mirror of
https://github.com/penpot/penpot.git
synced 2026-05-12 11:34:02 +00:00
d5abc52dac
* 🐛 Display missing selected tokens set info (#8098) * 🐛 Display missing selected tokens set info * ✨ Add integration tests to verify current active set * 🎉 Integration with nitrate platform * 🐛 Fix nitrate get-teams returns deleted teams * ✨ Add nitrate to tmux devenv * ✨ Add retry and validation to nitrate module * ✨ Add photoUrl to profile on nitrate authenticate * ✨ Move nitrate url to an env variable * ♻️ Change Nitrate organization-id schema to text * ♻️ Cleanup unused imports * 🔧 Add control-center to nginx * ✨ Add create org link * 🔧 Fix nginx entrypoint * 🐛 Fix control-center proxy pass * 🎉 Add nitrate licence check * Revert "✨ Add nitrate to tmux devenv" This reverts commit dc6f6c458995dac55cab7be365ced0972760a058. * ✨ Add feature flag check * 🐛 Rename licences for licenses * ✨ MR changes * ✨ MR changes 2 * 📎 Add the ability to have local config on start backend * 📎 Add FIXME comment --------- Co-authored-by: Xaviju <xavier.julian@kaleidos.net> Co-authored-by: Juanfran <juanfran.ag@gmail.com> Co-authored-by: Yamila Moreno <yamila.moreno@kaleidos.net> Co-authored-by: Marina López <marina.lopez.yap@gmail.com> Co-authored-by: Andrey Antukh <niwi@niwi.nz>
170 lines
4.9 KiB
Plaintext
170 lines
4.9 KiB
Plaintext
worker_processes auto;
|
|
pid /tmp/nginx.pid;
|
|
include /etc/nginx/overrides/main.d/*.conf;
|
|
|
|
events {
|
|
worker_connections 2048;
|
|
multi_accept on;
|
|
}
|
|
|
|
http {
|
|
client_body_temp_path /tmp/client_temp;
|
|
proxy_temp_path /tmp/proxy_temp_path;
|
|
fastcgi_temp_path /tmp/fastcgi_temp;
|
|
uwsgi_temp_path /tmp/uwsgi_temp;
|
|
scgi_temp_path /tmp/scgi_temp;
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_requests 30;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
|
|
server_tokens off;
|
|
|
|
reset_timedout_connection on;
|
|
client_body_timeout 30s;
|
|
client_header_timeout 30s;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
error_log /dev/stderr;
|
|
access_log /dev/stdout;
|
|
|
|
proxy_connect_timeout 300s;
|
|
proxy_send_timeout 300s;
|
|
proxy_read_timeout 300s;
|
|
send_timeout 300s;
|
|
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_static on;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
gzip_http_version 1.1;
|
|
|
|
gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json image/svg+xml application/wasm;
|
|
|
|
proxy_buffer_size 16k;
|
|
proxy_busy_buffers_size 24k; # essentially, proxy_buffer_size + 2 small buffers of 4k
|
|
proxy_buffers 32 4k;
|
|
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
|
|
proxy_cache_path /tmp/cache/ levels=2:2 keys_zone=penpot:20m;
|
|
proxy_cache_methods GET HEAD;
|
|
proxy_cache_valid any 48h;
|
|
proxy_cache_key "$host$request_uri";
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Scheme $scheme;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
include /etc/nginx/overrides/http.d/*.conf;
|
|
|
|
server {
|
|
listen 8080 default_server;
|
|
server_name _;
|
|
|
|
client_max_body_size $PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE;
|
|
charset utf-8;
|
|
|
|
etag off;
|
|
|
|
root /var/www/app/;
|
|
|
|
location @handle_redirect {
|
|
set $redirect_uri "$upstream_http_location";
|
|
set $redirect_host "$upstream_http_x_host";
|
|
set $redirect_cache_control "$upstream_http_cache_control";
|
|
set $real_mtype "$upstream_http_x_mtype";
|
|
|
|
proxy_buffering off;
|
|
|
|
proxy_set_header Host "$redirect_host";
|
|
proxy_hide_header etag;
|
|
proxy_hide_header x-amz-id-2;
|
|
proxy_hide_header x-amz-request-id;
|
|
proxy_hide_header x-amz-meta-server-side-encryption;
|
|
proxy_hide_header x-amz-server-side-encryption;
|
|
proxy_ssl_server_name on;
|
|
proxy_pass $redirect_uri;
|
|
|
|
add_header x-internal-redirect "$redirect_uri";
|
|
add_header x-cache-control "$redirect_cache_control";
|
|
add_header cache-control "$redirect_cache_control";
|
|
add_header content-type "$real_mtype";
|
|
}
|
|
|
|
location /assets {
|
|
proxy_pass $PENPOT_BACKEND_URI/assets;
|
|
recursive_error_pages on;
|
|
proxy_intercept_errors on;
|
|
error_page 301 302 307 = @handle_redirect;
|
|
|
|
include /etc/nginx/overrides/assets.d/*.conf;
|
|
}
|
|
|
|
location /internal/assets {
|
|
internal;
|
|
alias /opt/data/assets;
|
|
add_header x-internal-redirect "$upstream_http_x_accel_redirect";
|
|
}
|
|
|
|
location /api/export {
|
|
proxy_pass $PENPOT_EXPORTER_URI;
|
|
}
|
|
|
|
location /api {
|
|
proxy_pass $PENPOT_BACKEND_URI/api;
|
|
proxy_buffering off;
|
|
}
|
|
|
|
location /readyz {
|
|
proxy_pass $PENPOT_BACKEND_URI$request_uri;
|
|
}
|
|
|
|
location /ws/notifications {
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_pass $PENPOT_BACKEND_URI/ws/notifications;
|
|
}
|
|
|
|
location /control-center {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Real-IP $http_cf_connecting_ip;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_pass $PENPOT_NITRATE_URI$request_uri;
|
|
}
|
|
|
|
include /etc/nginx/overrides/server.d/*.conf;
|
|
|
|
location / {
|
|
include /etc/nginx/overrides/location.d/*.conf;
|
|
|
|
location ~* \.(js|css|jpg|png|svg|gif|ttf|woff|woff2|wasm|map)$ {
|
|
add_header Cache-Control "public, max-age=604800" always; # 7 days
|
|
}
|
|
|
|
location ~ ^/[^/]+/(.*)$ {
|
|
return 301 " /404";
|
|
}
|
|
|
|
add_header X-Frame-Options SAMEORIGIN always;
|
|
add_header Cache-Control "no-store, no-cache, max-age=0" always;
|
|
try_files $uri /index.html$is_args$args /index.html =404;
|
|
|
|
}
|
|
}
|
|
}
|