## start server dev-admin.domain.com server {

1.  
2. ## start server dev-admin.domain.com
3. server {
4. server_name dev-admin.domain.com ;
5.  
6. listen 80;
7.  
8. set $proxy_upstream_name "-";
9. set $pass_access_scheme $scheme;
10. set $pass_server_port $server_port;
11. set $best_http_host $http_host;
12. set $pass_port $pass_server_port;
13.  
14. location ~* "^/policy-event-publisher/hangfire/oauth2" {
15.  
16. set $namespace "development";
17. set $ingress_name "policy-event-publisher-oauth2-proxy";
18. set $service_name "oauth2-proxy";
19. set $service_port "4180";
20. set $location_path "/policy-event-publisher/hangfire/oauth2";
21.  
22. rewrite_by_lua_block {
23. lua_ingress.rewrite({
24. force_ssl_redirect = false,
25. use_port_in_redirects = false,
26. })
27. balancer.rewrite()
28. plugins.run()
29. }
30.  
31. header_filter_by_lua_block {
32.  
33. plugins.run()
34. }
35. body_filter_by_lua_block {
36.  
37. }
38.  
39. log_by_lua_block {
40.  
41. balancer.log()
42.  
43. monitor.call()
44.  
45. plugins.run()
46. }
47.  
48. port_in_redirect off;
49.  
50. set $proxy_upstream_name "development-oauth2-proxy-4180";
51. set $proxy_host $proxy_upstream_name;
52.  
53. client_max_body_size 1m;
54.  
55. proxy_set_header Host $best_http_host;
56.  
57. # Pass the extracted client certificate to the backend
58.  
59. # Allow websocket connections
60. proxy_set_header Upgrade $http_upgrade;
61.  
62. proxy_set_header Connection $connection_upgrade;
63.  
64. proxy_set_header X-Request-ID $req_id;
65. proxy_set_header X-Real-IP $the_real_ip;
66.  
67. proxy_set_header X-Forwarded-For $the_real_ip;
68.  
69. proxy_set_header X-Forwarded-Host $best_http_host;
70. proxy_set_header X-Forwarded-Port $pass_port;
71. proxy_set_header X-Forwarded-Proto $pass_access_scheme;
72.  
73. proxy_set_header X-Original-URI $request_uri;
74.  
75. proxy_set_header X-Scheme $pass_access_scheme;
76.  
77. # Pass the original X-Forwarded-For
78. proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
79.  
80. # mitigate HTTPoxy Vulnerability
81. # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
82. proxy_set_header Proxy "";
83.  
84. # Custom headers to proxied server
85.  
86. proxy_connect_timeout 5s;
87. proxy_send_timeout 60s;
88. proxy_read_timeout 60s;
89.  
90. proxy_buffering off;
91. proxy_buffer_size 128k;
92. proxy_buffers 4 128k;
93. proxy_request_buffering on;
94.  
95. proxy_http_version 1.1;
96.  
97. proxy_cookie_domain off;
98. proxy_cookie_path off;
99.  
100. # In case of errors try the next upstream server before returning an error
101. proxy_next_upstream error timeout;
102. proxy_next_upstream_tries 3;
103.  
104. proxy_pass http://upstream_balancer;
105.  
106. proxy_redirect off;
107.  
108. }
109.  
110. location ~* "^/policy-event-publisher/hangfire" {
111.  
112. set $namespace "development";
113. set $ingress_name "policy-event-publisher-ingress1";
114. set $service_name "policy-event-publisher";
115. set $service_port "80";
116. set $location_path "/policy-event-publisher/hangfire";
117.  
118. rewrite_by_lua_block {
119. lua_ingress.rewrite({
120. force_ssl_redirect = false,
121. use_port_in_redirects = false,
122. })
123. balancer.rewrite()
124. plugins.run()
125. }
126.  
127. header_filter_by_lua_block {
128.  
129. plugins.run()
130. }
131. body_filter_by_lua_block {
132.  
133. }
134.  
135. log_by_lua_block {
136.  
137. balancer.log()
138.  
139. monitor.call()
140.  
141. plugins.run()
142. }
143.  
144. port_in_redirect off;
145.  
146. set $proxy_upstream_name "development-policy-event-publisher-80";
147. set $proxy_host $proxy_upstream_name;
148.  
149. client_max_body_size 1m;
150.  
