Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## start server dev-admin.domain.com
- server {
- server_name dev-admin.domain.com ;
- listen 80;
- set $proxy_upstream_name "-";
- set $pass_access_scheme $scheme;
- set $pass_server_port $server_port;
- set $best_http_host $http_host;
- set $pass_port $pass_server_port;
- location ~* "^/policy-event-publisher/hangfire/oauth2" {
- set $namespace "development";
- set $ingress_name "policy-event-publisher-oauth2-proxy";
- set $service_name "oauth2-proxy";
- set $service_port "4180";
- set $location_path "/policy-event-publisher/hangfire/oauth2";
- rewrite_by_lua_block {
- lua_ingress.rewrite({
- force_ssl_redirect = false,
- use_port_in_redirects = false,
- })
- balancer.rewrite()
- plugins.run()
- }
- header_filter_by_lua_block {
- plugins.run()
- }
- body_filter_by_lua_block {
- }
- log_by_lua_block {
- balancer.log()
- monitor.call()
- plugins.run()
- }
- port_in_redirect off;
- set $proxy_upstream_name "development-oauth2-proxy-4180";
- set $proxy_host $proxy_upstream_name;
- client_max_body_size 1m;
- proxy_set_header Host $best_http_host;
- # Pass the extracted client certificate to the backend
- # Allow websocket connections
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header X-Request-ID $req_id;
- proxy_set_header X-Real-IP $the_real_ip;
- proxy_set_header X-Forwarded-For $the_real_ip;
- proxy_set_header X-Forwarded-Host $best_http_host;
- proxy_set_header X-Forwarded-Port $pass_port;
- proxy_set_header X-Forwarded-Proto $pass_access_scheme;
- proxy_set_header X-Original-URI $request_uri;
- proxy_set_header X-Scheme $pass_access_scheme;
- # Pass the original X-Forwarded-For
- proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
- # mitigate HTTPoxy Vulnerability
- # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
- proxy_set_header Proxy "";
- # Custom headers to proxied server
- proxy_connect_timeout 5s;
- proxy_send_timeout 60s;
- proxy_read_timeout 60s;
- proxy_buffering off;
- proxy_buffer_size 128k;
- proxy_buffers 4 128k;
- proxy_request_buffering on;
- proxy_http_version 1.1;
- proxy_cookie_domain off;
- proxy_cookie_path off;
- # In case of errors try the next upstream server before returning an error
- proxy_next_upstream error timeout;
- proxy_next_upstream_tries 3;
- proxy_pass http://upstream_balancer;
- proxy_redirect off;
- }
- location ~* "^/policy-event-publisher/hangfire" {
- set $namespace "development";
- set $ingress_name "policy-event-publisher-ingress1";
- set $service_name "policy-event-publisher";
- set $service_port "80";
- set $location_path "/policy-event-publisher/hangfire";
- rewrite_by_lua_block {
- lua_ingress.rewrite({
- force_ssl_redirect = false,
- use_port_in_redirects = false,
- })
- balancer.rewrite()
- plugins.run()
- }
- header_filter_by_lua_block {
- plugins.run()
- }
- body_filter_by_lua_block {
- }
- log_by_lua_block {
- balancer.log()
- monitor.call()
- plugins.run()
- }
- port_in_redirect off;
- set $proxy_upstream_name "development-policy-event-publisher-80";
- set $proxy_host $proxy_upstream_name;
- client_max_body_size 1m;
- proxy_set_header Host $best_http_host;
- # Pass the extracted client certificate to the backend
- # Allow websocket connections
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header X-Request-ID $req_id;
- proxy_set_header X-Real-IP $the_real_ip;
- proxy_set_header X-Forwarded-For $the_real_ip;
- proxy_set_header X-Forwarded-Host $best_http_host;
- proxy_set_header X-Forwarded-Port $pass_port;
- proxy_set_header X-Forwarded-Proto $pass_access_scheme;
- proxy_set_header X-Original-URI $request_uri;
- proxy_set_header X-Scheme $pass_access_scheme;
- # Pass the original X-Forwarded-For
- proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
- # mitigate HTTPoxy Vulnerability
- # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
- proxy_set_header Proxy "";
- # Custom headers to proxied server
- proxy_connect_timeout 5s;
- proxy_send_timeout 60s;
- proxy_read_timeout 60s;
- proxy_buffering off;
- proxy_buffer_size 128k;
- proxy_buffers 4 128k;
- proxy_request_buffering on;
