6
0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-11-16 10:05:18 +00:00
tutor/deploy/templates/nginx/lms.conf
Régis Behmo d0f02b7268 Re-add dependency of nginx to lms/cms
We re-introduce the dependency of the nginx container on the lms/cms
images. This dependency was removed to address a debugging scenario
which is actually not practical. Without this dependency, we are forced
to use an external docker-specific resolver which makes the local nginx
configuration incompatible with the kubernetes configuration.
2019-01-06 21:29:12 +01:00

91 lines
2.6 KiB
Plaintext

upstream lms-backend {
server lms:8000 fail_timeout=0;
}
{% if ACTIVATE_HTTPS %}
server {
server_name {{ LMS_HOST }} preview.{{ LMS_HOST }};
listen 80;
return 301 https://$server_name$request_uri;
}
{% endif %}
server {
listen {{ "443 ssl" if ACTIVATE_HTTPS else "80" }};
server_name localhost preview.localhost {{ LMS_HOST }} preview.{{ LMS_HOST }};
{% if ACTIVATE_HTTPS %}
ssl_certificate /etc/letsencrypt/live/{{ LMS_HOST }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ LMS_HOST }}/privkey.pem;
{% endif %}
client_max_body_size 4M;
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
# Disables server version feedback on pages and in headers
server_tokens off;
# Prevent invalid display courseware in IE 10+ with high privacy settings
add_header P3P 'CP="Open edX does not have a P3P policy."';
location @proxy_to_lms_app {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://lms-backend;
}
location / {
try_files $uri @proxy_to_lms_app;
}
# /login?next=<any image> can be used by 3rd party sites in <img> tags to
# determine whether a user on their site is logged into edX.
# The most common image to use is favicon.ico.
location /login {
if ( $arg_next ~* "favicon.ico" ) {
return 403;
}
try_files $uri @proxy_to_lms_app;
}
# Need a separate location for the image uploads endpoint to limit upload sizes
location ~ ^/api/profile_images/[^/]*/[^/]*/upload$ {
try_files $uri @proxy_to_lms_app;
client_max_body_size 1049576;
}
location ~ ^/media/(?P<file>.*) {
root /openedx/data/lms/uploads;
try_files /$file =404;
expires 31536000s;
}
location ~ ^/static/(?P<file>.*) {
root /var/www/openedx;
try_files /staticfiles/$file /course_static/$file =404;
# return a 403 for static files that shouldn't be
# in the staticfiles directory
location ~ ^/static/(?:.*)(?:\.xml|\.json|README.TXT) {
return 403;
}
# Set django-pipelined files to maximum cache time
location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\..*)" {
expires max;
try_files /staticfiles/$collected /course_static/$collected =404;
}
location ~ "/static/(?P<collected>[0-9a-f]{7}/.*)" {
expires max;
try_files /staticfiles/$collected /course_static/$collected =404;
}
# Expire other static files immediately (there should be very few / none of these)
expires epoch;
}
}