151. proxy_set_header Host $best_http_host;
152.  
153. # Pass the extracted client certificate to the backend
154.  
155. # Allow websocket connections
156. proxy_set_header Upgrade $http_upgrade;
157.  
158. proxy_set_header Connection $connection_upgrade;
159.  
160. proxy_set_header X-Request-ID $req_id;
161. proxy_set_header X-Real-IP $the_real_ip;
162.  
163. proxy_set_header X-Forwarded-For $the_real_ip;
164.  
165. proxy_set_header X-Forwarded-Host $best_http_host;
166. proxy_set_header X-Forwarded-Port $pass_port;
167. proxy_set_header X-Forwarded-Proto $pass_access_scheme;
168.  
169. proxy_set_header X-Original-URI $request_uri;
170.  
171. proxy_set_header X-Scheme $pass_access_scheme;
172.  
173. # Pass the original X-Forwarded-For
174. proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
175.  
176. # mitigate HTTPoxy Vulnerability
177. # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
178. proxy_set_header Proxy "";
179.  
180. # Custom headers to proxied server
181.  
182. proxy_connect_timeout 5s;
183. proxy_send_timeout 60s;
184. proxy_read_timeout 60s;
185.  
186. proxy_buffering off;
187. proxy_buffer_size 128k;
188. proxy_buffers 4 128k;
189. proxy_request_buffering on;
190.  
191. proxy_http_version 1.1;
192.  
193. proxy_cookie_domain off;
194. proxy_cookie_path off;
195.  
196. # In case of errors try the next upstream server before returning an error
197. proxy_next_upstream error timeout;
198. proxy_next_upstream_tries 3;
199.  
200. proxy_pass http://upstream_balancer;
201.  
202. proxy_redirect off;
203.  
204. }
205.  
206. location ~* "^/healthchecks-api" {
207.  
208. set $namespace "development";
209. set $ingress_name "healthcheck-ingress3";
210. set $service_name "servicestatus";
211. set $service_port "80";
212. set $location_path "/healthchecks-api";
213.  
214. rewrite_by_lua_block {
215. lua_ingress.rewrite({
216. force_ssl_redirect = false,
217. use_port_in_redirects = false,
218. })
219. balancer.rewrite()
220. plugins.run()
221. }
222.  
223. header_filter_by_lua_block {
224.  
225. plugins.run()
226. }
227. body_filter_by_lua_block {
228.  
229. }
230.  
231. log_by_lua_block {
232.  
233. balancer.log()
234.  
235. monitor.call()
236.  
237. plugins.run()
238. }
239.  
240. port_in_redirect off;
241.  
242. set $proxy_upstream_name "development-servicestatus-80";
243. set $proxy_host $proxy_upstream_name;
244.  
245. client_max_body_size 1m;
246.  
247. proxy_set_header Host $best_http_host;
248.  
249. # Pass the extracted client certificate to the backend
250.  
251. # Allow websocket connections
252. proxy_set_header Upgrade $http_upgrade;
253.  
254. proxy_set_header Connection $connection_upgrade;
255.  
256. proxy_set_header X-Request-ID $req_id;
257. proxy_set_header X-Real-IP $the_real_ip;
258.  
259. proxy_set_header X-Forwarded-For $the_real_ip;
260.  
261. proxy_set_header X-Forwarded-Host $best_http_host;
262. proxy_set_header X-Forwarded-Port $pass_port;
263. proxy_set_header X-Forwarded-Proto $pass_access_scheme;
264.  
265. proxy_set_header X-Original-URI $request_uri;
266.  
267. proxy_set_header X-Scheme $pass_access_scheme;
268.  
269. # Pass the original X-Forwarded-For
270. proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
271.  
272. # mitigate HTTPoxy Vulnerability
273. # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
274. proxy_set_header Proxy "";
275.  
276. # Custom headers to proxied server
277.  
278. proxy_connect_timeout 5s;
279. proxy_send_timeout 60s;
280. proxy_read_timeout 60s;
281.  
282. proxy_buffering off;
283. proxy_buffer_size 128k;
284. proxy_buffers 4 128k;
285. proxy_request_buffering on;
286.  
287. proxy_http_version 1.1;
288.  
289. proxy_cookie_domain off;
290. proxy_cookie_path off;
291.  
