openreplay/scripts/dockerfiles/nginx/default.conf

location ~* /general_stats {
      deny all;
}
location /healthz {
  return 200 'OK';
}
location ~ ^/(mobs|sessions-assets|frontend|static|sourcemaps|ios-images)/ {
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header Host $http_host;

  proxy_connect_timeout 300;
  # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
  proxy_http_version 1.1;
  proxy_set_header Connection "";
  chunked_transfer_encoding off;

  proxy_pass http://minio.db.svc.cluster.local:9000;
}

location /minio/ {
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_set_header Host $host;
  proxy_pass http://minio.db.svc.cluster.local:9000;
}
location /ingest/ {
  rewrite ^/ingest/(.*) /$1 break;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_set_header X-Forwarded-For $real_ip;
  proxy_set_header X-Forwarded-Host $real_ip;
  proxy_set_header X-Real-IP $real_ip;
  proxy_set_header Host $host;
  proxy_pass http://http-openreplay.app.svc.cluster.local;
  proxy_read_timeout 300;
  proxy_connect_timeout 120;
  proxy_send_timeout 300;
}
location /grafana {
  set $target http://monitoring-grafana.monitoring.svc.cluster.local;
  rewrite ^/grafana/(.*) /$1 break;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_set_header Host $host;
  proxy_pass $target;
}
location /api/ {
  rewrite ^/api/(.*) /$1 break;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_pass http://chalice-openreplay.app.svc.cluster.local:8000;
}
location /assist/ {
  rewrite ^/assist/(.*) /$1 break;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_set_header Host $host;
  proxy_pass http://utilities-openreplay.app.svc.cluster.local:9000;
}
location /assets/ {
  rewrite ^/assets/(.*) /sessions-assets/$1 break;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_set_header Host $host;
  proxy_pass http://minio.db.svc.cluster.local:9000;
}
location / {
  index /index.html;
  rewrite ^((?!.(js|css|png|svg|jpg|woff|woff2)).)*$ /frontend/index.html break;
  include /etc/nginx/conf.d/compression.conf;
  proxy_set_header Host $http_host;
  proxy_pass http://minio.db.svc.cluster.local:9000/frontend/;
  proxy_intercept_errors on; # see http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors
  error_page 404 =200 /index.html;
}
mpression.conf: |-
# Compression                                           
gzip on;                                                
gzip_comp_level    5;                                   
gzip_min_length    256; # 256Bytes
gzip_proxied       any;                                 
gzip_vary          on;                                  
# Content types for compression                         
gzip_types                                              
application/atom+xml                                    
application/javascript                                  
application/json                                        
application/ld+json                                     
application/manifest+json                               
application/rss+xml                                     
application/vnd.geo+json                                
application/vnd.ms-fontobject                           
application/x-font-ttf                                  
application/x-web-app-manifest+json                     
application/xhtml+xml                                   
application/xml                                         
font/opentype                                           
image/bmp                                               
image/svg+xml                                           
image/x-icon                                            
text/cache-manifest                                     
text/css                                                
text/plain                                              
;

tes.conf: |-
# Ref: https://github.com/openresty/openresty/#resolvconf-parsing
resolver local=on;
# Need real ip address for flags in replay.
# Some LBs will forward real ips as x-forwarded-for
# So making that as priority
map $http_x_forwarded_for $real_ip {
    ~^(\d+\.\d+\.\d+\.\d+) $1;
    default $remote_addr;
}
map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  # server_name _;
  
  include /etc/nginx/conf.d/location.list;
  client_max_body_size 10M;
}
server {
  listen                443 ssl;
  ssl_certificate       /etc/secrets/site.crt;
  ssl_certificate_key   /etc/secrets/site.key;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
  include /etc/nginx/conf.d/location.list;
  client_max_body_size 10M;
}