GeoNetAgent, LDAPWeb, server-audit, server-connection
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

93 lines
3.5 KiB

# console.gisportal.id → Geonet Console (Docker :8091)
upstream geonet_console_backend {
server 127.0.0.1:8091;
keepalive 8;
}
limit_req_zone $binary_remote_addr zone=geonet_console_general:10m rate=30r/s;
server {
listen 80;
server_name console.gisportal.id;
return 301 https://console.gisportal.id$request_uri;
}
server {
listen 443 ssl;
server_name console.gisportal.id;
include /etc/nginx/conf.d/ssl.conf;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# CORS untuk FE PWA my.gisportal.id — hanya berlaku di /api/
location /api/ {
if ($http_origin = "https://my.gisportal.id") {
add_header Access-Control-Allow-Origin "https://my.gisportal.id" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
add_header Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With" always;
add_header Access-Control-Max-Age 3600 always;
}
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin "https://my.gisportal.id" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
add_header Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With" always;
add_header Access-Control-Max-Age 3600 always;
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
limit_req zone=geonet_console_general burst=50 nodelay;
proxy_pass http://geonet_console_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 120s;
}
location = /login {
proxy_pass http://geonet_console_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 60s;
}
location /project-search/ {
limit_req zone=geonet_console_general burst=50 nodelay;
proxy_pass http://geonet_console_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
}
location / {
limit_req zone=geonet_console_general burst=50 nodelay;
proxy_pass http://geonet_console_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 120s;
}
}