You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
93 lines
3.5 KiB
93 lines
3.5 KiB
# console.gisportal.id → Geonet Console (Docker :8091) |
|
upstream geonet_console_backend { |
|
server 127.0.0.1:8091; |
|
keepalive 8; |
|
} |
|
|
|
limit_req_zone $binary_remote_addr zone=geonet_console_general:10m rate=30r/s; |
|
|
|
server { |
|
listen 80; |
|
server_name console.gisportal.id; |
|
return 301 https://console.gisportal.id$request_uri; |
|
} |
|
|
|
server { |
|
listen 443 ssl; |
|
server_name console.gisportal.id; |
|
include /etc/nginx/conf.d/ssl.conf; |
|
|
|
add_header X-Frame-Options "SAMEORIGIN" always; |
|
add_header X-Content-Type-Options "nosniff" always; |
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always; |
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; |
|
|
|
# CORS untuk FE PWA my.gisportal.id — hanya berlaku di /api/ |
|
location /api/ { |
|
if ($http_origin = "https://my.gisportal.id") { |
|
add_header Access-Control-Allow-Origin "https://my.gisportal.id" always; |
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; |
|
add_header Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With" always; |
|
add_header Access-Control-Max-Age 3600 always; |
|
} |
|
|
|
if ($request_method = OPTIONS) { |
|
add_header Access-Control-Allow-Origin "https://my.gisportal.id" always; |
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; |
|
add_header Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With" always; |
|
add_header Access-Control-Max-Age 3600 always; |
|
add_header Content-Length 0; |
|
add_header Content-Type text/plain; |
|
return 204; |
|
} |
|
|
|
limit_req zone=geonet_console_general burst=50 nodelay; |
|
|
|
proxy_pass http://geonet_console_backend; |
|
proxy_http_version 1.1; |
|
proxy_set_header Host $host; |
|
proxy_set_header X-Real-IP $remote_addr; |
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
proxy_set_header X-Forwarded-Proto $scheme; |
|
proxy_set_header X-Forwarded-Host $host; |
|
proxy_read_timeout 120s; |
|
} |
|
|
|
location = /login { |
|
proxy_pass http://geonet_console_backend; |
|
proxy_http_version 1.1; |
|
proxy_set_header Host $host; |
|
proxy_set_header X-Real-IP $remote_addr; |
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
proxy_set_header X-Forwarded-Proto $scheme; |
|
proxy_set_header X-Forwarded-Host $host; |
|
proxy_read_timeout 60s; |
|
} |
|
|
|
location /project-search/ { |
|
limit_req zone=geonet_console_general burst=50 nodelay; |
|
|
|
proxy_pass http://geonet_console_backend; |
|
proxy_http_version 1.1; |
|
proxy_set_header Host $host; |
|
proxy_set_header X-Real-IP $remote_addr; |
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
proxy_set_header X-Forwarded-Proto $scheme; |
|
proxy_set_header X-Forwarded-Host $host; |
|
proxy_read_timeout 300s; |
|
proxy_send_timeout 300s; |
|
} |
|
|
|
location / { |
|
limit_req zone=geonet_console_general burst=50 nodelay; |
|
|
|
proxy_pass http://geonet_console_backend; |
|
proxy_http_version 1.1; |
|
proxy_set_header Host $host; |
|
proxy_set_header X-Real-IP $remote_addr; |
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
proxy_set_header X-Forwarded-Proto $scheme; |
|
proxy_set_header X-Forwarded-Host $host; |
|
proxy_read_timeout 120s; |
|
} |
|
}
|
|
|