In the midst of a rip and replace of nginx as rp for one stack, in the effort to homogenize/harmonize two stacks (one of which already was utilizing traefik)... and having taken the advice of @bluepuma77 to thoroughly read the examples and documentation, and not complicate my life with chained proxy...
I assume that this docker-compose:
### Traefik as RP for all services
### Heimdall as Launch Page for Parthenon
version: '3.7'
##################################################
#
# PARTHENON TRAEFIK PROXY
#
##################################################
services:
traefik:
image: traefik:v2.10.5
container_name: traefik
command:
- "--api.insecure=false"
- "--providers.docker.exposedByDefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.email=sudoshi@mac.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik/config.yml:/etc/traefik/config.yml:ro
- /path/to/acme.json:/acme.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.acumenus.net`)"
- "traefik.http.routers.traefik-dashboard.entrypoints=websecure"
- "traefik.http.routers.traefik-dashboard.service=api@internal"
- "traefik.http.routers.traefik-dashboard.tls.certresolver=myresolver"
- "traefik.http.routers.traefik-dashboard.middlewares=dashboard-auth"
- "traefik.http.middlewares.dashboard-auth.basicauth.users=acumenus:$$apr1$$dNpOAWgT$$.1LJts2Nk6fdwFqJXIgWi0"
networks:
- traefik-proxy
##################################################
#
# PARTHENON LAUNCH PAGE
#
##################################################
heimdall:
image: "linuxserver/heimdall:latest"
container_name: "heimdall"
restart: "always"
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York # Replace with your timezone
- APP_NAME=Parthenon
volumes:
- "/portainer/Files/AppData/Config/Heimdall:/config"
- "/portainer/Files/AppData/Config/Heimdall/favicons/favicon-16x16.png:/var/www/localhost/heimdall/public/favicon-16x16.png"
- "/portainer/Files/AppData/Config/Heimdall/favicons/favicon-32x32.png:/var/www/localhost/heimdall/public/favicon-32x32.png"
- "/portainer/Files/AppData/Config/Heimdall/favicons/favicon.ico:/var/www/localhost/heimdall/public/favicon.ico"
labels:
- "traefik.enable=true"
- "traefik.http.routers.heimdall.rule=Host(`dev.acumenus.net`)"
- "traefik.http.routers.heimdall.entrypoints=websecure"
- "traefik.http.routers.heimdall.tls.certresolver=myresolver"
- "traefik.http.routers.heimdall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
- "traefik.http.services.heimdall.loadbalancer.server.port=80"
networks:
- traefik-proxy
##################################################
#
# BROADSEA CORE
# *** edit .env file per inline instructions
#
##################################################
broadsea-content:
container_name: broadsea-content
image: nginx
restart: unless-stopped
environment:
CONTENT_ARES_DISPLAY: ${CONTENT_ARES_DISPLAY}
CONTENT_ATLAS_DISPLAY: ${CONTENT_ATLAS_DISPLAY}
CONTENT_HADES_DISPLAY: ${CONTENT_HADES_DISPLAY}
volumes:
- ./broadsea-content/images:/usr/share/nginx/html/images
- ./broadsea-content/style.css:/usr/share/nginx/html/style.css
- ./broadsea-content/index.html:/tmp/index.html
- ./broadsea-content/envsubst.sh:/tmp/envsubst.sh:ro
entrypoint: ["sh", "/tmp/envsubst.sh" ]
labels:
- "traefik.enable=true"
networks:
- traefik-proxy
broadsea-hades:
container_name: broadsea-hades
image: ohdsi/broadsea-hades:4.2.1
platform: "linux/amd64"
environment:
- USER=${HADES_USER}
- PASSWORD=${HADES_PASSWORD}
volumes:
- rstudio-home-data:/home
- rstudio-tmp-data:/tmp
labels:
- "traefik.enable=true"
ports:
- "8787:8787"
- "6311:6311"
networks:
- traefik-proxy
# WebAPI and Atlas services based on the standard Docker Hub images -------------
ohdsi-webapi-from-image:
image: docker.io/ohdsi/webapi:latest
extends:
file: "./broadsea/ohdsi-webapi.yml"
service: ohdsi-webapi
networks:
- traefik-proxy
ohdsi-atlas-from-image:
image: docker.io/ohdsi/atlas:latest
extends:
file: "./broadsea/ohdsi-atlas.yml"
service: ohdsi-atlas
networks:
- traefik-proxy
broadsea-atlasdb:
profiles: [ "default", "atlasdb" ]
image: ohdsi/broadsea-atlasdb:2.0.0
container_name: broadsea-atlasdb
platform: "linux/amd64"
