Newer
Older
map $http_user_agent $outdated {
default 0;
"~MSIE [1-10]\." 1;
"~Trident/[5-7]\." 1;
"~Mozilla.*Firefox/[1-9]\." 1;
"~Mozilla.*Firefox/[0-2][0-9]\." 1;
"~Mozilla.*Firefox/3[0-1]\." 1;
"~Opera.*Version/[0-9]\." 1;
"~Opera.*Version/[0-1][0-9]\." 1;
"~Opera.*Version/2[0-1]\." 1;
"~AppleWebKit.*Version/[0-6]\..*Safari" 1;
"~Chrome/[0-9]\." 1;
"~Chrome/[0-2][0-9]\." 1;
"~Chrome/3[0-3]\." 1;
}

Etienne LOUPIAS
committed
map $http_user_agent $prerender {
default 0;
"~*twitterbot" 1;
"~*facebookexternalhit" 1;
"~*linkedinbot" 1;
"~*instagram" 1;
"~*discordbot" 1;

Etienne LOUPIAS
committed
}
map $time_iso8601 $year {
default '0000';
"~^(\d{4})-(\d{2})-(\d{2})" $1;
}
map $time_iso8601 $month {
default '00';
"~^(\d{4})-(\d{2})-(\d{2})" $2;
}
map $time_iso8601 $day {
default '00';
"~^(\d{4})-(\d{2})-(\d{2})" $3;
}
server {
listen 8080 default_server;
root /usr/share/nginx/html/;
server_tokens off;
## get the calling real ip behind the haproxy ( https://nginx.org/en/docs/http/ngx_http_realip_module.html )
set_real_ip_from 10.131.2.2;
set_real_ip_from 10.4.75.2;
real_ip_header X-Forwarded-For;
##real_ip_recursive on;
#allow x.y.z.w;
location /data-grandlyon-cities {
proxy_pass https://data.grandlyon.com/fr/datapusher/ws/grandlyon/adr_voie_lieu.adrcomgl/all.json;
}
# Persist logs for jeuAieAieIA
location /shared/jeuAieAieIA {
# Default log which is redirected to stdout (must be reset in this block because of "access_log" below)
access_log /var/log/nginx/access.log main;
# And also write to a daily file
access_log /usr/share/nginx/html/shared/jeuAieAieIA/stats/log/access.$year-$month-$day.log main;
}
location / {
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff;
# Redirect outdated navigator
if ($outdated = 1){
rewrite ^ /outdated.html break;
}
# Prerender with og tags for publications on linkedin and other social networks (news post, etc.)

Etienne LOUPIAS
committed
# Never prerender static files existing on server (images, etc.)
if (-f $request_filename) {
set $prerender 0;
}
# resolver is needed by nginx to resolve proxy_pass url with variable (https://stackoverflow.com/questions/57937222/502-bad-gateway-nginx-no-resolver-defined-to-resolve )
resolver dns-default.openshift-dns.svc.cluster.local;
if ($prerender = 1) {
# Add $request_uri to avoid error nginx: [emerg] "proxy_pass" cannot have URI part in location given by regular expression, or inside named location, or inside "if" statement, or inside "limit_except"
# (proxy_pass in if clause is not recommanded, but don't kwnow other way in our case to redirect to a backend ; cf. https://www.f5.com/fr_fr/company/blog/nginx/avoiding-top-10-nginx-configuration-mistakes#if , https://stackoverflow.com/a/10634915 )
proxy_pass http://res-server-service.ns-res-${NAMESPACE_ENV}-syn.svc.cluster.local:3000/api/render$request_uri;
}
# Angular routed apps first attempt to serve request as file, then as directory
# then must fall back to index.html ( https://angular.io/guide/deployment#server-configuration )
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
try_files $uri $uri/ /index.html;
}
location /api {
proxy_pass http://res-server-service:3000;
}
location /base-adresse/base-adresse-nationale/streets {
proxy_pass https://passerelle.formulaireextranet.grandlyon.com/base-adresse/base-adresse-nationale/streets;
}
location /geocoding/photon/api {
proxy_pass https://download.data.grandlyon.com/geocoding/photon/api;
}
location /reverse {
proxy_pass https://api-adresse.data.gouv.fr/reverse;
}
location /wfs/grandlyon {
proxy_pass https://download.data.grandlyon.com/wfs/grandlyon;
}
# REALLY important for JavaScript modules (type="module") to work as expected!!!
location ~ \.js {
add_header Content-Type text/javascript;
}
}