Removed nginx from config

docker-compose.full.yml

@@ -48,21 +48,6 @@ services:
       service: s3
     networks:
       - am-d-model-repo-network
-  # Frontend
-  frontend:
-    extends:
-      file: docker-services.yml
-      service: frontend
-    volumes:
-      - static_data:/opt/invenio/var/instance/static
-    depends_on:
-      - web-ui
-      - web-api
-    # ports:
-    #   - "80:80"
-    #   - "443:443"
-    networks:
-      - am-d-model-repo-network
   # UI Application
   web-ui:
     extends:

docker-services.yml

@@ -24,15 +24,6 @@ services:
       - "INVENIO_RATELIMIT_STORAGE_URL=redis://cache:6379/3"
     networks:
       - am-d-model-repo-network
-  frontend:
-    build: ./docker/nginx/
-    image: am-d-model-data-repository-frontend
-    restart: "unless-stopped"
-    ports:
-      - "80"
-      - "443"
-    networks:
-      - am-d-model-repo-network
   cache:
     image: redis:7
     restart: "unless-stopped"

docker/nginx/Dockerfile

@@ -1,5 +0,0 @@
-FROM nginx
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY conf.d/* /etc/nginx/conf.d/
-COPY test.key /etc/ssl/private/test.key
-COPY test.crt /etc/ssl/certs/test.crt

docker/nginx/conf.d/default.conf

@@ -1,133 +0,0 @@
-# This nginx configuration defines two servers, one on port 80 and one on port
-# 443. All traffix on port 80 is redirect to port 443 on SSL.
-#
-# Nginx proxies all requests on port 443 to upstream the application server
-# which is expected to be running on port 5000/5001.
-
-upstream ui_server {
-  server web-ui:5000 fail_timeout=0;
-}
-upstream api_server {
-  server web-api:5000 fail_timeout=0;
-}
-
-# HTTP server
-server {
-  # Redirects all requests to https. - this is in addition to HAProxy which
-  # already redirects http to https. This redirect is needed in case you access
-  # the server directly (e.g. useful for debugging).
-  listen 80 default_server; # IPv4
-  listen [::]:80 default_server; # IPv6
-  server_name _;
-  return 301 https://$host$request_uri;
-}
-
-# HTTPS server
-server {
-  listen 443 default_server ssl http2; # IPv4
-  listen [::]:443 default_server ssl http2; # IPv6
-  server_name _;
-  charset utf-8;
-  keepalive_timeout 5;
-
-  # SSL configuration according to best practices from
-  # https://mozilla.github.io/server-side-tls/ssl-config-generator/
-  # The provided certificate (test.crt) and private key (test.key) is only for
-  # testing and must never be used in production environment.
-  ssl_certificate /etc/ssl/certs/test.crt;
-  ssl_certificate_key /etc/ssl/private/test.key;
-  ssl_session_timeout 1d;
-  ssl_session_cache shared:SSL:50m;
-  ssl_session_tickets off;
-
-  # Accepted protocols and ciphers
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
-  ssl_prefer_server_ciphers on;
-
-  add_header Strict-Transport-Security "max-age=15768000"; # 6 months
-
-  # Request ID tracing (allows end-to-end tracking of requests for better
-  # troubleshooting)
-  add_header X-Request-ID $request_id;
-
-  # The request body is sent to the proxied server immediately as it is
-  # received
-  proxy_request_buffering off;
-  # Sets the HTTP protocol v1.1 for proxying in order to not use the buffer
-  # in case of chunked transfer encoding
-  proxy_http_version 1.1;
-
-  # Proxying to the application server
-  ## UI server
-  location / {
-    uwsgi_pass ui_server;
-    include uwsgi_params;
-    uwsgi_buffering off;
-    uwsgi_request_buffering off;
-    chunked_transfer_encoding off;
-    uwsgi_param Host $host;
-    uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
-    uwsgi_param X-Forwarded-Proto $scheme;
-    # Pass request id to the ui server
-    uwsgi_param X-Request-ID $request_id;
-    # X-Session-ID / X-User-ID is read by nginx and included in the logs,
-    # however we don't want to expose them to clients so we are hiding them.
-    uwsgi_hide_header X-Session-ID;
-    uwsgi_hide_header X-User-ID;
-    # Max upload size (except for files) is set to 100mb as default.
-    client_max_body_size 100m;
-  }
-  ## Most API
-  location /api {
-    uwsgi_pass api_server;
-    include uwsgi_params;
-    uwsgi_buffering off;
-    uwsgi_request_buffering off;
-    chunked_transfer_encoding off;
-    uwsgi_param Host $host;
-    uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
-    uwsgi_param X-Forwarded-Proto $scheme;
-    # Pass request id to the api server
-    uwsgi_param X-Request-ID $request_id;
-    # X-Session-ID / X-User-ID is read by nginx and included in the logs,
-    # however we don't want to expose them to clients so we are hiding them.
-    uwsgi_hide_header X-Session-ID;
-    uwsgi_hide_header X-User-ID;
-    # Max upload size (except for files) is set to 100mb as default.
-    client_max_body_size 100m;
-  }
-  ## API files
-  # Another location is defined in order to allow large file uploads in the files
-  # API without exposing the other parts of the application to receive huge
-  # request bodies.
-  location ~ /api/records/.+/draft/files/.+/content {
-    gzip off;
-    uwsgi_pass api_server;
-    include uwsgi_params;
-    uwsgi_buffering off;
-    uwsgi_request_buffering off;
-    chunked_transfer_encoding off;
-    uwsgi_param Host $host;
-    uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
-    uwsgi_param X-Forwarded-Proto $scheme;
-    # Pass request id to api server
-    uwsgi_param X-Request-ID $request_id;
-    # X-Session-ID / X-User-ID is read by nginx and included in the logs,
-    # however we don't want to expose them to clients so we are hiding them.
-    uwsgi_hide_header X-Session-ID;
-    uwsgi_hide_header X-User-ID;
-    # Max upload size for files is set to 50GB (configure as needed).
-    client_max_body_size 50G;
-  }
-  # Static content is served directly by nginx and not the application server.
-  location /static {
-    alias /opt/invenio/var/instance/static;
-    autoindex off;
-  }
-  # Robots.txt file is served by nginx.
-  location /robots.txt {
-    alias /opt/invenio/var/instance/static/robots.txt;
-    autoindex off;
-  }
-}