cpus: 2
mem_limit: "4G"
environment:
- POSTGRES_PASSWORD=mypass
ports:
- "5432:5432"
volumes:
- atlasdb-postgres-data:/var/lib/postgresql/data
- .broadsea/100_populate_source_source_daimon.sql:/docker-entrypoint-initdb.d/100_populate_source_source_daimon.sql:ro
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 5s
timeout: 5s
retries: 10
networks:
- traefik-proxy
##################################################
#
# PERSEUS
#
###################################################
### --- Perseus converted to traefik
user:
image: perseushub/user:latest
build: ./user
container_name: user
environment:
USER_ENV: Docker
env_file:
- user/user-envs.txt
ports:
- "5001:5001"
depends_on:
- shareddb
networks:
- traefik-proxy
labels:
# Router for the user service
- "traefik.enable=true"
- "traefik.http.routers.user.rule=PathPrefix(`/user`)"
- "traefik.http.routers.user.middlewares=user-headers@docker"
# Middleware to set headers
- "traefik.http.middlewares.user-headers.headers.customrequestheaders.X-Real-IP=$${remote_addr}"
- "traefik.http.middlewares.user-headers.headers.customrequestheaders.X-Forwarded-For=$${remote_addr}"
- "traefik.http.middlewares.user-headers.headers.customrequestheaders.X-Forwarded-Proto=$${scheme}"
networks:
- traefik-proxy
shareddb:
image: perseushub/shareddb:latest
build: ./shared-db
container_name: shareddb
volumes:
- shareddb:/data/postgres
ports:
- "5432:5432"
networks:
- traefik-proxy
labels:
- "traefik.enable=false" # Typically, DBs are not exposed through Traefik
networks:
- traefik-proxy
files-manager:
image: perseushub/files-manager:latest
build: ./files-manager
container_name: files-manager
ports:
- "10500:10500"
environment:
- SPRING_PROFILES_ACTIVE=docker
depends_on:
- shareddb
networks:
- traefik-proxy
labels:
# Router for the files-manager service
- "traefik.enable=true"
- "traefik.http.routers.files-manager.rule=PathPrefix(`/files`)"
- "traefik.http.routers.files-manager.middlewares=files-manager-headers@docker"
# Middleware to set headers
- "traefik.http.middlewares.files-manager-headers.headers.customrequestheaders.X-Real-IP=$${remote_addr}"
- "traefik.http.middlewares.files-manager-headers.headers.customrequestheaders.X-Forwarded-For=$${remote_addr}"
- "traefik.http.middlewares.files-manager-headers.headers.customrequestheaders.X-Forwarded-Proto=$${scheme}"
networks:
- traefik-proxy
backend:
image: perseushub/backend:latest
build: ./perseus-api
container_name: backend
environment:
PERSEUS_ENV: Docker
ports:
- "5004:5004"
depends_on:
- shareddb
- files-manager
networks:
- traefik-proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.backend.rule=PathPrefix(`/api`)"
- "traefik.http.routers.backend.middlewares=backend-headers@docker"
- "traefik.http.middlewares.backend-headers.headers.customrequestheaders.X-Real-IP=$${remote_addr}"
- "traefik.http.middlewares.backend-headers.headers.customrequestheaders.X-Forwarded-For=$${remote_addr}"
- "traefik.http.middlewares.backend-headers.headers.customrequestheaders.X-Forwarded-Proto=$${scheme}"
networks:
- traefik-proxy
frontend:
image: perseushub/frontend:latest
build:
context: ./UI
args:
env: prod
container_name: frontend
expose:
- 4200
- 80
labels:
- "traefik.enable=true"
- "traefik.http.routers.frontend.rule=Host(`perseus.acumenus.net`)"
- "traefik.http.routers.frontend.entrypoints=websecure"
- "traefik.http.routers.frontend.tls.certresolver=myresolver"
- "traefik.http.routers.frontend.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
- "traefik.http.services.frontend.loadbalancer.server.port=80"
networks:
- traefik-proxy
white-rabbit:
image: perseushub/white-rabbit:latest
build: ../WhiteRabbit
container_name: white-rabbit
ports:
- "8002:8000"
environment:
- SPRING_PROFILES_ACTIVE=docker
depends_on:
- shareddb
- files-manager
networks:
- traefik-proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.white-rabbit.rule=PathPrefix(`/white-rabbit`)"
- "traefik.http.routers.white-rabbit.middlewares=white-rabbit-headers@docker"
- "traefik.http.middlewares.white-rabbit-headers.headers.customrequestheaders.X-Real-IP=$${remote_addr}"