292. # In case of errors try the next upstream server before returning an error
293. proxy_next_upstream error timeout;
294. proxy_next_upstream_tries 3;
295.  
296. proxy_pass http://upstream_balancer;
297.  
298. proxy_redirect off;
299.  
300. }
301.  
302. location ~* "^/status" {
303.  
304. set $namespace "development";
305. set $ingress_name "healthcheck-ingress1";
306. set $service_name "servicestatus";
307. set $service_port "80";
308. set $location_path "/status";
309.  
310. rewrite_by_lua_block {
311. lua_ingress.rewrite({
312. force_ssl_redirect = false,
313. use_port_in_redirects = false,
314. })
315. balancer.rewrite()
316. plugins.run()
317. }
318.  
319. header_filter_by_lua_block {
320.  
321. plugins.run()
322. }
323. body_filter_by_lua_block {
324.  
325. }
326.  
327. log_by_lua_block {
328.  
329. balancer.log()
330.  
331. monitor.call()
332.  
333. plugins.run()
334. }
335.  
336. port_in_redirect off;
337.  
338. set $proxy_upstream_name "development-servicestatus-80";
339. set $proxy_host $proxy_upstream_name;
340.  
341. client_max_body_size 1m;
342.  
343. proxy_set_header Host $best_http_host;
344.  
345. # Pass the extracted client certificate to the backend
346.  
347. # Allow websocket connections
348. proxy_set_header Upgrade $http_upgrade;
349.  
350. proxy_set_header Connection $connection_upgrade;
351.  
352. proxy_set_header X-Request-ID $req_id;
353. proxy_set_header X-Real-IP $the_real_ip;
354.  
355. proxy_set_header X-Forwarded-For $the_real_ip;
356.  
357. proxy_set_header X-Forwarded-Host $best_http_host;
358. proxy_set_header X-Forwarded-Port $pass_port;
359. proxy_set_header X-Forwarded-Proto $pass_access_scheme;
360.  
361. proxy_set_header X-Original-URI $request_uri;
362.  
363. proxy_set_header X-Scheme $pass_access_scheme;
364.  
365. # Pass the original X-Forwarded-For
366. proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
367.  
368. # mitigate HTTPoxy Vulnerability
369. # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
370. proxy_set_header Proxy "";
371.  
372. # Custom headers to proxied server
373.  
374. proxy_connect_timeout 5s;
375. proxy_send_timeout 60s;
376. proxy_read_timeout 60s;
377.  
378. proxy_buffering off;
379. proxy_buffer_size 128k;
380. proxy_buffers 4 128k;
381. proxy_request_buffering on;
382.  
383. proxy_http_version 1.1;
384.  
385. proxy_cookie_domain off;
386. proxy_cookie_path off;
387.  
388. # In case of errors try the next upstream server before returning an error
389. proxy_next_upstream error timeout;
390. proxy_next_upstream_tries 3;
391.  
392. rewrite "(?i)/status" /healthchecks-ui/ break;
393. proxy_pass http://upstream_balancer;
394.  
395. proxy_redirect off;
396.  
397. }
398.  
399. location ~* "^/ui" {
400.  
401. set $namespace "development";
402. set $ingress_name "healthcheck-ingress2";
403. set $service_name "servicestatus";
404. set $service_port "80";
405. set $location_path "/ui";
406.  
407. rewrite_by_lua_block {
408. lua_ingress.rewrite({
409. force_ssl_redirect = false,
410. use_port_in_redirects = false,
411. })
412. balancer.rewrite()
413. plugins.run()
414. }
415.  
416. header_filter_by_lua_block {
417.  
418. plugins.run()
419. }
420. body_filter_by_lua_block {
421.  
422. }
423.  
424. log_by_lua_block {
425.  
426. balancer.log()
427.  
428. monitor.call()
429.  
430. plugins.run()
431. }
432.  
433. port_in_redirect off;
434.  
435. set $proxy_upstream_name "development-servicestatus-80";
436. set $proxy_host $proxy_upstream_name;
437.  
438. client_max_body_size 1m;
439.  
440. proxy_set_header Host $best_http_host;
441.  
442. # Pass the extracted client certificate to the backend
443.  
444. # Allow websocket connections
445. proxy_set_header Upgrade $http_upgrade;
446.  
447. proxy_set_header Connection $connection_upgrade;
448.  
