ISTI-ansible-roles
/
ansible-roles
5
0
Fork 3
Code Issues Pull Requests Releases Wiki Activity

Change the CORS snippet again and introduce a new variable so that the smartgears nginx template is now backward compatible and still able to cope with the CORS settings needed by some geoserver.

This commit is contained in:
Andrea Dell'Amico 2017-07-22 15:52:20 +02:00
parent ee0c922ddf
commit 9d88f841a3
3 changed files with 37 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
nginx/defaults/main.yml
View File

@ -59,6 +59,7 @@ nginx_client_max_body_size: 100M
nginx_client_body_timeout: 240s nginx_client_body_timeout: 240s
nginx_cors_limit_origin: False nginx_cors_limit_origin: False
nginx_cors_extended_rules: False
nginx_cors_acl_origin: 'http?://(localhost)' nginx_cors_acl_origin: 'http?://(localhost)'
# Find a set of acceptable defaults for the cache setup # Find a set of acceptable defaults for the cache setup
@ -109,56 +110,3 @@ nginx_use_common_virthost: False
# include fastcgi_params; # include fastcgi_params;
# } # }
# TODO: ckan, ssl with 80 -> 443 redirection, ssl only (no listening on 80).
# If nginx via ppa, proxy_protocol e http/2 too
# php, rewrite rules, acls, ldap auth
# More robust rules
# log format personalization (global, inside conf.d)
# CORS
#
# Special cases: mediawiki,...
#
# CORS example 1
# set $cors '';
# if ($http_origin ~* 'https?://(localhost|*\.example\.org)') {
# set $cors 'true';
# }
# if ($cors = 'true') {
# add_header 'Access-Control-Allow-Origin' "$http_origin";
# add_header 'Access-Control-Allow-Credentials' 'true';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With';
# }
# if ($request_method = 'OPTIONS') {
# return 204;
# }
# CORS example 2
# location / {
# if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' '*';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# #
# # Custom headers and headers various browsers *should* be OK with but aren't
# #
# add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# #
# # Tell client that this pre-flight info is valid for 20 days
# #
# add_header 'Access-Control-Max-Age' 1728000;
# add_header 'Content-Type' 'text/plain charset=UTF-8';
# add_header 'Content-Length' 0;
# return 204;
# }
# if ($request_method = 'POST') {
# add_header 'Access-Control-Allow-Origin' '*';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# }
# if ($request_method = 'GET') {
# add_header 'Access-Control-Allow-Origin' '*';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# }

30
nginx/templates/nginx-cors.conf.j2
View File

@ -1,6 +1,7 @@
{% if nginx_cors_extended_rules %}
if ($request_method = 'OPTIONS') { if ($request_method = 'OPTIONS') {
{% if nginx_cors_limit_origin %} {% if nginx_cors_limit_origin %}
add_header 'Access-Control-Allow-Origin' "${{ nginx_cors_acl_origin }}"; add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin }}";
add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Credentials' 'true';
{% else %} {% else %}
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Origin' '*';
@ -31,7 +32,7 @@ if ($request_method = 'POST') {
} }
if ($request_method = 'GET') { if ($request_method = 'GET') {
{% if nginx_cors_limit_origin %} {% if nginx_cors_limit_origin %}
add_header 'Access-Control-Allow-Origin' "${{ nginx_cors_acl_origin }}"; add_header 'Access-Control-Allow-Origin' "{{ nginx_cors_acl_origin }}";
add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Credentials' 'true';
{% else %} {% else %}
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Origin' '*';
@ -40,3 +41,28 @@ if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
} }
{% else %}
{% if nginx_cors_limit_origin %}
set $cors '';
if ($http_origin ~* '{{ nginx_cors_acl_origin }}') {
set $cors 'true';
}
if ($cors = 'true') {
{% endif %}
{% if nginx_cors_limit_origin %}
add_header 'Access-Control-Allow-Origin' "$http_origin";
{% else %}
add_header 'Access-Control-Allow-Origin' "$http_origin";
# add_header 'Access-Control-Allow-Origin' "*";
{% endif %}
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With';
{% if nginx_cors_limit_origin %}
}
{% endif %}
if ($request_method = 'OPTIONS') {
return 204;
}
{% endif %}

8
smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2
View File

@ -65,10 +65,14 @@ server {
location /{{ context }} { location /{{ context }} {
{% if smartgears_nginx_cors_enabled %} {% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf; include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
proxy_pass http://localhost:{{ item.http_port }}; proxy_pass http://localhost:{{ item.http_port }};
{% else %} {% else %}
proxy_pass http://localhost:{{ item.http_port }}/{{ context }}; proxy_pass http://localhost:{{ item.http_port }}/{{ context }};
{% endif %} {% endif %}
{% else %}
proxy_pass http://localhost:{{ item.http_port }}/{{ context }};
{% endif %}
} }
{% endif %} {% endif %}
{% endif %} {% endif %}
@ -177,10 +181,14 @@ server {
location /{{ context }} { location /{{ context }} {
{% if smartgears_nginx_cors_enabled %} {% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf; include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
proxy_pass http://localhost:{{ item.http_port }}; proxy_pass http://localhost:{{ item.http_port }};
{% else %} {% else %}
proxy_pass http://localhost:{{ item.http_port }}/{{ context }}; proxy_pass http://localhost:{{ item.http_port }}/{{ context }};
{% endif %} {% endif %}
{% else %}
proxy_pass http://localhost:{{ item.http_port }}/{{ context }};
{% endif %}
} }
{% endif %} {% endif %}
{% endif %} {% endif %}