- "traefik.http.middlewares.white-rabbit-headers.headers.customrequestheaders.X-Forwarded-For=$${remote_addr}"
- "traefik.http.middlewares.white-rabbit-headers.headers.customrequestheaders.X-Forwarded-Proto=$${scheme}"
networks:
- traefik-proxy
vocabularydb:
image: perseushub/vocabularydb:latest
build: ./vocabulary-db
container_name: vocabularydb
healthcheck:
test: [ "CMD", "pg_isready", "-q", "-d", "vocabulary", "-U", "admin" ]
timeout: 60s
interval: 30s
retries: 10
volumes:
- vocabularydb:/data/postgres
ports:
- "5431:5432"
networks:
- traefik-proxy
labels:
- "traefik.enable=false"
networks:
- traefik-proxy
cdm-builder:
image: perseushub/cdm-builder:latest
build: ../ETL-CDMBuilder
container_name: cdm-builder
ports:
- "9000:9000"
environment:
- ASPNETCORE_ENVIRONMENT=Docker
depends_on:
- shareddb
- files-manager
- vocabularydb
networks:
- traefik-proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.cdm-builder.rule=PathPrefix(`/cdm-builder`)"
- "traefik.http.routers.cdm-builder.middlewares=cdm-builder-headers@docker"
- "traefik.http.middlewares.cdm-builder-headers.headers.customrequestheaders.X-Real-IP=$${remote_addr}"
- "traefik.http.middlewares.cdm-builder-headers.headers.customrequestheaders.X-Forwarded-For=$${remote_addr}"
- "traefik.http.middlewares.cdm-builder-headers.headers.customrequestheaders.X-Forwarded-Proto=$${scheme}"
networks:
- traefik-proxy
solr:
image: perseushub/solr:latest
build: ./solr
container_name: solr
ports:
- "8983:8983"
volumes:
- solr:/var/solr
depends_on:
- vocabularydb
networks:
- traefik-proxy
labels:
- "traefik.enable=true" # Set to false if not exposing Solr externally
- "traefik.http.routers.solr.rule=PathPrefix(`/solr`)"
- "traefik.http.routers.solr.middlewares=solr-headers@docker"
- "traefik.http.middlewares.solr-headers.headers.customrequestheaders.X-Real-IP=$${remote_addr}"
- "traefik.http.middlewares.solr-headers.headers.customrequestheaders.X-Forwarded-For=$${remote_addr}"
- "traefik.http.middlewares.solr-headers.headers.customrequestheaders.X-Forwarded-Proto=$${scheme}"
networks:
- traefik-proxy
athena:
image: perseushub/athena:latest
build: ./athena-api
container_name: athena
environment:
ATHENA_ENV: Docker
ports:
- "5002:5002"
depends_on:
- solr
networks:
- traefik-proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.athena.rule=PathPrefix(`/athena`)"
- "traefik.http.routers.athena.middlewares=athena-headers@docker"
- "traefik.http.middlewares.athena-headers.headers.customrequestheaders.X-Real-IP=$${remote_addr}"
- "traefik.http.middlewares.athena-headers.headers.customrequestheaders.X-Forwarded-For=$${remote_addr}"
- "traefik.http.middlewares.athena-headers.headers.customrequestheaders.X-Forwarded-Proto=$${scheme}"
networks:
- traefik-proxy
usagi:
image: perseushub/usagi:latest
build: ./usagi-api
command: python /app/main.py
container_name: usagi
environment:
USAGI_ENV: Docker
ports:
- "5003:5003"
depends_on:
- shareddb
- solr
networks:
- traefik-proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.usagi.rule=PathPrefix(`/usagi`)"
- "traefik.http.routers.usagi.middlewares=usagi-headers@docker"
- "traefik.http.middlewares.usagi-headers.headers.customrequestheaders.X-Real-IP=$${remote_addr}"
- "traefik.http.middlewares.usagi-headers.headers.customrequestheaders.X-Forwarded-For=$${remote_addr}"
- "traefik.http.middlewares.usagi-headers.headers.customrequestheaders.X-Forwarded-Proto=$${scheme}"
networks:
- traefik-proxy
r-serve:
image: perseushub/r-serve:latest
build:
context: ../DataQualityDashboard/R
args:
prop: docker
container_name: r-serve
ports:
- "6311:6311"
depends_on:
- shareddb
networks:
- traefik-proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.r-serve.rule=PathPrefix(`/r-serve`)"
- "traefik.http.routers.r-serve.middlewares=r-serve-headers@docker"
- "traefik.http.middlewares.r-serve-headers.headers.customrequestheaders.X-Real-IP=$${remote_addr}"
- "traefik.http.middlewares.r-serve-headers.headers.customrequestheaders.X-Forwarded-For=$${remote_addr}"
- "traefik.http.middlewares.r-serve-headers.headers.customrequestheaders.X-Forwarded-Proto=$${scheme}"
networks:
