Sign upLogin

cloudfoundry/cloud_controller_ng

View on GitHub
Star
.devcontainer/images/nginx/conf/nginx_external_endpoints.conf

Summary

Maintainability
Test Coverage
server {
  listen 80;

  # Forbid access to internal endpoints
  location /internal/v4/ {
    return 403 'Forbidden';
  }

  # proxy and log all CC traffic
  location / {
    access_log                  /tmp/nginx-access.log main;
    access_log                  syslog:server=127.0.0.1,severity=info,tag=vcap_nginx_access main;
    proxy_buffering             off;
    proxy_set_header            Host $host;
    proxy_set_header            X-Real_IP $remote_addr;
    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_redirect              off;
    proxy_connect_timeout       10;
    proxy_pass                  http://cloud_controller;
  }



  location ~ /v2/apps/[^/]+/bits {
    if ($arg_application_path) { return 422; }

    include public_upload.conf;

    upload_pass_args on;
    upload_pass_form_field "^resources$";
  }

  location ~ /v2/buildpacks/.*/bits {
    if ($arg_buildpack_path) { return 422; }

    include public_upload.conf;
  }

  location ~ /v2/apps/[^/]+/droplet/upload {
    if ($arg_droplet_path) { return 422; }

    include public_upload.conf;
  }

  location ~ /v3/packages/.*/upload {
    if ($arg_bits_path) { return 422; }

    upload_pass_form_field "^resources$";
    include public_upload.conf;
  }

  location ~ /v3/buildpacks/.*/upload {
    if ($arg_bits_path) { return 422; }

    include public_upload.conf;
  }

  location ~ /v3/droplets/.*/upload {
    if ($arg_bits_path) { return 422; }

    include public_upload.conf;
  }

  location ~ /staging/(v3/)?(droplets|buildpack_cache)/.*/upload {
  # Allow download the droplets and buildpacks
    if ($request_method = GET){
      proxy_pass http://cloud_controller;
    }

  # Allow large uploads
    client_max_body_size 1536M; #already enforced upstream/but doesn't hurt.

  # Pass along auth header
      set $auth_header $upstream_http_x_auth;
    proxy_set_header Authorization $auth_header;

  # Pass altered request body to this location
    upload_pass   @cc_uploads;

  # Store files to this directory
    upload_store /tmp/staged_droplet_uploads;

  # Allow uploaded files to be read only by user
    #upload_store_access user:r;

  # Set specified fields in request body
    upload_set_form_field "droplet_path" $upload_tmp_path;

  #on any error, delete uploaded files.
    upload_cleanup 400-505;
  }

  # Pass altered request body to a backend
  location @cc_uploads {
    proxy_pass http://cloud_controller;
  }

  location ~ ^/internal_redirect/(.*){
  # only allow internal redirects
    internal;

    set $download_url $1;

  #have to manualy pass along auth header
    set $auth_header $upstream_http_x_auth;
    proxy_set_header Authorization $auth_header;

  # Download the file and send it to client
    proxy_pass $download_url;
  }

  location /nginx_status {
    stub_status on;

    access_log  /tmp/nginx_status.access.log main;

    allow 127.0.0.1;
    deny all;
  }
}