diff --git a/caddy/Caddyfile b/caddy/Caddyfile index d9f6cd3..8eb2746 100644 --- a/caddy/Caddyfile +++ b/caddy/Caddyfile @@ -1,4 +1,4 @@ -import repo.caddyfile { +{ admin off debug log { @@ -6,35 +6,19 @@ import repo.caddyfile { } } -(site) { - @landing { - path / /contact* /about* /favicon.png - } - handle /_app/* { - reverse_proxy site:3000 - } - handle @landing { - reverse_proxy site:3000 { - health_uri /health - health_interval 30s - health_timeout 10s - health_status 200 - } - } - handle /repo* { - uri strip_prefix /repo - import repo_site - } -} - -:80 { - import site -} - -http://am-d-model.eu { - import site -} - am-d-model.eu { - import site + reverse_proxy site:3000 { + health_uri /health + health_interval 30s + health_timeout 10s + health_status 200 + } +} + +invenio.am-d-model.eu { + reverse_proxy invenio.am-d-model.eu:8080 { + header_up Host {host} + header_up X-Real-IP {remote_host} + header_up X-Forwarded-Proto "https" + } } diff --git a/caddy/internal_server.conf b/caddy/internal_server.conf new file mode 100644 index 0000000..754a144 --- /dev/null +++ b/caddy/internal_server.conf @@ -0,0 +1,25 @@ +server { + listen 8080; + server_name invenio.am-d-model.eu; + + # Disable SSL - this is an internal connection + ssl off; + + location / { + include uwsgi_params; + uwsgi_pass ui_server; + uwsgi_param Host $http_host; + uwsgi_param X-Real-IP $http_x_real_ip; + uwsgi_param X-Forwarded-For $http_x_forwarded_for; + uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto; + } + + location /api { + include uwsgi_params; + uwsgi_pass api_server; + uwsgi_param Host $http_host; + uwsgi_param X-Real-IP $http_x_real_ip; + uwsgi_param X-Forwarded-For $http_x_forwarded_for; + uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto; + } +} diff --git a/caddy/proxy_settings.conf b/caddy/proxy_settings.conf new file mode 100644 index 0000000..2329569 --- /dev/null +++ b/caddy/proxy_settings.conf @@ -0,0 +1,22 @@ +server { + listen 8080; + server_name invenio.am-d-model.eu; + + location / { + include uwsgi_params; + uwsgi_pass ui_server; + uwsgi_param Host $http_host; + uwsgi_param X-Real-IP $http_x_real_ip; + uwsgi_param X-Forwarded-For $http_x_forwarded_for; + uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto; + } + + location /api { + include uwsgi_params; + uwsgi_pass api_server; + uwsgi_param Host $http_host; + uwsgi_param X-Real-IP $http_x_real_ip; + uwsgi_param X-Forwarded-For $http_x_forwarded_for; + uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto; + } +} diff --git a/caddy/repo.caddyfile b/caddy/repo.caddyfile deleted file mode 100644 index 20a23e1..0000000 --- a/caddy/repo.caddyfile +++ /dev/null @@ -1,65 +0,0 @@ -(repo_cors) { - header { - Access-Control-Allow-Origin * - Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" - Access-Control-Allow-Headers "*" - Access-Control-Allow-Credentials true - Strict-Transport-Security "max-age=15768000" - # Request ID tracing - +X-Request-ID {uuid} - } -} - -(repo_common_proxy) { - # Set headers similar to uwsgi_param - header_up Host {host} - header_up X-Request-ID {uuid} - # Remove sensitive headers - header_down -X-Session-ID - header_down -X-User-ID -} - -(repo_site) { - import repo_cors - - # UI Server routes - handle / { - request_body { - max_size 100MB - } - reverse_proxy repo-web-ui:5000 { - import repo_common_proxy - } - } - - # API routes - handle /api/* { - request_body { - max_size 100MB - } - reverse_proxy repo-web-api:5000 { - import repo_common_proxy - } - } - - # Large file upload API routes - handle_path /api/records/*/draft/files/*/content { - request_body { - max_size 250GB - } - encode gzip - reverse_proxy repo-web-api:5000 { - import repo_common_proxy - } - } - - handle /static/* { - root * /opt/invenio/var/instance/static - file_server - } - - handle /robots.txt { - root * /opt/invenio/var/instance/static - file_server - } -}