- traefik-proxy
data-quality-dashboard:
image: perseushub/data-quality-dashboard:latest
build:
context: ../DataQualityDashboard
container_name: data-quality-dashboard
ports:
- "8001:8001"
environment:
- SPRING_PROFILES_ACTIVE=docker
depends_on:
- shareddb
- files-manager
- r-serve
networks:
- traefik-proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.data-quality-dashboard.rule=PathPrefix(`/data-quality-dashboard`)"
- "traefik.http.routers.data-quality-dashboard.middlewares=data-quality-dashboard-headers@docker"
- "traefik.http.middlewares.data-quality-dashboard-headers.headers.customrequestheaders.X-Real-IP=$${remote_addr}"
- "traefik.http.middlewares.data-quality-dashboard-headers.headers.customrequestheaders.X-Forwarded-For=$${remote_addr}"
- "traefik.http.middlewares.data-quality-dashboard-headers.headers.customrequestheaders.X-Forwarded-Proto=$${scheme}"
networks:
- traefik-proxy
swagger:
image: perseushub/swagger:latest
build: ./swagger-ui
container_name: swagger
ports:
- "8080:8080"
networks:
- traefik-proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.swagger.rule=PathPrefix(`/swagger`)"
- "traefik.http.routers.swagger.middlewares=swagger-headers@docker"
- "traefik.http.middlewares.swagger-headers.headers.customrequestheaders.X-Real-IP=$${remote_addr}"
- "traefik.http.middlewares.swagger-headers.headers.customrequestheaders.X-Forwarded-For=$${remote_addr}"
- "traefik.http.middlewares.swagger-headers.headers.customrequestheaders.X-Forwarded-Proto=$${scheme}"
networks:
- traefik-proxy
##################################################
#
# PARTHENON NETWORKS AND VOLUMES
#
###################################################
networks:
proxy:
name: traefik-proxy
volumes:
shareddb:
vocabularydb:
solr:
precludes the need to have this config.yaml anymore?:
### --- Broadsea stack
http:
routers:
traefik:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "traefik"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`)'
broadsea-content:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "broadsea-content"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/broadsea`)'
ohdsi-atlas:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "ohdsi-atlas"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/atlas`)'
ohdsi-webapi:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "ohdsi-webapi"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/WebAPI`)'
broadsea-hades:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "broadsea-hades"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/hades`)'
middlewares:
- "broadsea-hades-root-path-header"
- "broadsea-hades-path-strip"
broadsea-solr-vocab:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "broadsea-solr-vocab"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/solr`)'
broadsea-ares:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: "broadsea-ares"
rule: 'Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/ares`)'
services:
traefik:
loadBalancer:
servers:
- url: http://traefik
broadsea-content:
loadBalancer:
servers:
- url: http://broadsea-content
ohdsi-atlas:
loadBalancer:
servers:
- url: http://ohdsi-atlas:8080
ohdsi-webapi:
loadBalancer:
servers:
- url: http://ohdsi-webapi:8080
broadsea-hades:
loadBalancer:
servers:
- url: http://broadsea-hades:8787
broadsea-solr-vocab:
loadBalancer:
servers:
- url: http://broadsea-solr-vocab:8983
broadsea-ares:
loadBalancer:
servers:
- url: http://broadsea-ares
middlewares:
broadsea-hades-path-strip:
stripPrefix:
prefixes:
- "/hades"
forceSlash: false
broadsea-hades-root-path-header:
headers:
customRequestHeaders:
X-RStudio-Root-Path: "/hades"
### --- Perseus Stack
http:
routers:
frontend:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: backend
rule: Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/frontend`)'
backend:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: backend
rule: Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/backend`)'
user:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: user
rule: Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/user`)'