docker/nginx/nginx.conf

@@ -1,76 +0,0 @@
-user  nginx;
-worker_processes  1;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    # Standard log format
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    # Request tracing log format - includes request id, session id, user id,
-    # and request timing.
-    log_format trace '$remote_addr - [$time_local] "$request" '
-                 '$status  $body_bytes_sent "$http_referer"  '
-                 '"$http_user_agent" "$http_x_forwarded_for" $request_id '
-                 '$msec $request_time '
-                 '$upstream_http_x_session_id $upstream_http_x_user_id';
-
-    access_log  /var/log/nginx/access.log  trace;
-
-    sendfile        on;
-    tcp_nopush      on;
-    tcp_nodelay     on;
-
-    keepalive_timeout  65;
-
-    gzip on;
-    gzip_disable "msie6";
-    gzip_http_version 1.1;
-    gzip_comp_level 5; # or anything between 4-6
-    gzip_min_length 100;
-    gzip_proxied any;
-    # We may need more mime-types here (eg. 'application/x-bibtex')
-    gzip_types
-        application/atom+xml
-        application/javascript
-        application/json
-        application/ld+json
-        application/manifest+json
-        application/octet-stream
-        application/rss+xml
-        application/vnd.geo+json
-        application/vnd.ms-fontobject
-        application/x-font-ttf
-        application/x-javascript
-        application/x-web-app-manifest+json
-        application/xhtml+xml
-        application/xml
-        application/xml+rss
-        font/opentype
-        image/bmp
-        image/svg+xml
-        image/x-icon
-        text/cache-manifest
-        text/css
-        text/javascript
-        text/plain
-        text/vcard
-        text/vnd.rim.location.xloc
-        text/vtt
-        text/x-component
-        text/x-cross-domain-policy
-        text/xml;
-    gzip_vary on;
-
-    include /etc/nginx/conf.d/*.conf;
-}

