-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
/
Copy pathproxito.conf.template
102 lines (89 loc) · 4.49 KB
/
proxito.conf.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# Proxito
server {
listen 80 default_server;
server_name $NGINX_PROXITO_SERVER_NAME;
# Docker Compose's "logging.driver: none" is not working anymore.
# So, we are disabling the logs from NGINX directly.
access_log off;
# TODO: serve the favicon.ico from the project/version itself instead
location /favicon.ico {
proxy_pass http://storage:9000/static/images/favicon.ico;
break;
}
# Redirect old URLs to our new domain
# external-builds.readthedocs.io/<type>/<slug>/<pr-number>/
location ~* ^/html/(?P<project>.+)/(?P<version>.+)/(?P<path>.*) {
add_header X-Served Nginx-External-Redirect always;
rewrite ^ http://$project--$version.org.dev.readthedocs.build/page/$path;
}
# Proxito doc serving
location / {
proxy_pass http://proxito:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_intercept_errors on;
error_page 404 = @notfoundfallback;
add_header X-Served Django-Proxito always;
}
# Sendfile support to serve the actual files that Proxito has specified
location ~* "^/(proxito|proxito-static)/(.+)" {
internal;
# Nginx will strip the `/proxito/` and pass just the `$storage/$type/$proj/$ver/$filename`
proxy_pass http://storage:9000/$2;
proxy_set_header Host storage:9000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_intercept_errors on;
error_page 404 = @notfoundfallback;
# Nginx is silly, so we have to *set* these then use them.
# Using them directly gets the values from the storage upstream.
# I think the `set` must get read before doing the proxy_pass
# but the `add_header` is read after
set $rtd_project $upstream_http_x_rtd_project;
add_header X-RTD-Project $rtd_project always;
set $rtd_version $upstream_http_x_rtd_version;
add_header X-RTD-Version $rtd_version always;
set $rtd_path $upstream_http_x_rtd_path;
add_header X-RTD-Path $rtd_path always;
set $rtd_domain $upstream_http_x_rtd_domain;
add_header X-RTD-Domain $rtd_domain always;
set $rtd_version_method $upstream_http_x_rtd_version_method;
add_header X-RTD-Version-Method $rtd_version_method always;
set $rtd_project_method $upstream_http_x_rtd_project_method;
add_header X-RTD-Project-Method $rtd_project_method always;
set $rtd_redirect $upstream_http_x_rtd_redirect;
add_header X-RTD-Redirect $rtd_redirect always;
set $cdn_cache_control $upstream_http_cdn_cache_control;
add_header CDN-Cache-Control $cdn_cache_control always;
set $cache_tag $upstream_http_cache_tag;
add_header Cache-Tag $cache_tag always;
set $referrer_policy $upstream_http_referrer_policy;
add_header Referrer-Policy $referrer_policy always;
set $permissions_policy $upstream_http_permissions_policy;
add_header Permissions-Policy $permissions_policy always;
set $feature_policy $upstream_http_feature_policy;
add_header Feature-Policy $feature_policy always;
set $access_control_allow_origin $upstream_http_access_control_allow_origin;
add_header Access-Control-Allow-Origin $access_control_allow_origin always;
set $access_control_allow_headers $upstream_http_access_control_allow_headers;
add_header Access-Control-Allow-Headers $access_control_allow_headers always;
set $x_frame_options $upstream_http_x_frame_options;
add_header X-Frame-Options $x_frame_options always;
# Minio sets this header on the response, and we don't want to copy it to the response
proxy_hide_header Content-Security-Policy;
set $content_security_policy $upstream_http_content_security_policy;
add_header Content-Security-Policy $content_security_policy always;
}
# Serve 404 pages here
location @notfoundfallback {
proxy_pass http://proxito:8000/_proxito_404_$request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header X-Served Proxito-404-Fallback always;
}
}