files $uri /index.html;
}
location /static/experimental/lecture {
root /usr/share/nginx/html;
index index.html
try_files $uri /index.html;
}
location /static/oss {
root /usr/share/nginx/html;
index attribution.txt
try_files $uri /attribution.txt;
}
location ~ ^/jupyter/proxy/([^/]+)(/.*)?$ {
set $proxy_host $1;
set $proxy_uri $2;
proxy_set_header Host $proxy_host;
proxy_ssl_name $proxy_host;
proxy_ssl_server_name on;
proxy_pass https://$proxy_host$proxy_uri;
if ($is_allowed = 0) {
return 403;
}
proxy_cache proxy_jupyter_cache;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
proxy_cache_key $proxy_host$proxy_uri;
proxy_cache_use_stale error timeout updating;
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin $http_host;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'Content-Type, Authorization';
add_header Access-Control-Allow-Credentials 'true';
return 204;
}
add_header Access-Control-Allow-Origin $http_host;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'Content-Type, Authorization';
add_header Access-Control-Allow-Credentials 'true';
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP "";
proxy_set_header X-Forwarded-For 127.0.0.1;
proxy_set_header X-Forwarded-Proto "";
}
location /jupyter {
location ~ ^/jupyter/(?!proxy/).*$ {
root /usr/share/nginx/html;
index index.html
try_files $uri /index.html;
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin $http_host;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'Content-Type, Authorization';
add_header Access-Control-Allow-Credentials 'true';
return 204;
}
add_header Access-Control-Allow-Origin $http_host;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'Content-Type, Authorization';
add_header Access-Control-Allow-Credentials 'true';
location ~* \.(wasm|tar\.gz)$ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
expires 4w;
}
}
}
}