From 137959391b412cb162b083368f12c8874ce5bedc Mon Sep 17 00:00:00 2001
From: Miguel Salerno <mans17@inf.ufpr.br>
Date: Tue, 26 Apr 2022 10:01:29 -0300
Subject: [PATCH] update nginx files
---
nginx/caqvix-hom | 61 ++++++++++++++++++++++
nginx/{caqvix => caqvix-prod} | 11 ++--
nginx/{labdados => labdados-hom} | 1 +
nginx/labdados-prod | 60 ++++++++++++++++++++++
nginx/{simcaq => simcaq-hom} | 3 +-
nginx/simcaq-prod | 87 ++++++++++++++++++++++++++++++++
6 files changed, 217 insertions(+), 6 deletions(-)
create mode 100644 nginx/caqvix-hom
rename nginx/{caqvix => caqvix-prod} (83%)
rename nginx/{labdados => labdados-hom} (99%)
create mode 100644 nginx/labdados-prod
rename nginx/{simcaq => simcaq-hom} (99%)
create mode 100644 nginx/simcaq-prod
diff --git a/nginx/caqvix-hom b/nginx/caqvix-hom
new file mode 100644
index 0000000..a941005
--- /dev/null
+++ b/nginx/caqvix-hom
@@ -0,0 +1,61 @@
+upstream caqvix {
+ server localhost:5070 fail_timeout=0;
+}
+
+upstream api_server {
+ server localhost:3003 fail_timeout=0;
+}
+
+upstream autentica {
+ server localhost:5500 fail_timeout=0;
+}
+
+server {
+ listen 80;
+ server_name caqvixhom.c3sl.ufpr.br www.caqvixhom.c3sl.ufpr.br;
+ return 301 https://caqvixhom.c3sl.ufpr.br$request_uri;
+}
+
+server {
+ listen 443 ssl;
+ server_name caqvixhom.c3sl.ufpr.br www.caqvixhom.c3sl.ufpr.br;
+ ssl_certificate /etc/ssl/certs/c3sl.pem;
+ ssl_certificate_key /etc/ssl/private/c3sl.pem;
+
+
+ location /autentica {
+ if ($cookie_CAQVIX = "caqvixeducacao") {
+ rewrite ^/autentica$ https://caqvixhom.c3sl.ufpr.br/ redirect;
+ }
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://autentica/;
+ }
+ location / {
+ if ($cookie_CAQVIX != "caqvixeducacao") {
+ rewrite ^/$ https://caqvixhom.c3sl.ufpr.br/autentica redirect;
+ return 401 "Access denied because token is expired or invalid";
+ }
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://caqvix/;
+ }
+
+ location /api/ {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ # proxy_set_header Host $host;
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://api_server;
+ proxy_read_timeout 600s;
+ }
+}
+
diff --git a/nginx/caqvix b/nginx/caqvix-prod
similarity index 83%
rename from nginx/caqvix
rename to nginx/caqvix-prod
index 892a4fa..b51033b 100644
--- a/nginx/caqvix
+++ b/nginx/caqvix-prod
@@ -24,8 +24,8 @@ server {
location /autentica {
- if ($cookie_CAQVIX = "substituaasenhaaqui") {
- rewrite ^/autentica$ http://caqvix.c3sl.ufpr.br/ redirect;
+ if ($cookie_CAQVIX = "caqvixeducacao") {
+ rewrite ^/autentica$ https://caqvix.c3sl.ufpr.br/ redirect;
}
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
@@ -35,9 +35,9 @@ server {
proxy_pass http://autentica/;
}
location / {
- if ($cookie_CAQVIX != "substituaasenhaaqui") {
- rewrite ^/$ http://caqvix.c3sl.ufpr.br/autentica redirect;
- return 401 "Access denied because token is expired or invalid";
+ if ($cookie_CAQVIX != "caqvixeducacao") {
+ rewrite ^/$ https://caqvix.c3sl.ufpr.br/autentica redirect;
+ return 401 "Access denied because token is expired or invalid";
}
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
@@ -58,3 +58,4 @@ server {
proxy_read_timeout 600s;
}
}
+
diff --git a/nginx/labdados b/nginx/labdados-hom
similarity index 99%
rename from nginx/labdados
rename to nginx/labdados-hom
index 49f04fe..2f37aee 100644
--- a/nginx/labdados
+++ b/nginx/labdados-hom
@@ -54,3 +54,4 @@ server {
