From 3b10c6f6e8711270d6a461958f90b1acd7b03e77 Mon Sep 17 00:00:00 2001
From: Stepan Vladovskiy <duffokin@gmail.com>
Date: Wed, 11 Oct 2023 09:03:20 -0300
Subject: [PATCH] feat: +  to nginx.sigill config for /connect custom location

---
 nginx.conf.sigil | 111 ++++++++++++++++++++++++++++++++---------------
 1 file changed, 76 insertions(+), 35 deletions(-)

diff --git a/nginx.conf.sigil b/nginx.conf.sigil
index 35549b2..7168104 100644
--- a/nginx.conf.sigil
+++ b/nginx.conf.sigil
@@ -1,15 +1,56 @@
-{{ $proxy_settings := "proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Host $http_host; proxy_set_header X-Request-Start $msec;" }}
-{{ $gzip_settings := "gzip on; gzip_min_length  1100; gzip_buffers  4 32k; gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml; gzip_vary on; gzip_comp_level  6;" }}
+# Proxy settings
+{{ $proxy_settings := "proxy_http_version 1.1; 
+proxy_set_header Upgrade $http_upgrade; 
+proxy_set_header Connection $http_connection; 
+proxy_set_header Host $http_host; 
+proxy_set_header X-Request-Start $msec;" }}
 
-{{ $cors_headers_options := "if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '$allow_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; }" }}
-{{ $cors_headers_post := "if ($request_method = 'POST') { add_header 'Access-Control-Allow-Origin' '$allow_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; add_header 'Access-Control-Allow-Credentials' 'true' always; }" }}
-{{ $cors_headers_get := "if ($request_method = 'GET') { add_header 'Access-Control-Allow-Origin' '$allow_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; add_header 'Access-Control-Allow-Credentials' 'true' always; }" }}
+# GZIP settings
+{{ $gzip_settings := "gzip on; 
+gzip_min_length 1100; 
+gzip_buffers 4 32k; 
+gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml; 
+gzip_vary on; 
+gzip_comp_level 6;" }}
 
+# CORS headers based on request methods
+{{ $cors_headers_options := "
+if ($request_method = 'OPTIONS') {
+    add_header 'Access-Control-Allow-Origin' '$allow_origin' always;
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
+    add_header 'Access-Control-Allow-Credentials' 'true';
+    add_header 'Access-Control-Max-Age' 1728000;
+    add_header 'Content-Type' 'text/plain; charset=utf-8';
+    add_header 'Content-Length' 0;
+    return 204;
+}" }}
+
+{{ $cors_headers_post := "
+if ($request_method = 'POST') {
+    add_header 'Access-Control-Allow-Origin' '$allow_origin' always;
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+}" }}
+
+{{ $cors_headers_get := "
+if ($request_method = 'GET') {
+    add_header 'Access-Control-Allow-Origin' '$allow_origin' always;
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+}" }}
+
+# Mapping for allowed origins
 map $http_origin $allow_origin {
     ~^https?:\/\/((.*\.)?localhost(:\d+)?|discoursio-webapp(-(.*))?\.vercel\.app|(.*\.)?discours\.io)$ $http_origin;
     default "";
 }
 
+# Server block setup
 {{ range $port_map := .PROXY_PORT_MAP | split " " }}
 {{ $port_map_list := $port_map | split ":" }}
 {{ $scheme := index $port_map_list 0 }}
@@ -17,30 +58,29 @@ map $http_origin $allow_origin {
 {{ $upstream_port := index $port_map_list 2 }}
 
 server {
+    # HTTP/HTTPS settings
     {{ if eq $scheme "http" }}
-        listen [::]:{{ $listen_port }};
-        listen {{ $listen_port }};
-        server_name {{ $.NOSSL_SERVER_NAME }};
-        access_log  /var/log/nginx/{{ $.APP }}-access.log;
-        error_log   /var/log/nginx/{{ $.APP }}-error.log;
-
+    listen [::]:{{ $listen_port }};
+    listen {{ $listen_port }};
+    server_name {{ $.NOSSL_SERVER_NAME }};
+    access_log /var/log/nginx/{{ $.APP }}-access.log;
+    error_log /var/log/nginx/{{ $.APP }}-error.log;
     {{ else if eq $scheme "https" }}
-        listen [::]:{{ $listen_port }} ssl http2;
-        listen {{ $listen_port }} ssl http2;
-        server_name {{ $.NOSSL_SERVER_NAME }};
-        access_log  /var/log/nginx/{{ $.APP }}-access.log;
-        error_log   /var/log/nginx/{{ $.APP }}-error.log;
-        ssl_certificate {{ $.APP_SSL_PATH }}/server.crt;
-        ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key;
-        ssl_protocols             TLSv1.2 TLSv1.3;
-        ssl_prefer_server_ciphers off;
-
-        keepalive_timeout   70;
+    listen [::]:{{ $listen_port }} ssl http2;
+    listen {{ $listen_port }} ssl http2;
+    server_name {{ $.NOSSL_SERVER_NAME }};
+    access_log /var/log/nginx/{{ $.APP }}-access.log;
+    error_log /var/log/nginx/{{ $.APP }}-error.log;
+    ssl_certificate {{ $.APP_SSL_PATH }}/server.crt;
+    ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers off;
+    keepalive_timeout 70;
     {{ end }}
 
-
+    # Default location block
     location / {
-        proxy_pass  http://{{ $.APP }}-{{ $upstream_port }};
+        proxy_pass http://{{ $.APP }}-{{ $upstream_port }};
         {{ $proxy_settings }}
         {{ $gzip_settings }}
         {{ $cors_headers_options }}
@@ -51,18 +91,20 @@ server {
     # Custom location block for /connect
     location /connect {
       proxy_pass http://presence-8080;
-        {{ $cors_headers_options }}
-        {{ $cors_headers_post }}
-        {{ $cors_headers_get }}
-
+      {{ $proxy_settings }}
+      {{ $cors_headers_options }}
+      {{ $cors_headers_post }}
+      {{ $cors_headers_get }}
     }
 
+    # Cache settings for static assets
     location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
-    expires 30d;  # This means that the client can cache these resources for 30 days.
-    add_header Cache-Control "public, no-transform";
+        expires 30d;
+        add_header Cache-Control "public, no-transform";
     }
 
-
+    # Error pages
+    
     error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 /400-error.html;
   location /400-error.html {
     root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
@@ -87,12 +129,11 @@ server {
     internal;
   }
 
-  include /home/dokku/gateway/nginx.conf.d/*.conf;
-
+    include /home/dokku/gateway/nginx.conf.d/*.conf;
 }
 {{ end }}
 
-
+# Upstream setup
 {{ range $upstream_port := $.PROXY_UPSTREAM_PORTS | split " " }}
 upstream {{ $.APP }}-{{ $upstream_port }} {
 {{ range $listeners := $.DOKKU_APP_WEB_LISTENERS | split " " }}
@@ -102,4 +143,4 @@ upstream {{ $.APP }}-{{ $upstream_port }} {
   server {{ $listener_ip }}:{{ $upstream_port }};
 {{ end }}
 }
-{{ end }}
+{{ end }}
\ No newline at end of file