From ea038728f1f465a3663d8ccd4e67ec231a71ad3f Mon Sep 17 00:00:00 2001
From: Stepn_V <stepan.vladovskiy@gmail.com>
Date: Fri, 6 Oct 2023 11:21:39 -0300
Subject: [PATCH] feat: nginx sigil with location /connect option

---
 1.nginx.conf.sigil |  60 +++++++++++++++++++++
 nginx.conf.sigil   | 128 ++++++++++++++++++++++++++++-----------------
 2 files changed, 140 insertions(+), 48 deletions(-)
 create mode 100644 1.nginx.conf.sigil

diff --git a/1.nginx.conf.sigil b/1.nginx.conf.sigil
new file mode 100644
index 0000000..21fe4df
--- /dev/null
+++ b/1.nginx.conf.sigil
@@ -0,0 +1,60 @@
+{{ $proxy_settings := "proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Host $http_host; proxy_set_header X-Request-Start $msec;" }}
+{{ $gzip_settings := "gzip on; gzip_min_length  1100; gzip_buffers  4 32k; gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml; gzip_vary on; gzip_comp_level  6;" }}
+
+{{ $cors_headers_options := "if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '$allow_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; }" }}
+{{ $cors_headers_post := "if ($request_method = 'POST') { add_header 'Access-Control-Allow-Origin' '$allow_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; add_header 'Access-Control-Allow-Credentials' 'true' always; }" }}
+{{ $cors_headers_get := "if ($request_method = 'GET') { add_header 'Access-Control-Allow-Origin' '$allow_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; add_header 'Access-Control-Allow-Credentials' 'true' always; }" }}
+
+map $http_origin $allow_origin {
+    ~^https?:\/\/((.*\.)?localhost(:\d+)?|discoursio-webapp(-(.*))?\.vercel\.app|(.*\.)?discours\.io)$ $http_origin;
+    default "";
+}
+
+{{ range $port_map := .PROXY_PORT_MAP | split " " }}
+{{ $port_map_list := $port_map | split ":" }}
+{{ $scheme := index $port_map_list 0 }}
+{{ $listen_port := index $port_map_list 1 }}
+{{ $upstream_port := index $port_map_list 2 }}
+{{ $listen_settings := "" }}
+{{ if eq $scheme "http" }}
+    {{ $listen_settings := print "listen " $listen_port ";" }}
+{{ else if eq $scheme "https" }}
+    {{ $listen_settings := print "listen " $listen_port " ssl; ssl_certificate " $.APP_SSL_PATH "/server.crt; ssl_certificate_key " $.APP_SSL_PATH "/server.key;" }}
+{{ end }}
+
+server {
+
+    {{ $listen_settings }}
+
+    location /connect {
+        proxy_pass  http://{{ $.APP }}-{{ $upstream_port }};
+        {{ $proxy_settings }}
+        {{ $gzip_settings }}
+        {{ $cors_headers_options }}
+        {{ $cors_headers_post }}
+        {{ $cors_headers_get }}
+    }
+
+    location /disconnect {
+        proxy_pass  http://{{ $.APP }}-{{ $upstream_port }};
+        {{ $proxy_settings }}
+        {{ $gzip_settings }}
+        {{ $cors_headers_options }}
+        {{ $cors_headers_post }}
+        {{ $cors_headers_get }}
+    }
+
+}
+{{ end }}
+
+{{ if $.DOKKU_APP_WEB_LISTENERS }}
+{{ range $upstream_port := $.PROXY_UPSTREAM_PORTS | split " " }}
+upstream {{ $.APP }}-{{ $upstream_port }} {
+    {{ range $listeners := $.DOKKU_APP_WEB_LISTENERS | split " " }}
+    {{ $listener_list := $listeners | split ":" }}
+    {{ $listener_ip := index $listener_list 0 }}
+    server {{ $listener_ip }}:{{ $upstream_port }};
+    {{ end }}
+}
+{{ end }}
+{{ end }}
\ No newline at end of file
diff --git a/nginx.conf.sigil b/nginx.conf.sigil
index 21fe4df..f5a42e0 100644
--- a/nginx.conf.sigil
+++ b/nginx.conf.sigil
@@ -1,60 +1,92 @@
-{{ $proxy_settings := "proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Host $http_host; proxy_set_header X-Request-Start $msec;" }}
-{{ $gzip_settings := "gzip on; gzip_min_length  1100; gzip_buffers  4 32k; gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml; gzip_vary on; gzip_comp_level  6;" }}
+server {
+  listen      [::]:80;
+  listen      80;
+  server_name testapi.discours.io; 
+  access_log  /var/log/nginx/gateway-access.log;
+  error_log   /var/log/nginx/gateway-error.log;
 