docker/nginx/test.crt

@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFpzCCA4+gAwIBAgIUUYJ6tvU7tTyQgpunblH/obBk/WAwDQYJKoZIhvcNAQEL
-BQAwYzELMAkGA1UEBhMCQ0gxCjAIBgNVBAgMAS4xCjAIBgNVBAcMAS4xCjAIBgNV
-BAoMAS4xCjAIBgNVBAsMAS4xEjAQBgNVBAMMCWxvY2FsaG9zdDEQMA4GCSqGSIb3
-DQEJARYBLjAeFw0yNTAxMjcwOTUwMjBaFw0yNjAxMjcwOTUwMjBaMGMxCzAJBgNV
-BAYTAkNIMQowCAYDVQQIDAEuMQowCAYDVQQHDAEuMQowCAYDVQQKDAEuMQowCAYD
-VQQLDAEuMRIwEAYDVQQDDAlsb2NhbGhvc3QxEDAOBgkqhkiG9w0BCQEWAS4wggIi
-MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDi2I5Ew61Lfbz9ZfYTrtI4Zln/
-hwnCf0umd+z4JzZe7IPpnCmFVk+cVMNGgCOLNsBvJCqlXI4xKu+4xtSGP1uG9T/G
-NsMURD0M6BP/wTzydPBTqhIkxI9IwGS9l9qOAbQGcfX+1hKB3F1KoQ/blp5HIfim
-MlHPmwE2V6GRT5TCOZ7rB3fj48bSSCVND52D1z9DkfnTHiWBNehg1RLGaxv13lud
-20DKmKMZZRuDcx7GfVwCyuXjUQ1kYfWZG2b64eBR8aqshWjH118JrU/EB7FZ0+Td
-puc8l+beH8uzTWn0kLUXAGKCsL429ptKi/JmQm4kuV9pJMwf6hWtvfJ6Iz85WnfE
-ISJ5gQe5WkIZALhDOjOUDKI85p9lNalU12yulDwHj403WukabZFC8QoLp1HU/l0o
-YebgfW/o/uDOkCk4N+nN/rkm0F25KN+qMMV2muZgXCOyRi75SYtbXAhWxbSwJDdj
-PhQvLSEX48+O6e3KLvI1VT9m33l91sAdhu2b1uDFXLeE/t3lKWrPyXvHpmgoWAII
-NDQlDlG8h/gqKxN741LMnCs6pflmu4ipCZUqOuehHgDwxCvH29txmJ01Kx8Qevou
-HMVEEtKxzUh+/osXbnT/fpbB9/hkGkTKbFjMBYR5VGdHR36ytTkVx3rAnLJg7wcL
-s9SEAvUm+9qJKfFoZwIDAQABo1MwUTAdBgNVHQ4EFgQU+lschFrhuWcv7SirStrG
-0QoLHo4wHwYDVR0jBBgwFoAU+lschFrhuWcv7SirStrG0QoLHo4wDwYDVR0TAQH/
-BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEA0v6x5Sr5hEzzD1W6G7ERHmZh7eQt
-XlxR/7Df3BXHf9v/hD8hp/g9IlzMkCx0IL9eXpXGkcqQZuwclj56jht+ryRTTGaf
-swYMCd/H6BHXHXL/R70LN1Kz1XVXMcBaYmNOmbbt88TEjU0L9m9GUFYj2GX6ZHnL
-Wz8ZcRDjoV03bcdDdRK2Z6SBDw05OSZdAHJD+Utbqeby1GUkaxHy3QbQ2vPX7lmO
-3o75FcXkKReiL96aUOWHTH2moTje2eFSx7IPbEG/gtj48OQWXFjGJjz+OHs9Gl5i
-DcBIrfY3+Amg27ggJv5OGg6NbTkjHzPhugufaoT4O2vcHmryUj9Grqhmhh5FULxp
-1uhTP6eXPybWDOkFMMxGD0PNtAT1oeY42WZQHrYz3fyf48HmFa2/zfRjQsQYc2x4
-wl0G8lkHm20G6dGsi+ij1EwRTeKmmBdDINV6vnthCwDPe608VdCm2Mpr2KgOZmBS
-HaATg8ZZqx2wEflk02zqO9AWuShxYu3ynVuJsoga+qAiljIMqTmj3ed7lKuvvaJz
-bqbpG7LDf9nZMjP4m+EukoFcQMAOHuTGqVtmyCKT2gj2CsIy2zZzY3dN7IR8V2HI
-7ppjHTQ/s1myCR4Jkb0psFbrqG3vOKn9xfH+prk+oeph8gAAXqMLZS0EXQQF5iDR
-fBA+J7fD6XnBFJU=
------END CERTIFICATE-----