white-rabbit:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: white-rabbit
rule: Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/white-rabbit`)'
cdm-builder:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: cdm-builder
rule: Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/cdm-builder`)'
data-quality-dashboard:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: data-quality-dashboard
rule: Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(` /data-quality-dashboard`)'
athena:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: athena
rule: Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/athena`)'
solr:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: solr
rule: Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/solr`)'
usagi:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: usagi
rule: Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/usagi`)'
swagger:
entryPoints: '{{ env "HTTP_TYPE" }}'
service: swagger
rule: Host(`{{ env "BROADSEA_HOST" }}`) && PathPrefix(`/swagger`)'
services:
frontend:
loadBalancer:
servers:
- url: http://frontend:4200
backend:
loadBalancer:
servers:
- url: http://backend:5004
user:
loadBalancer:
servers:
- url: http://user:5001
white-rabbit:
loadBalancer:
servers:
- url: http://white-rabbit:8000
cdm-builder:
loadBalancer:
servers:
- url: http://cdm-builder:9000
data-quality-dashboard:
loadBalancer:
servers:
- url: http://data-quality-dashboard:8001
athena:
loadBalancer:
servers:
- url: http://athena:5002
solr:
loadBalancer:
servers:
- url: http://solr:8983
usagi:
loadBalancer:
servers:
- url: http://usagi:5003
swagger:
loadBalancer:
servers:
- url: http://swagger:8080
middlewares:
Which eliminates this nginx.conf all together, and frees me from the bonds of a chained proxy nightmare?:
server {
listen 80;
listen [::]:80;
server_name perseus.acumenus.net;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:4200;
# proxy_pass http://host.docker.internal:4200;
}
location /backend {
auth_request /user/api/is_token_valid_internal;
auth_request_set $username $upstream_http_Username;
proxy_set_header Username $username;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:5004;
}
location /user {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:5001;
}
location /user/api/is_token_valid_internal {
if ($request_uri ~ .*\/api\/info$) {
return 200;
}
if ($request_method = 'OPTIONS') {
return 200;
}
internal;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_pass http://172.17.0.1:5001;
proxy_cache token_responses;
proxy_cache_key $http_Authorization;
proxy_cache_lock on;
proxy_cache_valid 200 300s;
proxy_cache_use_stale error timeout;
}
location /white-rabbit {
auth_request /user/api/is_token_valid_internal;
auth_request_set $username $upstream_http_Username;
proxy_set_header Username $username;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:8000;
}
location /cdm-builder {
auth_request /user/api/is_token_valid_internal;
auth_request_set $username $upstream_http_Username;
proxy_set_header Username $username;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:9000;
}
location /data-quality-dashboard/api {
auth_request /user/api/is_token_valid_internal;
auth_request_set $username $upstream_http_Username;
proxy_set_header Username $username;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:8001;
}
location /data-quality-dashboard {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:8001;
}
location /athena {
auth_request /user/api/is_token_valid_internal;
auth_request_set $username $upstream_http_Username;
proxy_set_header Username $username;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:5002;
}
location /solr {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:8983;
#include /etc/nginx/whitelist.conf;
}
location /usagi {
auth_request /user/api/is_token_valid_internal;
auth_request_set $username $upstream_http_Username;
proxy_set_header Username $username;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:5003;
}
location /swagger {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://172.17.0.1:8080;
}
}
Any guidance and corrections are greatly appreciated!!!