add users path to nginx config

Bad-Science · Bad-Science · commit 81133cdbc41d · 2018-06-25T16:11:02.000-04:00
diff --git a/nginx.conf b/nginx.conf
@@ -17,6 +17,11 @@ http {
         keepalive 64;
     }
 
+    upstream users {
+        server users:4400;
+        keepalive 64;
+    }
+
     proxy_cache_path /etc/nginx/cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
 
     limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
@@ -94,6 +99,41 @@ http {
             proxy_redirect off;
         }
 
+        location @app_users {
+            proxy_pass https://users;
+            # proxy_set_header       Host $host;
+
+            proxy_cache            off;
+            # proxy_cache_valid      200  1d;
+            # proxy_cache_use_stale  error timeout invalid_header updating http_500 http_502 http_503 http_504;
+            # proxy_cache_lock on;
+            # proxy_cache_revalidate on;
+            # proxy_cache_min_uses 3;
+
+            # add_header X-Cache-Status $upstream_cache_status;
+
+            add_header Access-Control-Allow-Origin *;
+            add_header X-Frame-Options DENY;
+            # add_header X-Content-Type-Options nosniff;
+            # add_header X-XSS-Protection "1; mode=block";
+            add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.githubusercontent.com https://github.com https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' data:";
+
+            proxy_set_header Host $http_host;
+            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header    X-Real-IP        $remote_addr;
+            proxy_set_header    X-Client-Verify  SUCCESS;
+            proxy_set_header    X-Client-DN      $ssl_client_s_dn;
+            proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
+            proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_read_timeout 1800;
+            proxy_connect_timeout 1800;
+            proxy_http_version 1.1;
+            proxy_set_header Connection "";
+            proxy_buffering off;
+            proxy_redirect off;
+        }
+
         location ~ /\. {
             deny all;
         }
@@ -112,13 +152,19 @@ http {
             root   /usr/src/app/dist-web/public;
             try_files $uri$args $uri$args/ /index.html;
             index index.html;
-      }
+        }
 
         location /api/ {
             gzip_static on;
 
             try_files $uri @app;
         }
+
+        location /users/ {
+            gzip_static on;
+
+            try_files $uri @app_users;
+        }
     }
 
     access_log off;