docker/nginx/test.key

@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDi2I5Ew61Lfbz9
-ZfYTrtI4Zln/hwnCf0umd+z4JzZe7IPpnCmFVk+cVMNGgCOLNsBvJCqlXI4xKu+4
-xtSGP1uG9T/GNsMURD0M6BP/wTzydPBTqhIkxI9IwGS9l9qOAbQGcfX+1hKB3F1K
-oQ/blp5HIfimMlHPmwE2V6GRT5TCOZ7rB3fj48bSSCVND52D1z9DkfnTHiWBNehg
-1RLGaxv13lud20DKmKMZZRuDcx7GfVwCyuXjUQ1kYfWZG2b64eBR8aqshWjH118J
-rU/EB7FZ0+Tdpuc8l+beH8uzTWn0kLUXAGKCsL429ptKi/JmQm4kuV9pJMwf6hWt
-vfJ6Iz85WnfEISJ5gQe5WkIZALhDOjOUDKI85p9lNalU12yulDwHj403WukabZFC
-8QoLp1HU/l0oYebgfW/o/uDOkCk4N+nN/rkm0F25KN+qMMV2muZgXCOyRi75SYtb
-XAhWxbSwJDdjPhQvLSEX48+O6e3KLvI1VT9m33l91sAdhu2b1uDFXLeE/t3lKWrP
-yXvHpmgoWAIINDQlDlG8h/gqKxN741LMnCs6pflmu4ipCZUqOuehHgDwxCvH29tx
-mJ01Kx8QevouHMVEEtKxzUh+/osXbnT/fpbB9/hkGkTKbFjMBYR5VGdHR36ytTkV
-x3rAnLJg7wcLs9SEAvUm+9qJKfFoZwIDAQABAoICACL/ZBup0M+ny4OQuoFY5Gf9
-Kn9o1xGh0AsTz4SNkC7e8I8XH7TJlyi4TxROaq1sug2rl8TBXdKqHCf2zQ0VM0rE
-BZ3QDxLOYFjgaU15A60oa3eM8pWnma+Qtzok9nwYOS0RYfF6F4rfc6ky5h5rw2mY
-DSOe+c48zNgUdwHTNFEu0JzUHyQSnTcOGGsmMJgJmmITYGa47PJdXceqt+XS2pJ5
-Rss462sWV3twhOkn1qSq7IolwYfrllRZZKnFd4LXXGNoFHvfbUX/rVLx4S+OPEdu
-kI291Ukc6mp0n1m/ZMxtkvLEhW5CVGZob5b1tmUedJ3H17eCDNgTplqSxpkfXP5y
-3SBCzQXGHMUQ7JIzAdJS0Qn59IzTPEg06Bvrd6Sgxf1+twxFyu6/LUIi1KKPfzgD
-rtRypWvB3KflGJj07eoBpF9fOZJ6htMFp1FgkC7TPkdwuXy9Tc2JQ0pjsiPAbJvO
-IcpSQOvdwpIUSvjpHukl3OC0qXXv2xkkr8WhWP8P2OnL9zZ2mJ9kiODXLUMcNRPw
-KN+PKVnXYi2yvI2s+ZZPM5J9DBHrditiW/lNmGdmGMjgLtNVqJ2dnQHP+AXcGiug
-durU/+VCjRkT6RhgVenjzbW/0rK4f2zIDklIOWDhPScpH8VuUi6+XFagG9+yIWcB
-1C8QNJC6rC1e/860ChBpAoIBAQDrnwQugeOfuAYDQy5oSUBHDgX6zLp4mVQyacb4
-/16VKVmNaKqmrkmFIYsVca1K4hds+/KSEusfMlxYaAtjrtyK0Qvq16buAq/jrNic
-U3XYpYPxE708kufsuYlMNxbsFf0L9CJdcJWYRFLoSk4xMiaFrK0HbAceEnkEYnok