- proxy_http_version 1.1;
- proxy_cookie_domain off;
- proxy_cookie_path off;
- # In case of errors try the next upstream server before returning an error
- proxy_next_upstream error timeout;
- proxy_next_upstream_tries 3;
- proxy_pass http://upstream_balancer;
- proxy_redirect off;
- }
- location ~* "^/healthchecks-api" {
- set $namespace "development";
- set $ingress_name "healthcheck-ingress3";
- set $service_name "servicestatus";
- set $service_port "80";
- set $location_path "/healthchecks-api";
- rewrite_by_lua_block {
- lua_ingress.rewrite({
- force_ssl_redirect = false,
- use_port_in_redirects = false,
- })
- balancer.rewrite()
- plugins.run()
- }
- header_filter_by_lua_block {
- plugins.run()
- }
- body_filter_by_lua_block {
- }
- log_by_lua_block {
- balancer.log()
- monitor.call()
- plugins.run()
- }
- port_in_redirect off;
- set $proxy_upstream_name "development-servicestatus-80";
- set $proxy_host $proxy_upstream_name;
- client_max_body_size 1m;
- proxy_set_header Host $best_http_host;
- # Pass the extracted client certificate to the backend
- # Allow websocket connections
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header X-Request-ID $req_id;
- proxy_set_header X-Real-IP $the_real_ip;
- proxy_set_header X-Forwarded-For $the_real_ip;
- proxy_set_header X-Forwarded-Host $best_http_host;
- proxy_set_header X-Forwarded-Port $pass_port;
- proxy_set_header X-Forwarded-Proto $pass_access_scheme;
- proxy_set_header X-Original-URI $request_uri;
- proxy_set_header X-Scheme $pass_access_scheme;
- # Pass the original X-Forwarded-For
- proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
- # mitigate HTTPoxy Vulnerability
- # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
- proxy_set_header Proxy "";
- # Custom headers to proxied server
- proxy_connect_timeout 5s;
- proxy_send_timeout 60s;
- proxy_read_timeout 60s;
- proxy_buffering off;
- proxy_buffer_size 128k;
- proxy_buffers 4 128k;
- proxy_request_buffering on;
- proxy_http_version 1.1;
- proxy_cookie_domain off;
- proxy_cookie_path off;
- # In case of errors try the next upstream server before returning an error
- proxy_next_upstream error timeout;
- proxy_next_upstream_tries 3;
- proxy_pass http://upstream_balancer;
- proxy_redirect off;
- }
- location ~* "^/status" {
- set $namespace "development";
- set $ingress_name "healthcheck-ingress1";
- set $service_name "servicestatus";
- set $service_port "80";
- set $location_path "/status";
- rewrite_by_lua_block {
- lua_ingress.rewrite({
- force_ssl_redirect = false,
- use_port_in_redirects = false,
- })
- balancer.rewrite()
- plugins.run()
- }
- header_filter_by_lua_block {
- plugins.run()
- }
- body_filter_by_lua_block {
- }
- log_by_lua_block {
- balancer.log()
- monitor.call()
- plugins.run()
- }
- port_in_redirect off;
- set $proxy_upstream_name "development-servicestatus-80";
- set $proxy_host $proxy_upstream_name;
- client_max_body_size 1m;
- proxy_set_header Host $best_http_host;
- # Pass the extracted client certificate to the backend
- # Allow websocket connections
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header X-Request-ID $req_id;
- proxy_set_header X-Real-IP $the_real_ip;
- proxy_set_header X-Forwarded-For $the_real_ip;
- proxy_set_header X-Forwarded-Host $best_http_host;
- proxy_set_header X-Forwarded-Port $pass_port;
- proxy_set_header X-Forwarded-Proto $pass_access_scheme;
- proxy_set_header X-Original-URI $request_uri;
- proxy_set_header X-Scheme $pass_access_scheme;
- # Pass the original X-Forwarded-For
- proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
- # mitigate HTTPoxy Vulnerability
- # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
- proxy_set_header Proxy "";
- # Custom headers to proxied server
- proxy_connect_timeout 5s;
- proxy_send_timeout 60s;
- proxy_read_timeout 60s;
- proxy_buffering off;
- proxy_buffer_size 128k;
- proxy_buffers 4 128k;
- proxy_request_buffering on;
- proxy_http_version 1.1;
- proxy_cookie_domain off;
- proxy_cookie_path off;
- # In case of errors try the next upstream server before returning an error
- proxy_next_upstream error timeout;