449. proxy_set_header X-Request-ID $req_id;
450. proxy_set_header X-Real-IP $the_real_ip;
451.  
452. proxy_set_header X-Forwarded-For $the_real_ip;
453.  
454. proxy_set_header X-Forwarded-Host $best_http_host;
455. proxy_set_header X-Forwarded-Port $pass_port;
456. proxy_set_header X-Forwarded-Proto $pass_access_scheme;
457.  
458. proxy_set_header X-Original-URI $request_uri;
459.  
460. proxy_set_header X-Scheme $pass_access_scheme;
461.  
462. # Pass the original X-Forwarded-For
463. proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
464.  
465. # mitigate HTTPoxy Vulnerability
466. # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
467. proxy_set_header Proxy "";
468.  
469. # Custom headers to proxied server
470.  
471. proxy_connect_timeout 5s;
472. proxy_send_timeout 60s;
473. proxy_read_timeout 60s;
474.  
475. proxy_buffering off;
476. proxy_buffer_size 128k;
477. proxy_buffers 4 128k;
478. proxy_request_buffering on;
479.  
480. proxy_http_version 1.1;
481.  
482. proxy_cookie_domain off;
483. proxy_cookie_path off;
484.  
485. # In case of errors try the next upstream server before returning an error
486. proxy_next_upstream error timeout;
487. proxy_next_upstream_tries 3;
488.  
489. proxy_pass http://upstream_balancer;
490.  
491. proxy_redirect off;
492.  
493. }
494.  
495. location ~* "^/" {
496.  
497. set $namespace "";
498. set $ingress_name "";
499. set $service_name "";
500. set $service_port "0";
501. set $location_path "/";
502.  
503. rewrite_by_lua_block {
504. lua_ingress.rewrite({
505. force_ssl_redirect = false,
506. use_port_in_redirects = false,
507. })
508. balancer.rewrite()
509. plugins.run()
510. }
511.  
512. header_filter_by_lua_block {
513.  
514. plugins.run()
515. }
516. body_filter_by_lua_block {
517.  
518. }
519.  
520. log_by_lua_block {
521.  
522. balancer.log()
523.  
524. monitor.call()
525.  
526. plugins.run()
527. }
528.  
529. port_in_redirect off;
530.  
531. set $proxy_upstream_name "upstream-default-backend";
532. set $proxy_host $proxy_upstream_name;
533.  
534. client_max_body_size 1m;
535.  
536. proxy_set_header Host $best_http_host;
537.  
538. # Pass the extracted client certificate to the backend
539.  
540. # Allow websocket connections
541. proxy_set_header Upgrade $http_upgrade;
542.  
543. proxy_set_header Connection $connection_upgrade;
544.  
545. proxy_set_header X-Request-ID $req_id;
546. proxy_set_header X-Real-IP $the_real_ip;
547.  
548. proxy_set_header X-Forwarded-For $the_real_ip;
549.  
550. proxy_set_header X-Forwarded-Host $best_http_host;
551. proxy_set_header X-Forwarded-Port $pass_port;
552. proxy_set_header X-Forwarded-Proto $pass_access_scheme;
553.  
554. proxy_set_header X-Original-URI $request_uri;
555.  
556. proxy_set_header X-Scheme $pass_access_scheme;
557.  
558. # Pass the original X-Forwarded-For
559. proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
560.  
561. # mitigate HTTPoxy Vulnerability
562. # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
563. proxy_set_header Proxy "";
564.  
565. # Custom headers to proxied server
566.  
567. proxy_connect_timeout 5s;
568. proxy_send_timeout 60s;
569. proxy_read_timeout 60s;
570.  
571. proxy_buffering off;
572. proxy_buffer_size 128k;
573. proxy_buffers 4 128k;
574. proxy_request_buffering on;
575.  
576. proxy_http_version 1.1;
577.  
578. proxy_cookie_domain off;
579. proxy_cookie_path off;
580.  
581. # In case of errors try the next upstream server before returning an error
582. proxy_next_upstream error timeout;
583. proxy_next_upstream_tries 3;
584.  
585. rewrite "(?i)/" /healthchecks-ui/ break;
586. proxy_pass http://upstream_balancer;
587.  
588. proxy_redirect off;
589.  
590. }
591.  
592. }
593. ## end server dev-admin.domain.com