Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- include upstream.conf;
- log_format noc_format '$remote_addr - $remote_user [$time_local] '
- '"$request" $status $body_bytes_sent '
- '"$http_referer" "$http_user_agent" '
- '$upstream_addr '
- '$request_time $upstream_response_time $pipe';
- server {
- listen 80;
- server_name 10.240.3.242;
- location / {
- return 301 https://10.240.3.242$request_uri;
- }
- }
- server {
- listen 443;
- server_name 10.240.3.242;
- ssl on;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_certificate /etc/nginx/ssl/noc.crt;
- ssl_certificate_key /etc/nginx/ssl/noc.key;
- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
- add_header X-Content-Type-Options nosniff;
- add_header X-Backend-Server $upstream_addr always;
- add_header X-Front-Server $hostname always;
- ssl_stapling on;
- ssl_stapling_verify on;
- client_max_body_size 32m;
- access_log /var/log/nginx/noc.access.log noc_format;
- error_log /var/log/nginx/noc.error.log;
- # Proxy authentication settings
- error_page 401 = @error401;
- location @error401 {
- return 302 /api/login/index.html?uri=$request_uri;
- }
- location /ng_stats {
- stub_status;
- allow 172.17.0.1;
- allow 10.240.3.242;
- deny all;
- access_log off;
- }
- location /inv/monitor/ {
- proxy_pass http://noc-web;
- auth_request /api/auth/auth/;
- proxy_read_timeout 900;
- gzip on;
- gzip_types text/html text/json;
- proxy_set_header Host $http_host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- auth_request_set $user $upstream_http_remote_user;
- proxy_set_header Remote-User $user;
- auth_request_set $groups $upstream_http_remote_groups;
- proxy_set_header Remote-Groups $groups;
- access_log off;
- }
- location /fm/monitor/data2/ {
- proxy_pass http://noc-web;
- auth_request /api/auth/auth/;
- proxy_read_timeout 900;
- gzip on;
- gzip_types text/html text/json;
- proxy_set_header Host $http_host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- auth_request_set $user $upstream_http_remote_user;
- proxy_set_header Remote-User $user;
- auth_request_set $groups $upstream_http_remote_groups;
- proxy_set_header Remote-Groups $groups;
- access_log off;
- }
- # Login service api
- location /api/auth/ {
- internal;
- proxy_pass http://login;
- # internal;
- gzip on;
- gzip_types text/css text/x-js;
- proxy_set_header Host $http_host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Original-URI $request_uri;
- proxy_set_header Content-Length '0';
- access_log /var/log/nginx/auth.access.log noc_format;
- }
- # Login service api
- location /api/login/ {
- proxy_pass http://login;
- gzip on;
- gzip_types text/css text/x-js;
- proxy_set_header Host $http_host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Original-URI $request_uri;
- access_log /var/log/nginx/login.access.log noc_format;
- }
- # Card service api
- location /api/card/ {
- proxy_pass http://card;
- auth_request /api/auth/auth/;
- # internal;
- gzip on;
- gzip_types text/css text/x-js text/json;
- proxy_set_header Host $http_host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- auth_request_set $user $upstream_http_remote_user;
- proxy_set_header Remote-User $user;
- auth_request_set $groups $upstream_http_remote_groups;
- proxy_set_header Remote-Groups $groups;
- access_log /var/log/nginx/card.access.log noc_format;
- }
- # mrt service api
- location /api/mrt/ {
- proxy_pass http://mrt;
- proxy_read_timeout 900;
- auth_request /api/auth/auth/;
- # internal;
- gzip on;
- gzip_types text/css text/x-js text/json;
- proxy_set_header Host $http_host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- auth_request_set $user $upstream_http_remote_user;
- proxy_set_header Remote-User $user;
- auth_request_set $groups $upstream_http_remote_groups;
- proxy_set_header Remote-Groups $groups;
- access_log /var/log/nginx/mrt.access.log noc_format;
- }
- # bi service api
- location /api/bi/ {
- proxy_pass http://bi;
- auth_request /api/auth/auth/;
- # internal;
- gzip on;
- gzip_types text/css text/x-js text/json;
- proxy_set_header Host $http_host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- auth_request_set $user $upstream_http_remote_user;
- proxy_set_header Remote-User $user;
- auth_request_set $groups $upstream_http_remote_groups;
- proxy_set_header Remote-Groups $groups;
- }
- location /ui/bi2/ {
- alias /opt/noc/ui/bi2/;
- try_files $uri /index.html =404;
- gzip on;
- gzip_types text/css text/javascript application/x-javascript application/json;
- access_log /var/log/nginx/static.access.log noc_format;
- }
- # grafanads service api
- location /api/grafanads/ {
- proxy_pass http://grafanads;
- auth_request /api/auth/auth/;
- # internal;
- gzip on;
- gzip_types text/css text/x-js;
- proxy_set_header Host $http_host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- auth_request_set $user $upstream_http_remote_user;
- proxy_set_header Remote-User $user;
- auth_request_set $groups $upstream_http_remote_groups;
- proxy_set_header Remote-Groups $groups;
- }
- # Legacy django media
- location ^~ /media/ {
- alias /opt/noc/django/contrib/admin/static/;
- gzip on;
- gzip_types text/css text/javascript application/x-javascript application/json text/x-js application/javascript;
- access_log /var/log/nginx/static.access.log noc_format;
- }
- # Legacy static resources
- location ^~ /static/ {
- alias /opt/noc/static/;
- gzip on;
- gzip_types text/css text/javascript application/x-javascript application/json text/x-js application/javascript;
- access_log /var/log/nginx/static.access.log noc_format;
- }
- # UI files
- location ^~ /ui/ {
- alias /opt/noc/ui/;
- gzip on;
- gzip_types text/css text/javascript application/x-javascript application/json text/x-js application/javascript;
- access_log /var/log/nginx/static.access.log noc_format;
- }
- location /ui/bi/editor/ {
- alias /opt/noc/ui/bi/;
- try_files $uri /index.html =404;
- gzip on;
- gzip_types text/css text/javascript application/x-javascript application/json;
- access_log /var/log/nginx/static.access.log noc_format;
- }
- location /ui/grafana {
- proxy_pass http://grafana;
- auth_request /api/auth/auth/;
- rewrite ^/ui/grafana/(.*) /$1 break;
- proxy_set_header Host $http_host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- auth_request_set $user $upstream_http_remote_user;
- proxy_set_header Remote-User $user;
- auth_request_set $groups $upstream_http_remote_groups;
- proxy_set_header Remote-Groups $groups;
- proxy_set_header Authorization "";
- access_log /var/log/nginx/grafana.access.log noc_format;
- }
- location / {
- rewrite ^/$ /main/desktop/;
- proxy_pass http://noc-web;
- auth_request /api/auth/auth/;
- proxy_read_timeout 900;
- gzip on;
- gzip_types text/css text/x-js text/json;
- proxy_set_header Host $http_host;
- proxy_set_header X-Scheme $scheme;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- auth_request_set $user $upstream_http_remote_user;
- proxy_set_header Remote-User $user;
- auth_request_set $groups $upstream_http_remote_groups;
- proxy_set_header Remote-Groups $groups;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement