Skip to content

Instantly share code, notes, and snippets.

@palcu

palcu/ckan.conf

Created June 2, 2016 13:12
Show Gist options
  • Save palcu/dfd8abc83d0ab4eb4b7c4bc2b7614ca4 to your computer and use it in GitHub Desktop.
Save palcu/dfd8abc83d0ab4eb4b7c4bc2b7614ca4 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. palcu created this gist Jun 2, 2016.
    107 changes: 107 additions & 0 deletions ckan.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,107 @@
    # BEWARE
    # There are two parts, first port 80 and then port 443
    # We have 2 needs: serving everything that we can on HTTP (this means we redirect most of the requests from HTTPS)
    # Serving the login page and logged in people from HTTPS

    proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m;
    proxy_temp_path /tmp/nginx_proxy 1 2;
    server_tokens off;

    server {
    listen 80;

    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;
    client_max_body_size 2000M;
    server_name data.gov.ro;

    location /user/login {
    return 301 https://$host$request_uri;
    }

    location / {
    if ($cookie_auth_tkt) {
    return 301 https://$host$request_uri;
    }
    proxy_pass http://127.0.0.1:8080/;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_cache cache;
    proxy_cache_bypass $cookie_auth_tkt;
    proxy_no_cache $cookie_auth_tkt;
    proxy_cache_valid 30m;
    proxy_cache_key $host$scheme$proxy_host$request_uri;
    }
    }

    server {
    listen 443 default ssl;

    ssl on;
    ssl_certificate /etc/ssl/datagovro_cert_2016.crt;
    ssl_certificate_key /etc/ssl/data_gov_ro.key;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 5m;

    server_name data.gov.ro;
    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;
    client_max_body_size 2000M;

    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
    add_header 'Strict-Transport-Security' 'max-age=0'; # we need this because we activated this header a while ago and want to deactivate it

    location /login_generic { # this is from the login post
    proxy_pass http://127.0.0.1:8080/$request_uri;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
    proxy_cache cache;
    proxy_cache_bypass $cookie_auth_tkt;
    proxy_no_cache $cookie_auth_tkt;
    proxy_cache_valid 30m;
    proxy_cache_key $host$scheme$proxy_host$request_uri;
    }

    location /user/login { # this is the login page
    proxy_pass http://127.0.0.1:8080/$request_uri;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
    proxy_cache cache;
    proxy_cache_bypass $cookie_auth_tkt;
    proxy_no_cache $cookie_auth_tkt;
    proxy_cache_valid 30m;
    proxy_cache_key $host$scheme$proxy_host$request_uri;
    }

    set $redirecthttp 1; # using this variable as a sentinel
    if ($cookie_auth_tkt) {
    set $redirecthttp 0;
    }
    if ($request_uri ~* \.(js|jpg|png|css|ttf|woff)) { # we are serving these assets from http because the login page needs them
    set $redirecthttp 0;
    }

    location / {
    if ($redirecthttp = 1) {
    return 301 http://$host$request_uri;
    }

    proxy_pass http://127.0.0.1:8080/;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
    proxy_cache cache;
    proxy_cache_bypass $cookie_auth_tkt;
    proxy_no_cache $cookie_auth_tkt;
    proxy_cache_valid 30m;
    proxy_cache_key $host$scheme$proxy_host$request_uri;
    }
    }

    30 changes: 30 additions & 0 deletions rewrites.conf
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,30 @@
    server {
    listen 80;
    server_name www.data.gov.ro;
    return 301 $scheme://data.gov.ro$request_uri;
    }
    server {
    listen 443;
    server_name www.data.gov.ro;
    return 301 $scheme://data.gov.ro$request_uri;
    }
    server {
    listen 443;
    server_name date.gov.ro;
    return 301 $scheme://data.gov.ro$request_uri;
    }
    server {
    listen 80;
    server_name date.gov.ro;
    return 301 $scheme://data.gov.ro$request_uri;
    }
    server {
    listen 443;
    server_name www.date.gov.ro;
    return 301 $scheme://data.gov.ro$request_uri;
    }
    server {
    listen 80;
    server_name www.date.gov.ro;
    return 301 $scheme://data.gov.ro$request_uri;
    }