inspark-data-center/docker/proxy-semona/default.conf.template

# ограничение методов авторизации по логину пароли и sso на ip-адрес клиента
limit_req_zone $binary_remote_addr zone=perip_login:10m rate=1r/s;

# ограничение вызова методов восстановления пароля и проверки токена авторизации
limit_req_zone $binary_remote_addr zone=perip_pass_recover:10m rate=1r/m;

# ограничение методов авторизации, действующее на весь сервер
limit_req_zone $server_name zone=perserver_auth:10m rate=10r/s;

# поддержка web socket соединений
map $http_upgrade $connection_upgrade {
 default upgrade;
 "" close;
}

# для jasperserver разрешить подчеркивания в заголовках запросов
underscores_in_headers on;

# ограничение на объем тела типичного запроса клиента
client_max_body_size 20m;

upstream restservices {
  server restservices:8080;
}

server {
  listen 80;

  gzip on;
  gzip_min_length 256;
  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
  gzip_proxied any;

# ===== BEGIN REDIRECT BLOCK =====
  if ($scheme != "http") {
        return 301 http://$host$request_uri;
  }
# ===== END REDIRECT BLOCK =====

# ===== BEGIN ERROR HANDLING BLOCK =====
error_page 502 503 @503;

location @503 {
  root /var/www/semux-error-pages;
  try_files /503.html =503;
  internal;
}
# ===== END ERROR HANDLING BLOCK =====

# ------------------------------------------------------------


# ===== BEGIN MAIN LOCATION BLOCK =====
root /var/www/semux;
index index.html;
include /etc/nginx/mime.types;


location @semona {
  proxy_pass http://restservices;
  proxy_set_header Host $host;
  proxy_set_header   X-Real-IP        $remote_addr;
  proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
  proxy_set_header   X-Forwarded-Proto $scheme;
  proxy_read_timeout 15m;

  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;
}


location /sem-restservices {
  try_files $uri @semona;
}

location / {
   try_files $uri $uri/ /index.html;
}

# ===== END MAIN LOCATION BLOCK =====

# ===== BEGIN SPECIAL LOCATIONS BLOCK =====
  location /sem-restservices/db/expimp {
    client_max_body_size 32m;
    try_files $uri @semona;
  }

  # ограничение интенсивности запросов авторизации
  location /sem-restservices/auth/login {
    limit_req zone=perip_login burst=20 nodelay;
    limit_req zone=perserver_auth burst=20 nodelay;
    proxy_pass http://restservices;
    proxy_set_header Host $host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
  }

  location /sem-restservices/auth/sso {
    limit_req zone=perip_login burst=20 nodelay;
    limit_req zone=perserver_auth burst=20 nodelay;
    proxy_pass http://restservices;
    proxy_set_header Host $host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
  }

  location /sem-restservices/auth/recovery_password {
    limit_req zone=perip_pass_recover burst=5 nodelay;
    limit_req zone=perserver_auth burst=5 nodelay;
    proxy_pass http://restservices;
    proxy_set_header Host $host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
  }

  location /sem-restservices/auth/reset_password {
    limit_req zone=perip_pass_recover burst=5 nodelay;
    limit_req zone=perserver_auth burst=5 nodelay;
    proxy_pass http://restservices;
    proxy_set_header Host $host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
  }

  location /sem-restservices/auth/check_code {
    limit_req zone=perip_pass_recover burst=5 nodelay;
    limit_req zone=perserver_auth burst=5 nodelay;
    proxy_pass http://restservices;
    proxy_set_header Host $host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
  }

# ===== END SPECIAL LOCATIONS BLOCK =====

# ------------------------------------------------------------

}