mirror of
https://github.com/absmach/supermq.git
synced 2026-06-23 06:20:18 +00:00
dusan
173 lines
5.9 KiB
Plaintext
173 lines
5.9 KiB
Plaintext
# Copyright (c) Abstract Machines
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
# This is the default Magistrala NGINX configuration.
|
|
|
|
user nginx;
|
|
worker_processes auto;
|
|
worker_cpu_affinity auto;
|
|
pid /run/nginx.pid;
|
|
include /etc/nginx/modules-enabled/*.conf;
|
|
worker_rlimit_nofile 65535;
|
|
|
|
events {
|
|
# Explanation: https://serverfault.com/questions/787919/optimal-value-for-nginx-worker-connections
|
|
# We'll keep 10k connections per core (assuming one worker per core)
|
|
worker_connections 10000;
|
|
}
|
|
|
|
http {
|
|
include snippets/http_access_log.conf;
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# Include single-node or multiple-node (cluster) upstream
|
|
include snippets/mqtt-ws-upstream.conf;
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
listen 443 ssl default_server;
|
|
listen [::]:443 ssl default_server;
|
|
http2 on;
|
|
|
|
set $dynamic_server_name "$SMQ_NGINX_SERVER_NAME";
|
|
|
|
if ($dynamic_server_name = '') {
|
|
set $dynamic_server_name "localhost";
|
|
}
|
|
|
|
server_name $dynamic_server_name;
|
|
|
|
include snippets/ssl.conf;
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header Access-Control-Allow-Origin '*';
|
|
add_header Access-Control-Allow-Methods '*';
|
|
add_header Access-Control-Allow-Headers '*';
|
|
|
|
# Proxy pass to domains service
|
|
location ~ ^/(domains) {
|
|
include snippets/proxy-headers.conf;
|
|
add_header Access-Control-Expose-Headers Location;
|
|
proxy_pass http://domains:${SMQ_DOMAINS_HTTP_PORT};
|
|
}
|
|
|
|
# Proxy pass to users service
|
|
location ~ ^/(users|password|authorize|oauth/callback/[^/]+) {
|
|
include snippets/proxy-headers.conf;
|
|
add_header Access-Control-Expose-Headers Location;
|
|
proxy_pass http://users:${SMQ_USERS_HTTP_PORT};
|
|
}
|
|
|
|
# Proxy pass to groups service
|
|
location ~ "^/([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})/(groups)" {
|
|
include snippets/proxy-headers.conf;
|
|
add_header Access-Control-Expose-Headers Location;
|
|
proxy_pass http://groups:${SMQ_GROUPS_HTTP_PORT};
|
|
}
|
|
|
|
# Proxy pass to clients service
|
|
location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(clients)" {
|
|
include snippets/proxy-headers.conf;
|
|
add_header Access-Control-Expose-Headers Location;
|
|
proxy_pass http://clients:${SMQ_CLIENTS_HTTP_PORT};
|
|
}
|
|
|
|
# Proxy pass to channels service
|
|
location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(channels)" {
|
|
include snippets/proxy-headers.conf;
|
|
add_header Access-Control-Expose-Headers Location;
|
|
proxy_pass http://channels:${SMQ_CHANNELS_HTTP_PORT};
|
|
}
|
|
|
|
# Proxy pass to rule engine service
|
|
location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(rules)" {
|
|
include snippets/proxy-headers.conf;
|
|
add_header Access-Control-Expose-Headers Location;
|
|
proxy_pass http://re:${MG_RE_HTTP_PORT};
|
|
}
|
|
|
|
# Proxy pass to alarm service
|
|
location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(alarms)" {
|
|
include snippets/proxy-headers.conf;
|
|
add_header Access-Control-Expose-Headers Location;
|
|
proxy_pass http://alarms:${MG_ALARMS_HTTP_PORT};
|
|
}
|
|
|
|
# Proxy pass to reports service
|
|
location ~ "^/([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})/(reports)" {
|
|
include snippets/proxy-headers.conf;
|
|
add_header Access-Control-Expose-Headers Location;
|
|
proxy_pass http://reports:${MG_REPORTS_HTTP_PORT};
|
|
}
|
|
|
|
location /health {
|
|
include snippets/proxy-headers.conf;
|
|
proxy_pass http://clients:${SMQ_CLIENTS_HTTP_PORT};
|
|
}
|
|
|
|
location /metrics {
|
|
include snippets/proxy-headers.conf;
|
|
proxy_pass http://clients:${SMQ_CLIENTS_HTTP_PORT};
|
|
}
|
|
|
|
# Proxy pass to http-adapter
|
|
location /http/ {
|
|
include snippets/proxy-headers.conf;
|
|
|
|
# Trailing `/` is mandatory. Refer to the http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
|
|
# If the proxy_pass directive is specified with a URI, then when a request is passed to the server,
|
|
# the part of a normalized request URI matching the location is replaced by a URI specified in the directive
|
|
proxy_pass http://http-adapter:${SMQ_HTTP_ADAPTER_PORT}/;
|
|
}
|
|
|
|
# Proxy pass to mqtt-adapter over WS
|
|
location /mqtt {
|
|
include snippets/proxy-headers.conf;
|
|
include snippets/ws-upgrade.conf;
|
|
proxy_pass http://mqtt_ws_cluster;
|
|
}
|
|
|
|
# Proxy pass to ws-adapter
|
|
location /ws/ {
|
|
include snippets/proxy-headers.conf;
|
|
include snippets/ws-upgrade.conf;
|
|
proxy_pass http://http-adapter:${SMQ_HTTP_ADAPTER_PORT}/;
|
|
}
|
|
}
|
|
}
|
|
|
|
# MQTT
|
|
stream {
|
|
include snippets/stream_access_log.conf;
|
|
|
|
# Include single-node or multiple-node (cluster) upstream
|
|
include snippets/mqtt-upstream.conf;
|
|
|
|
server {
|
|
listen ${SMQ_NGINX_MQTT_PORT};
|
|
listen [::]:${SMQ_NGINX_MQTT_PORT};
|
|
listen ${SMQ_NGINX_MQTTS_PORT} ssl;
|
|
listen [::]:${SMQ_NGINX_MQTTS_PORT} ssl;
|
|
|
|
include snippets/ssl.conf;
|
|
|
|
proxy_pass mqtt_cluster;
|
|
}
|
|
}
|
|
|
|
error_log info.log info;
|