API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 29th, 2018
271
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.62 KB | None | 0 0
raw download clone embed print report
  1.  
  2. include upstream.conf;
  3.  
  4. log_format noc_format '$remote_addr - $remote_user [$time_local] '
  5. '"$request" $status $body_bytes_sent '
  6. '"$http_referer" "$http_user_agent" '
  7. '$upstream_addr '
  8. '$request_time $upstream_response_time $pipe';
  9.  
  10.  
  11. server {
  12. listen 80;
  13. server_name 10.240.3.242;
  14. location / {
  15. return 301 https://10.240.3.242$request_uri;
  16. }
  17. }
  18.  
  19. server {
  20. listen 443;
  21. server_name 10.240.3.242;
  22. ssl on;
  23. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  24. ssl_certificate /etc/nginx/ssl/noc.crt;
  25. ssl_certificate_key /etc/nginx/ssl/noc.key;
  26. add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
  27. add_header X-Content-Type-Options nosniff;
  28. add_header X-Backend-Server $upstream_addr always;
  29. add_header X-Front-Server $hostname always;
  30. ssl_stapling on;
  31. ssl_stapling_verify on;
  32.  
  33. client_max_body_size 32m;
  34.  
  35. access_log /var/log/nginx/noc.access.log noc_format;
  36. error_log /var/log/nginx/noc.error.log;
  37.  
  38. # Proxy authentication settings
  39. error_page 401 = @error401;
  40.  
  41. location @error401 {
  42. return 302 /api/login/index.html?uri=$request_uri;
  43. }
  44.  
  45. location /ng_stats {
  46. stub_status;
  47. allow 172.17.0.1;
  48. allow 10.240.3.242;
  49. deny all;
  50. access_log off;
  51. }
  52.  
  53. location /inv/monitor/ {
  54. proxy_pass http://noc-web;
  55. auth_request /api/auth/auth/;
  56. proxy_read_timeout 900;
  57. gzip on;
  58. gzip_types text/html text/json;
  59. proxy_set_header Host $http_host;
  60. proxy_set_header X-Scheme $scheme;
  61. proxy_set_header X-Real-IP $remote_addr;
  62. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  63. proxy_set_header X-Forwarded-Proto $scheme;
  64. auth_request_set $user $upstream_http_remote_user;
  65. proxy_set_header Remote-User $user;
  66. auth_request_set $groups $upstream_http_remote_groups;
  67. proxy_set_header Remote-Groups $groups;
  68. access_log off;
  69. }
  70.  
  71. location /fm/monitor/data2/ {
  72. proxy_pass http://noc-web;
  73. auth_request /api/auth/auth/;
  74. proxy_read_timeout 900;
  75. gzip on;
  76. gzip_types text/html text/json;
  77. proxy_set_header Host $http_host;
  78. proxy_set_header X-Scheme $scheme;
  79. proxy_set_header X-Real-IP $remote_addr;
  80. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  81. proxy_set_header X-Forwarded-Proto $scheme;
  82. auth_request_set $user $upstream_http_remote_user;
  83. proxy_set_header Remote-User $user;
  84. auth_request_set $groups $upstream_http_remote_groups;
  85. proxy_set_header Remote-Groups $groups;
  86. access_log off;
  87. }
  88.  
  89. # Login service api
  90. location /api/auth/ {
  91. internal;
  92. proxy_pass http://login;
  93. # internal;
  94. gzip on;
  95. gzip_types text/css text/x-js;
  96. proxy_set_header Host $http_host;
  97. proxy_set_header X-Scheme $scheme;
  98. proxy_set_header X-Real-IP $remote_addr;
  99. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  100. proxy_set_header X-Forwarded-Proto $scheme;
  101. proxy_set_header X-Original-URI $request_uri;
  102. proxy_set_header Content-Length '0';
  103. access_log /var/log/nginx/auth.access.log noc_format;
  104. }
  105.  
  106. # Login service api
  107. location /api/login/ {
  108. proxy_pass http://login;
  109. gzip on;
  110. gzip_types text/css text/x-js;
  111. proxy_set_header Host $http_host;
  112. proxy_set_header X-Scheme $scheme;
  113. proxy_set_header X-Real-IP $remote_addr;
  114. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  115. proxy_set_header X-Forwarded-Proto $scheme;
  116. proxy_set_header X-Original-URI $request_uri;
  117. access_log /var/log/nginx/login.access.log noc_format;
  118. }
  119.  
  120. # Card service api
  121. location /api/card/ {
  122. proxy_pass http://card;
  123. auth_request /api/auth/auth/;
  124. # internal;
  125. gzip on;
  126. gzip_types text/css text/x-js text/json;
  127. proxy_set_header Host $http_host;
  128. proxy_set_header X-Scheme $scheme;
  129. proxy_set_header X-Real-IP $remote_addr;
  130. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  131. proxy_set_header X-Forwarded-Proto $scheme;
  132. auth_request_set $user $upstream_http_remote_user;
  133. proxy_set_header Remote-User $user;
  134. auth_request_set $groups $upstream_http_remote_groups;
  135. proxy_set_header Remote-Groups $groups;
  136. access_log /var/log/nginx/card.access.log noc_format;
  137. }
  138.  