-w2Ssrq85GrQABnfxprQYkqO68o+Gv4JzzXVchiKFB8iatbUcX95dG6uRPKfQ9vTi
-H+kIevdZaEd5/RExUrFasYhH3xvZBMo/xPGxa5Ww3wZ9Bk0iUODuydvzUxc8s6lD
-cJlSXUEuQLh1+ARyfLvIWNKsi3fC4dc/yD/Ifu6XqQTzmhvNAoIBAQD2dz5KjYfz
-hveh/+0P41GGED3b/hnxoQHd/v7G3bnrnMM1MoaoJbys4tXovdSsWUUG3ReyDmJo
-46XfzoQxMMhoMbjlplypvBhfpfF1njM1bTpTfgHHPCNp0AgePFzTdVKV4VvdzBT4
-BpM79LofqLgf6mUlys0TIZGmt9D62QHY2LG6KKretabDi4+5+OghO2kI1vmCS8Wt
-l4S4az5bcWqyi3w4KO3pkPKnpF9SOqqwOs+R6lPABKbcf3+t3CJDYplKhLaVGjDy
-uXtV2zi3cNVLAwnwR5SWYME4IZDNsQAFXO+g5g5y8bpF//QaDyxMb+bjTD/cwE+x
-G9sWJ+ccrGkDAoIBAQCEm1YrJocJGPSpWWIA51j5pHbRE+/Od9zfEpEdCfwdTsxL
-vaBtdqGB/8LbKsMw5dXxTErU0zjosdsvFj9ytrMAnW5rmTslsPV02Y5/TKmCaIS9
-ZTKXqMZGgJU5A7gu3qEv3RKKLBbFP465lTg0j9kGWox3JOFMl3Dses/raNx8I0QS
-i2jKqtlOc1fgjIcBbApC9/1fVz659/Ptktff2mw3r+zh0fTZJJ3+CT8BFJx+XVZg
-R0QS786BR9zxAgGFEZgGp598DEdKZxY0GRD5xFYc/g/Z1FmptBXb3/FfNzvTExDg
-CyTFn/RAytqUgwjuev/H+nq+NuFO4cE+Ma3Lu+vxAoIBAE+rsi4lXBojue7bLQWi
-xNqia2yu0jIiitj5MeCVEiGQtiV/JLo8IKZ+WQl4O8ROwxp548wCDFu9owQa3O6N
-x2qvEAbkZTXVAMgCe3A66HDP0zfkFq0RypzMy6MCfjs4xK6Af9LNwsV+Up/h9zx+
-rK5cdb/ms64Ifu22o85C0e8H9UOpG7sMW1EAz0AdruP3MXfTDirJVahMv3Fh8XFb
-01LN9iStTmLfISGB5/JL1ptLF4giiFoc5teGO363FzhTKhxFlEPUiJgdzzmsuMPL
-rJcn71GFwgluU2dSql1jZw9UwH1xgKA1dbJlD8JQv1AiKC+3mTlBzUECMSsTUQka
-zoMCggEBAIxQpHv0SX4RvHVBbNxVQ5rjcXjOmIfN6SnvGKn1J0Qxxbc1zlUvbucP
-4Hw60bqEZewVheLrKkx6HDbOJuWuRZkOeiqANbDhdMjJWxfs+FX19dvphVKfDR24
-uBwAgu766smqma0HxuTBTuE6gPttxXoNOxaXVz9pOiN7J3eO5hE2VrJSta5isj02
-RQkbcDRVdvt4KzaUMM22wGdhLT/Rnlh3Q94dgEf8KYFcaEnGBEKH0ZFugkI4Oq9x
-guN18wKDvKGZH8PZp8NhrFLtwRL0epwjQIc/i8d55rqjMLJNXVDy5Wn47OEsV2mr
-3hZ66Qvn/zNMwRkuIEbB0I7k5nNiISA=
------END PRIVATE KEY-----