-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathnginx.conf
More file actions
136 lines (116 loc) · 4.69 KB
/
nginx.conf
File metadata and controls
136 lines (116 loc) · 4.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 4096;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
# include /etc/nginx/conf.d/*.conf;
upstream minio {
server minio1:9000;
server minio2:9000;
server minio3:9000;
server minio4:9000;
}
server {
listen 9000;
listen [::]:9000;
server_name localhost;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
client_body_buffer_size 100m;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://minio;
}
}
server {
listen 9500;
listen [::]:9500;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
client_body_buffer_size 100m;
location / {
proxy_pass http://localhost:9501;
proxy_http_version 1.1;
proxy_buffers 16 1M;
proxy_buffer_size 1M;
client_body_buffer_size 10M;
client_max_body_size 10M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Hide the mod_zip header from the client
proxy_hide_header X-Archive-Files;
}
# Note this will only work if you have the nginx mod-zip plugin installed in your image
# The NGINX mod_zip plugin requires that files are loaded through an
# NGINX location block. They cannot be loaded from an external URL.
# Therefore, we use NGINX to proxy traffic to AWS S3 or minio to work around
# this limitation.
location /zip-files/ {
internal;
rewrite /zip-files/(.*)$ /$1 break;
# This should be http://localhost:9000/ for path style addressing
proxy_pass http://ocs-example-bucket.localhost:9000/;
proxy_http_version 1.1;
proxy_buffering off;
proxy_intercept_errors on;
}
# Note this will only work if you have the nginx mod-zip plugin installed in your image
# Internal-only route for the mod_zip transparent uncompressed
# ZIP file download support. This URL is marked as internal (cannot
# be used by an external user: it is only valid for the NGINX
# webserver itself to access).
#
# http://nginx.org/en/docs/http/ngx_http_core_module.html#internal
#
# This ensures that a user who DOES know the AWS S3 Version ID of
# a file which they are NOT permitted to access cannot use this route
# to download a file they do not have access to.
#
# The traffic is passed directly to the Python backend application,
# which handles the actual AWS S3 or minio access and funpack in Python code.
location /zip-funpack/ {
internal;
proxy_pass http://localhost:9501/;
proxy_http_version 1.1;
proxy_buffering off;
proxy_intercept_errors on;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Hide the mod_zip header from the client
proxy_hide_header X-Archive-Files;
}
}
}