  139. # mrt service api
  140. location /api/mrt/ {
  141. proxy_pass http://mrt;
  142. proxy_read_timeout 900;
  143. auth_request /api/auth/auth/;
  144. # internal;
  145. gzip on;
  146. gzip_types text/css text/x-js text/json;
  147. proxy_set_header Host $http_host;
  148. proxy_set_header X-Scheme $scheme;
  149. proxy_set_header X-Real-IP $remote_addr;
  150. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  151. proxy_set_header X-Forwarded-Proto $scheme;
  152. auth_request_set $user $upstream_http_remote_user;
  153. proxy_set_header Remote-User $user;
  154. auth_request_set $groups $upstream_http_remote_groups;
  155. proxy_set_header Remote-Groups $groups;
  156. access_log /var/log/nginx/mrt.access.log noc_format;
  157. }
  158.  
  159. # bi service api
  160. location /api/bi/ {
  161. proxy_pass http://bi;
  162. auth_request /api/auth/auth/;
  163. # internal;
  164. gzip on;
  165. gzip_types text/css text/x-js text/json;
  166. proxy_set_header Host $http_host;
  167. proxy_set_header X-Scheme $scheme;
  168. proxy_set_header X-Real-IP $remote_addr;
  169. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  170. proxy_set_header X-Forwarded-Proto $scheme;
  171. auth_request_set $user $upstream_http_remote_user;
  172. proxy_set_header Remote-User $user;
  173. auth_request_set $groups $upstream_http_remote_groups;
  174. proxy_set_header Remote-Groups $groups;
  175. }
  176.  
  177. location /ui/bi2/ {
  178. alias /opt/noc/ui/bi2/;
  179. try_files $uri /index.html =404;
  180. gzip on;
  181. gzip_types text/css text/javascript application/x-javascript application/json;
  182. access_log /var/log/nginx/static.access.log noc_format;
  183. }
  184.  
  185.  
  186. # grafanads service api
  187. location /api/grafanads/ {
  188. proxy_pass http://grafanads;
  189. auth_request /api/auth/auth/;
  190. # internal;
  191. gzip on;
  192. gzip_types text/css text/x-js;
  193. proxy_set_header Host $http_host;
  194. proxy_set_header X-Scheme $scheme;
  195. proxy_set_header X-Real-IP $remote_addr;
  196. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  197. proxy_set_header X-Forwarded-Proto $scheme;
  198. auth_request_set $user $upstream_http_remote_user;
  199. proxy_set_header Remote-User $user;
  200. auth_request_set $groups $upstream_http_remote_groups;
  201. proxy_set_header Remote-Groups $groups;
  202. }
  203.  
  204. # Legacy django media
  205. location ^~ /media/ {
  206. alias /opt/noc/django/contrib/admin/static/;
  207. gzip on;
  208. gzip_types text/css text/javascript application/x-javascript application/json text/x-js application/javascript;
  209. access_log /var/log/nginx/static.access.log noc_format;
  210. }
  211.  
  212. # Legacy static resources
  213. location ^~ /static/ {
  214. alias /opt/noc/static/;
  215. gzip on;
  216. gzip_types text/css text/javascript application/x-javascript application/json text/x-js application/javascript;
  217. access_log /var/log/nginx/static.access.log noc_format;
  218. }
  219.  
  220. # UI files
  221. location ^~ /ui/ {
  222. alias /opt/noc/ui/;
  223. gzip on;
  224. gzip_types text/css text/javascript application/x-javascript application/json text/x-js application/javascript;
  225. access_log /var/log/nginx/static.access.log noc_format;
  226. }
  227.  
  228. location /ui/bi/editor/ {
  229. alias /opt/noc/ui/bi/;
  230. try_files $uri /index.html =404;
  231. gzip on;
  232. gzip_types text/css text/javascript application/x-javascript application/json;
  233. access_log /var/log/nginx/static.access.log noc_format;
  234. }
  235.  
  236.  
  237. location /ui/grafana {
  238. proxy_pass http://grafana;
  239. auth_request /api/auth/auth/;
  240. rewrite ^/ui/grafana/(.*) /$1 break;
  241. proxy_set_header Host $http_host;
  242. proxy_set_header X-Scheme $scheme;
  243. proxy_set_header X-Real-IP $remote_addr;
  244. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  245. proxy_set_header X-Forwarded-Proto $scheme;
  246. auth_request_set $user $upstream_http_remote_user;
  247. proxy_set_header Remote-User $user;
  248. auth_request_set $groups $upstream_http_remote_groups;
  249. proxy_set_header Remote-Groups $groups;
  250. proxy_set_header Authorization "";
  251. access_log /var/log/nginx/grafana.access.log noc_format;
  252. }
  253.  
  254. location / {
  255. rewrite ^/$ /main/desktop/;
  256. proxy_pass http://noc-web;
  257. auth_request /api/auth/auth/;
  258. proxy_read_timeout 900;
  259. gzip on;
  260. gzip_types text/css text/x-js text/json;
  261. proxy_set_header Host $http_host;
  262. proxy_set_header X-Scheme $scheme;
  263. proxy_set_header X-Real-IP $remote_addr;
  264. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  265. proxy_set_header X-Forwarded-Proto $scheme;
  266. auth_request_set $user $upstream_http_remote_user;
  267. proxy_set_header Remote-User $user;
  268. auth_request_set $groups $upstream_http_remote_groups;
  269. proxy_set_header Remote-Groups $groups;
  270. }
  271. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!