Merge pull request #4564 from bjester/nginx-tweaks

Explicitly configure nginx proxy settings
learningequality · May 16, 2024 · 6dffc0b · 6dffc0b
2 parents 87fb9d9 + ea5fb6b
commit 6dffc0b
Showing 1 changed file with 13 additions and 34 deletions.
diff --git a/deploy/nginx.conf.jinja2 b/deploy/nginx.conf.jinja2
@@ -19,41 +19,11 @@ http {
                       text/javascript
                       application/x-javascript
                       application/atom+xml;
+
     # Proxy upstream to the gunicorn process
     upstream studio {
         server 127.0.0.1:8081;
-    }
-
-    # Allow-list filter for content catalog paths
-    server {
-        listen 8080;
-        server_name catalog.learningequality.org;
-        location = / {
-            proxy_pass         http://studio;
-            proxy_redirect     off;
-            proxy_set_header   Host $host;
-        }
-        location /static/  {
-            autoindex on;
-            alias /app/contentworkshop_static/;
-            expires 4h;
-        }
-        location /content/ {
-            proxy_http_version 1.1;
-            proxy_pass         {{ $aws_s3_endpoint_url }}/{{ $aws_s3_bucket_name }}/;
-            proxy_set_header   Host $proxy_host;
-            proxy_set_header   Accept-Encoding Identity;
-            proxy_redirect     off;
-            gzip off;
-        }
-        location ~ ^/(api/catalog|stealthz|healthz|api/get_channel_details|jsreverse|i18n) {
-            proxy_pass         http://studio;
-            proxy_redirect     off;
-            proxy_set_header   Host $host;
-        }
-        location / {
-            deny all;
-        }
+        keepalive 5;
     }
 
     # Configuration for Nginx
@@ -80,17 +50,26 @@ http {
         # Proxy connections to django
         location / {
             proxy_pass         http://studio;
-            proxy_redirect     off;
             proxy_set_header   Host $host;
+            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_read_timeout 100s;
+            proxy_redirect     off;
+            proxy_cache        off;
         }
 
         location /content/ {
+            limit_except GET HEAD OPTIONS {
+                deny all;
+            }
             proxy_http_version 1.1;
             proxy_pass         {{ $aws_s3_endpoint_url }}/{{ $aws_s3_bucket_name }}/;
-            proxy_set_header   Host $proxy_host;
+            proxy_set_header   Host $host;
             proxy_set_header   Accept-Encoding Identity;
+            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_redirect     off;
+            proxy_buffering    off;
+            proxy_cache        off;
+            proxy_read_timeout 100s;
             gzip off;
         }