proxy_pass http://mapfor/;
}
}
+
diff --git a/nginx/labdados-prod b/nginx/labdados-prod
new file mode 100644
index 0000000..5916261
--- /dev/null
+++ b/nginx/labdados-prod
@@ -0,0 +1,60 @@
+upstream lde_api {
+ server localhost:3030 fail_timeout=0;
+}
+
+upstream labdados {
+ server localhost:5050 fail_timeout=0;
+}
+
+upstream mapfor {
+ server localhost:5000 fail_timeout=0;
+}
+
+server {
+ listen 80;
+ server_name dadoseducacionais.c3sl.ufpr.br www.dadoseducacionais.c3sl.ufpr.br;
+ return 301 https://dadoseducacionais.c3sl.ufpr.br$request_uri;
+}
+
+server {
+ listen 443 ssl;
+ server_name dadoseducacionais.c3sl.ufpr.br www.dadoseducacionais.c3sl.ufpr.br;
+ ssl_certificate /etc/ssl/certs/c3sl.pem;
+ ssl_certificate_key /etc/ssl/private/c3sl.pem;
+
+ #root /home/simcaq/labdados-ui;
+ #index index.html index.htm;
+
+ #location / {
+ # try_files $uri $uri/ =404;
+ # root /home/simcaq/labdados-ui;
+ #}
+
+ location / {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://labdados/;
+ }
+
+ location /api/ {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://lde_api;
+ }
+
+ location /mapfor/ {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://mapfor/;
+ }
+}
+
diff --git a/nginx/simcaq b/nginx/simcaq-hom
similarity index 99%
rename from nginx/simcaq
rename to nginx/simcaq-hom
index 585468c..b028abc 100644
--- a/nginx/simcaq
+++ b/nginx/simcaq-hom
@@ -67,7 +67,7 @@ server {
# proxy_pass http://node_server2;
# proxy_read_timeout 600s;
# }
-
+
# location /doc {
# alias /home/simcaq/api-doc/build/;
# }
@@ -83,3 +83,4 @@ server {
# proxy_pass http://cdn_server/api/v1/file/download/;
# }
}
+
diff --git a/nginx/simcaq-prod b/nginx/simcaq-prod
new file mode 100644
index 0000000..dd1a237
--- /dev/null
+++ b/nginx/simcaq-prod
@@ -0,0 +1,87 @@
+### SIMCAQ ###
+# API
+upstream node_server {
+ server localhost:3000 fail_timeout=0;
+}
+
+upstream node_server2 {
+ server localhost:3001 fail_timeout=0;
+}
+
+# SIMCAQ
+upstream simcaq {
+ server localhost:5060 fail_timeout=0;
+}
+
+# CDN
+upstream cdn_server {
+ server simcaqdb3.c3sl.ufpr.br:7000 fail_timeout=0;
+}
+
+server {
+ listen 80;
+ server_name simcaq.c3sl.ufpr.br www.simcaq.c3sl.ufpr.br;
+ return 301 https://simcaq.c3sl.ufpr.br$request_uri;
+}
+
+server {
+ listen 443 ssl;
+ server_name simcaq.c3sl.ufpr.br www.simcaq.c3sl.ufpr.br;
+ ssl_certificate /etc/ssl/certs/c3sl.pem;
+ ssl_certificate_key /etc/ssl/private/c3sl.pem;
+
+ # root /home/simcaq/simcaq-ui/dist;
+ # index index.html index.htm;
+
+ location / {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://simcaq;
+ # try_files $uri $uri/ /index.html;
+ # root /home/simcaq/simcaq-ui/dist;
+ #auth_basic "Restricted";
+ #auth_basic_user_file /etc/nginx/.htpasswd;
+ }
+
+ location /api/ {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ #proxy_set_header Host $host;
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://node_server;
+ proxy_read_timeout 600s;
+ }
+
+ location /api-test/ {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ #proxy_set_header Host $host;
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://node_server2;
+ proxy_read_timeout 600s;
+ }
+
+ location /doc {
+ alias /home/simcaq/api-doc/build/;
+ }
+
+ location /download/ {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ proxy_set_header Host $host;
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://cdn_server/api/v1/file/download/;
+ }
+
+}
+
--
GitLab