- proxy_next_upstream_tries 3;
- rewrite "(?i)/status" /healthchecks-ui/ break;
- proxy_pass http://upstream_balancer;
- proxy_redirect off;
- }
- location ~* "^/ui" {
- set $namespace "development";
- set $ingress_name "healthcheck-ingress2";
- set $service_name "servicestatus";
- set $service_port "80";
- set $location_path "/ui";
- rewrite_by_lua_block {
- lua_ingress.rewrite({
- force_ssl_redirect = false,
- use_port_in_redirects = false,
- })
- balancer.rewrite()
- plugins.run()
- }
- header_filter_by_lua_block {
- plugins.run()
- }
- body_filter_by_lua_block {
- }
- log_by_lua_block {
- balancer.log()
- monitor.call()
- plugins.run()
- }
- port_in_redirect off;
- set $proxy_upstream_name "development-servicestatus-80";
- set $proxy_host $proxy_upstream_name;
- client_max_body_size 1m;
- proxy_set_header Host $best_http_host;
- # Pass the extracted client certificate to the backend
- # Allow websocket connections
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header X-Request-ID $req_id;
- proxy_set_header X-Real-IP $the_real_ip;
- proxy_set_header X-Forwarded-For $the_real_ip;
- proxy_set_header X-Forwarded-Host $best_http_host;
- proxy_set_header X-Forwarded-Port $pass_port;
- proxy_set_header X-Forwarded-Proto $pass_access_scheme;
- proxy_set_header X-Original-URI $request_uri;
- proxy_set_header X-Scheme $pass_access_scheme;
- # Pass the original X-Forwarded-For
- proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
- # mitigate HTTPoxy Vulnerability
- # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
- proxy_set_header Proxy "";
- # Custom headers to proxied server
- proxy_connect_timeout 5s;
- proxy_send_timeout 60s;
- proxy_read_timeout 60s;
- proxy_buffering off;
- proxy_buffer_size 128k;
- proxy_buffers 4 128k;
- proxy_request_buffering on;
- proxy_http_version 1.1;
- proxy_cookie_domain off;
- proxy_cookie_path off;
- # In case of errors try the next upstream server before returning an error
- proxy_next_upstream error timeout;
- proxy_next_upstream_tries 3;
- proxy_pass http://upstream_balancer;
- proxy_redirect off;
- }
- location ~* "^/" {
- set $namespace "";
- set $ingress_name "";
- set $service_name "";
- set $service_port "0";
- set $location_path "/";
- rewrite_by_lua_block {
- lua_ingress.rewrite({
- force_ssl_redirect = false,
- use_port_in_redirects = false,
- })
- balancer.rewrite()
- plugins.run()
- }
- header_filter_by_lua_block {
- plugins.run()
- }
- body_filter_by_lua_block {
- }
- log_by_lua_block {
- balancer.log()
- monitor.call()
- plugins.run()
- }
- port_in_redirect off;
- set $proxy_upstream_name "upstream-default-backend";
- set $proxy_host $proxy_upstream_name;
- client_max_body_size 1m;
- proxy_set_header Host $best_http_host;
- # Pass the extracted client certificate to the backend
- # Allow websocket connections
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header X-Request-ID $req_id;
- proxy_set_header X-Real-IP $the_real_ip;
- proxy_set_header X-Forwarded-For $the_real_ip;
- proxy_set_header X-Forwarded-Host $best_http_host;
- proxy_set_header X-Forwarded-Port $pass_port;
- proxy_set_header X-Forwarded-Proto $pass_access_scheme;
- proxy_set_header X-Original-URI $request_uri;
- proxy_set_header X-Scheme $pass_access_scheme;
- # Pass the original X-Forwarded-For
- proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
- # mitigate HTTPoxy Vulnerability
- # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
- proxy_set_header Proxy "";
- # Custom headers to proxied server
- proxy_connect_timeout 5s;
- proxy_send_timeout 60s;
- proxy_read_timeout 60s;
- proxy_buffering off;
- proxy_buffer_size 128k;
- proxy_buffers 4 128k;
- proxy_request_buffering on;
- proxy_http_version 1.1;
- proxy_cookie_domain off;
- proxy_cookie_path off;
- # In case of errors try the next upstream server before returning an error
- proxy_next_upstream error timeout;
- proxy_next_upstream_tries 3;
- rewrite "(?i)/" /healthchecks-ui/ break;
- proxy_pass http://upstream_balancer;
- proxy_redirect off;
- }
- }
- ## end server dev-admin.domain.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement