diff --git a/conf/nginx-app.conf b/conf/nginx-app.conf index 5c3af379..6240d53d 100644 --- a/conf/nginx-app.conf +++ b/conf/nginx-app.conf @@ -1,183 +1,183 @@ # nginx-app.conf # Enable CORS for selected origins # map instead of many if's map $http_origin $cors { default "null"; "https://www.test-cors.org" $http_origin; "https://www.epfl.ch" $http_origin; "http://127.0.0.1" $http_origin; "https://localhost" $http_origin; } # the upstream component nginx needs to connect to upstream django { server unix:/oacct_checker/app.sock; # for a file socket # server 127.0.0.1:8001; # for a web port socket (we'll use this first) } +# We want to see the original IP of HTTP requests, not the one from the Openshift gateway +set_real_ip_from 172.31.0.0/16; +set_real_ip_from 10.180.21.0/24; +set_real_ip_from 127.0.0.1/8; +real_ip_header X-Forwarded-For; +real_ip_recursive on; + server { listen 8080 default_server; #listen [::]:80 ; server_name 127.0.0.1; ## Redirige le HTTP vers le HTTPS ## #return 301 https://$server_name$request_uri; # default max body size of 1M not sufficient for 1000 journals client_max_body_size 100M; - # We want to see the original IP of HTTP requests, not the one from the Openshift gateway - set_real_ip_from 172.31.0.0/16; - set_real_ip_from 10.180.21.0/24; - set_real_ip_from 127.0.0.1/8; - real_ip_header X-Forwarded-For; - real_ip_recursive on; - add_header "Content-Security-Policy" "default-src 'self' https://web2018.epfl.ch https://cdn.datatables.net"; add_header "Strict-Transport-Security" "max-age=31536000"; # Django media; not needed in this project location /media { alias /oacct_checker; # your Django project's media files - amend as required } location /static { alias /oacct_checker/staticfiles; # your Django project's static files - amend as required # Simple requests if ($request_method ~* "(GET|POST)") { add_header "Access-Control-Allow-Origin" "$cors"; } # Preflighted requests if ($request_method = OPTIONS ) { add_header "Access-Control-Allow-Origin" "$cors"; add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; return 200; } } location /sphinx { alias /oacct_checker/sphinx/_build/html; # Sphinx documentation served separately # Simple requests (standard, probably overkill) if ($request_method ~* "(GET|POST)") { add_header "Access-Control-Allow-Origin" "$cors"; } # Preflighted requests if ($request_method = OPTIONS ) { add_header "Access-Control-Allow-Origin" "$cors"; add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; return 200; } } location /styleguide { alias /oacct_checker/reactDoc/styleguide; # Sphinx documentation served separately # Simple requests if ($request_method ~* "(GET|POST)") { add_header "Access-Control-Allow-Origin" "$cors"; } # Preflighted requests if ($request_method = OPTIONS ) { add_header "Access-Control-Allow-Origin" "$cors"; add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; return 200; } } # Finally, send all non-media requests to the Django server. location / { uwsgi_pass django; include /oacct_checker/conf/uwsgi_params; # the uwsgi_params file you installed # Simple requests if ($request_method ~* "(GET|POST)") { add_header "Access-Control-Allow-Origin" "$cors"; } # Preflighted requests if ($request_method = OPTIONS ) { add_header "Access-Control-Allow-Origin" "$cors"; add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; return 200; } } } # configuration of the server server { # the port your site will be served on, default_server indicates that this server block # is the block to use if no blocks match the server_name # SSL configuration listen 4443 ssl http2 default_server; listen [::]:4443 ssl http2 ; include snippets/self-signed.conf; include snippets/ssl-params.conf; # the domain name it will serve for server_name 127.0.0.1; # substitute your machine's IP address or FQDN charset utf-8; # max upload size client_max_body_size 75M; # adjust to taste add_header "Content-Security-Policy" "default-src 'self' https://web2018.epfl.ch https://cdn.datatables.net"; add_header "Strict-Transport-Security" "max-age=31536000"; # Django media location /media { alias /oacct_checker; # your Django project's media files - amend as required } location /static { alias /oacct_checker/staticfiles; # your Django project's static files - amend as required # Simple requests if ($request_method ~* "(GET|POST)") { add_header "Access-Control-Allow-Origin" "$cors"; } # Preflighted requests if ($request_method = OPTIONS ) { add_header "Access-Control-Allow-Origin" "$cors"; add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; return 200; } } # Finally, send all non-media requests to the Django server. location / { uwsgi_pass django; include /oacct_checker/conf/uwsgi_params; # the uwsgi_params file you installed # default timout of 60s too short for significant JSON uploads? uwsgi_read_timeout 300s; uwsgi_send_timeout 300s; # Simple requests if ($request_method ~* "(GET|POST)") { add_header "Access-Control-Allow-Origin" "$cors"; } # Preflighted requests if ($request_method = OPTIONS ) { add_header "Access-Control-Allow-Origin" "$cors"; add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; return 200; } } }