docker-nginx.template

# Manged by SupervisorD - disable deamon
daemon off;
pid pids/nginx.pid;                      

# Logs
error_log  /var/log/nginx/nginx_error.log  warn;

events {
    use epoll;
    multi_accept on;
}

http {

    # Include default Kong Nginx config
    include 'nginx-kong.conf';
    include '/usr/local/openresty/nginx/conf/mime.types';

    # Enable GZip Compression 
    gzip on; 
    gzip_http_version 1.1; 
    gzip_vary on; 
    gzip_comp_level 6;
    gzip_proxied any;
    gzip_types text/plain text/html text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js image/x-icon; gzip_buffers 16 8k; 
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    # Cache
    gzip_proxied any;
  	gzip_min_length 1000;
    proxy_cache_path /home/sttrweb/Oncoscape/cache levels=1:2 keys_zone=datacache:100m max_size=5000m;
    proxy_temp_path /var/tmp;
    proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args";
    proxy_cache_valid 404 1m;

    # Public Server
    server {

        server_name oncoscape;
        listen 80;
        
        root /home/sttrweb/Oncoscape/client;

        # Increase Body Size For Upload + Cache
        client_max_body_size 200m;
        client_body_buffer_size 200m;
        
        # Index
        location / {
            index index.html index.htm;
        }

        # HTTPS 
        #if ($http_x_forwarded_proto != "https") {
        #    return 301 https://$server_name$request_uri;
        #}

        # Static Assets
        location ~ ^/(assets|fonts|scripts|styles|maps|app)/ {
            add_header Cache-Control public;
            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";  
            expires 2d;
        }

        # ELB Heath Check
        location /health_check {
           return 200;
        }

        # Documentation Site
        location ~ ^/documentation/(.*)$ {
            alias /home/sttrweb/Oncoscape/documentation/$1;
            index index.html index.htm;
            add_header Cache-Control public;
            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";  
            expires 2d;
        }
        
        # Upload Tool Directory
        location ~ ^/upload/(.*)$ {
            alias /home/sttrweb/Oncoscape/NG4-Data-Upload/dist/$1;
            index index.html index.htm;
            add_header Cache-Control public;
            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";  
            expires 2d;
        }

        # Kong Api
        location /api/ {
            proxy_set_header Host $host;
            proxy_buffering on;
            # proxy_cache datacache;
            # proxy_cache_methods GET HEAD POST;
            # proxy_cache_min_uses 1;
            # proxy_cache_valid 200  1d;
            proxy_hide_header Set-Cookie;
            proxy_cache_bypass $http_secret_header;
            proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";  
            add_header Cache-Control public;
            add_header X-Proxy-Cache $upstream_cache_status;
            expires 2d;
            proxy_pass http://127.0.0.1:8000/;
        }

        # Expose Kong Admin Api - PWD Protected
        location /admin/ {
            proxy_pass http://127.0.0.1:8001/;
            proxy_set_header Host $host;
            #auth_basic "Restricted Content";
            #auth_basic_user_file /home/sttrweb/Oncoscape/.htpasswd;
        }

        # Expose Node PM2 Api - PWD Protected
        location /data/ {
            proxy_buffering on;
            proxy_cache datacache;
            proxy_cache_methods GET HEAD POST;
            proxy_cache_min_uses 1;
            proxy_cache_valid 200 1d;
            proxy_hide_header Set-Cookie;
            proxy_cache_bypass $http_secret_header;
            proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
            add_header X-Proxy-Cache $upstream_cache_status;
            add_header Cache-Control "public";
            proxy_pass http://127.0.0.1:8002/api/;
            auth_basic "Restricted Content";
            auth_basic_user_file /home/sttrweb/Oncoscape/.htpasswd;
        }

        # Expose Open CPU Api - PWD Protected
        #location /ocpu {
        #    proxy_set_header X-Real-IP $remote_addr;
        #    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #    proxy_set_header X-Forwarded-Proto $scheme;
        #    proxy_set_header Host $host;
        #    proxy_redirect http:// https://;
        #    proxy_pass http://127.0.0.1:8004;
        #    auth_basic "Restricted Content";
        #    auth_basic_user_file /home/sttrweb/Oncoscape/.htpasswd;
        #}

        # Expose Flask API - Not PWD Protected
        location /cpu/ {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $host;

            #proxy_redirect http:// https://;
            proxy_pass http://0.0.0.0:10001/;
            #auth_basic "Restricted Content";
            #auth_basic_user_file /home/sttrweb/Oncoscape/.htpasswd;
        }

        location /dev {
        	# LDA CACHE
		proxy_ssl_server_name on;
		proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		# USE MD5 Query String 
		proxy_cache datacache;
     		proxy_cache_key "$uri|$query_string";
		proxy_cache_valid any 5y;
		proxy_cache_methods POST;
		client_max_body_size 100000k; # 413
		add_header Z-Cache-Status $upstream_cache_status;
		proxy_pass https://0x8okrpyl3.execute-api.us-west-2.amazonaws.com/dev;
	}
    }
}