Refactor RSK nginx sites for proxy/lb usage

2023-06-18 16:55:38 +02:00
parent 635ca3870a
commit 90f66c74d2
9 changed files with 83 additions and 36 deletions
--- a/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb
+++ b/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb
@@ -1,23 +1,39 @@
-# Generated by Chef
-<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+upstream _<%= @upstream_name %> {
+<% @upstream_hosts.each do |host| %>
+  server   <%= host %>:<%= @upstream_port %>;
+<% end %>
+}
+
 server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
-  add_header Strict-Transport-Security "max-age=15768000";
-
-  ssl_certificate <%= @ssl_cert %>;
-  ssl_certificate_key <%= @ssl_key %>;

  server_name <%= @domain %>;

+  add_header Strict-Transport-Security "max-age=15768000";
+
  access_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.access.log json;
  error_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.error.log warn;

  location / {
+    if ($request_method = 'OPTIONS') {
+      add_header 'Access-Control-Allow-Origin' '*';
+      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+      add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+      add_header 'Access-Control-Max-Age' 1209600;
+      add_header 'Content-Type' 'text/plain; charset=utf-8';
+      add_header 'Content-Length' 0;
+      return 204;
+    }
+
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_redirect off;
-    proxy_pass http://localhost:<%= @port %>;
+    proxy_pass http://_<%= @upstream_name %>;
   }
+
+  ssl_certificate <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
 }
-<% end -%>