-{{ $cors_headers_options := "if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '$allow_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; }" }}
-{{ $cors_headers_post := "if ($request_method = 'POST') { add_header 'Access-Control-Allow-Origin' '$allow_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; add_header 'Access-Control-Allow-Credentials' 'true' always; }" }}
-{{ $cors_headers_get := "if ($request_method = 'GET') { add_header 'Access-Control-Allow-Origin' '$allow_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; add_header 'Access-Control-Allow-Credentials' 'true' always; }" }}
+  include /home/dokku/gateway/nginx.conf.d/*.conf;
+  location / {
+    return 301 https://$host:443$request_uri;
+  }
 
-map $http_origin $allow_origin {
-    ~^https?:\/\/((.*\.)?localhost(:\d+)?|discoursio-webapp(-(.*))?\.vercel\.app|(.*\.)?discours\.io)$ $http_origin;
-    default "";
 }
 
-{{ range $port_map := .PROXY_PORT_MAP | split " " }}
-{{ $port_map_list := $port_map | split ":" }}
-{{ $scheme := index $port_map_list 0 }}
-{{ $listen_port := index $port_map_list 1 }}
-{{ $upstream_port := index $port_map_list 2 }}
-{{ $listen_settings := "" }}
-{{ if eq $scheme "http" }}
-    {{ $listen_settings := print "listen " $listen_port ";" }}
-{{ else if eq $scheme "https" }}
-    {{ $listen_settings := print "listen " $listen_port " ssl; ssl_certificate " $.APP_SSL_PATH "/server.crt; ssl_certificate_key " $.APP_SSL_PATH "/server.key;" }}
-{{ end }}
-
 server {
+  listen      [::]:443 ssl http2;
+  listen      443 ssl http2;
+  
+  server_name testapi.discours.io; 
+  access_log  /var/log/nginx/gateway-access.log;
+  error_log   /var/log/nginx/gateway-error.log;
 
-    {{ $listen_settings }}
+  ssl_certificate           /home/dokku/gateway/tls/server.crt;
+  ssl_certificate_key       /home/dokku/gateway/tls/server.key;
+  ssl_protocols             TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers off;
 
-    location /connect {
-        proxy_pass  http://{{ $.APP }}-{{ $upstream_port }};
-        {{ $proxy_settings }}
-        {{ $gzip_settings }}
-        {{ $cors_headers_options }}
-        {{ $cors_headers_post }}
-        {{ $cors_headers_get }}
-    }
+  keepalive_timeout   70;
 
-    location /disconnect {
-        proxy_pass  http://{{ $.APP }}-{{ $upstream_port }};
-        {{ $proxy_settings }}
-        {{ $gzip_settings }}
-        {{ $cors_headers_options }}
-        {{ $cors_headers_post }}
-        {{ $cors_headers_get }}
-    }
+  # Custom location block for /connect
+  location /connect {
+    proxy_pass http://presence.web:80;
+  }
 
+  location    / {
+
+    gzip on;
+    gzip_min_length  1100;
+    gzip_buffers  4 32k;
+    gzip_types    text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml  application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml;
+    gzip_vary on;
+    gzip_comp_level  6;
+
+    proxy_pass  http://gateway-4000;
+    http2_push_preload on; 
+    proxy_http_version 1.1;
+    proxy_read_timeout 60s;
+    proxy_buffer_size 4096;
+    proxy_buffering on;
+    proxy_buffers 8 4096;
+    proxy_busy_buffers_size 8192;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header X-Forwarded-Port $server_port;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Request-Start $msec;
+    
+  }
+
+  error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 /400-error.html;
+  location /400-error.html {
+    root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
+    internal;
+  }
+
+  error_page 404 /404-error.html;
+  location /404-error.html {
+    root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
+    internal;
+  }
+
+  error_page 500 501 503 504 505 506 507 508 509 510 511 /500-error.html;
+  location /500-error.html {
+    root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
+    internal;
+  }
+
+  error_page 502 /502-error.html;
+  location /502-error.html {
+    root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
+    internal;
+  }
+
+  include /home/dokku/gateway/nginx.conf.d/*.conf;
 }
-{{ end }}
 
-{{ if $.DOKKU_APP_WEB_LISTENERS }}
-{{ range $upstream_port := $.PROXY_UPSTREAM_PORTS | split " " }}
-upstream {{ $.APP }}-{{ $upstream_port }} {
-    {{ range $listeners := $.DOKKU_APP_WEB_LISTENERS | split " " }}
-    {{ $listener_list := $listeners | split ":" }}
-    {{ $listener_ip := index $listener_list 0 }}
-    server {{ $listener_ip }}:{{ $upstream_port }};
-    {{ end }}
+upstream gateway-4000 {
+
+  server 172.17.0.27:4000;
 }
-{{ end }}
-{{ end }}
\ No newline at end of file