@cusedev/cli
Version:
CLI tool to manage cuse computers
194 lines (169 loc) • 7.65 kB
Plain Text
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
resolver 127.0.0.11 valid=30s; # Docker DNS resolver
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
# Block direct access to paths without computer name
location ~ ^/(docs|api|openapi.json|redoc)$ {
return 404;
}
# Root path for computer-name
location ~ ^/([^/]+)/?$ {
proxy_pass http://$1:8000/;
# Add headers to preserve original request information
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Original-Request $request_uri;
proxy_set_header Original-Request-URI $request_uri;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Referer $http_referer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# API endpoints
location ~ ^/([^/]+)/api(/.*)?$ {
proxy_pass http://$1:8000/api$2$is_args$args;
# Add headers to preserve original request information
proxy_set_header X-Forwarded-Prefix /$1;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Referer $http_referer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# Increase timeout
proxy_read_timeout 60s;
}
# API docs endpoints
location ~ ^/([^/]+)/(docs|openapi.json|redoc)$ {
proxy_pass http://$1:8000/$2;
# Add headers to preserve original request information
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Original-Request $request_uri;
proxy_set_header Original-Request-URI $request_uri;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Referer $http_referer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# Rewrite paths in docs HTML
sub_filter "url: '/openapi.json'," "url: 'openapi.json',";
sub_filter_once on;
sub_filter_types text/html;
}
# API docs static files
location ~ ^/([^/]+)/docs/(.+\.(js|css|png))$ {
proxy_pass http://$1:8000/docs/$2$is_args$args;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# noVNC app assets (including root)
location ~ ^/([^/]+)/app(/.*)?$ {
proxy_pass http://$1:6080/app$2$is_args$args;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# noVNC vendor assets (including root)
location ~ ^/([^/]+)/vendor(/.*)?$ {
proxy_pass http://$1:6080/vendor$2$is_args$args;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# noVNC core assets (including root)
location ~ ^/([^/]+)/core(/.*)?$ {
proxy_pass http://$1:6080/core$2$is_args$args;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# noVNC package.json and other root files
location ~ ^/([^/]+)/([^/]+\.(json|ico|txt))$ {
proxy_pass http://$1:6080/$2;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# noVNC main endpoint
location ~ ^/([^/]+)/novnc/?$ {
proxy_pass http://$1:6080/vnc.html;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# Rewrite WebSocket settings in the HTML
sub_filter 'id="noVNC_setting_path" type="text" value="websockify"' 'id="noVNC_setting_path" type="text" value="$1/websockify"';
sub_filter 'id="noVNC_setting_host"' 'id="noVNC_setting_host" disabled';
sub_filter 'id="noVNC_setting_port" type="number"' 'id="noVNC_setting_port" type="number" disabled';
# Set scaling mode to 'remote' by default
sub_filter 'id="noVNC_setting_resize" value="off"' 'id="noVNC_setting_resize" value="local"';
# Override WebSocket URL construction
sub_filter '</head>' '<script>
// Override WebSocket to force the correct path
const OrigWebSocket = WebSocket;
WebSocket = function(url, protocols) {
const pathParts = window.location.pathname.split("/");
const computerId = pathParts[1];
if (url.includes("/websockify")) {
url = window.location.origin + "/" + computerId + "/websockify";
}
return new OrigWebSocket(url, protocols);
};
WebSocket.prototype = OrigWebSocket.prototype;
WebSocket.CONNECTING = OrigWebSocket.CONNECTING;
WebSocket.OPEN = OrigWebSocket.OPEN;
WebSocket.CLOSING = OrigWebSocket.CLOSING;
WebSocket.CLOSED = OrigWebSocket.CLOSED;
</script></head>';
sub_filter_once off;
sub_filter_types text/html;
}
# noVNC WebSocket endpoint
location ~ ^/([^/]+)/websockify$ {
proxy_pass http://$1:6080/websockify;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 61s;
proxy_buffering off;
}
# VNC endpoint
location ~ ^/([^/]+)/vnc/?(.*)$ {
proxy_pass http://$1:5900/$2;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
}