diff --git a/VERSION b/VERSION index 280a1e3..82bd22f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0.12 +2.0.13 diff --git a/nginx/conf.d-dev/antibody-api.conf b/nginx/conf.d-dev/antibody-api.conf new file mode 100644 index 0000000..9eb9ab2 --- /dev/null +++ b/nginx/conf.d-dev/antibody-api.conf @@ -0,0 +1,108 @@ +# Define the upstream antibody-api-server to be used by other containers on the same docker network +upstream antibody-api-server { + server localhost:8888; +} + +# Port 80 on host maps to 8080 on container +server { + # Only root can listen on ports below 1024, we use higher-numbered ports + # since nginx is running under non-root user hubmap + listen 8080; + server_name antibody-api.dev.hubmapconsortium.org; + + location / { + return 301 https://$host$request_uri; + } +} + +# Port 443 on host maps to 4430 on container +server { + # Only root can listen on ports below 1024, we use higher-numbered ports + # since nginx is running under non-root user hubmap + listen 4430 ssl; # managed by Certbot + server_name antibody-api.dev.hubmapconsortium.org; + root /usr/share/nginx/html; + + ssl_certificate /etc/letsencrypt/live/gateway.dev.hubmapconsortium.org/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/gateway.dev.hubmapconsortium.org/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + # Logging to the mounted volume for outside container access + access_log /usr/src/app/log/nginx_access_antibody-api.log; + error_log /usr/src/app/log/nginx_error_antibody-api.log warn; + + # No auth_request for favicon + location = /favicon.ico { + alias /usr/share/nginx/html/favicon.ico; + } + + location / { + # Always enable CORS + # Response to preflight requests + if ($request_method = 'OPTIONS') { + # The directive `add_header` doesn't work when response status code is 401, 403 or 500 + # The `always` parameter is specified so the header field will be added regardless of the response code + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always; + + # Custom headers and headers various browsers should be OK with but aren't + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; + + # Cache the response to this preflight request in browser for 24 hours (86400 seconds) + # without sending another preflight request + add_header 'Access-Control-Max-Age' 86400 always; + + add_header 'Content-Type' 'text/plain; charset=utf-8' always; + add_header 'Content-Length' 0 always; + return 204; + } + + # Response to the original requests (HTTP methods are case-sensitive) with CORS enabled + if ($request_method ~ (POST|GET|PUT)) { + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; + } + + # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000 + include uwsgi_params; + # Here "antibody-api" is the hostname defined in `docker-compose.yml` + # We have to use this hostname because the entity API is running on a different container + uwsgi_pass uwsgi://antibody-api:5000; + } + +} + + + +# antibody-api-server +# `http://hubmap-auth:8888` can be used by gateway +# to make calls to antibody-api directly bypassing gateway +server { + # Only root can listen on ports below 1024, we use higher-numbered ports + # since nginx is running under non-root user hubmap + listen 8888; + + server_name localhost; + root /usr/share/nginx/html; + + # We need this logging for inspecting auth requests from other internal services + # Logging to the mounted volume for outside container access + access_log /usr/src/app/log/nginx_access_antibody-api-server.log; + error_log /usr/src/app/log/nginx_error_antibody-api-server.log warn; + + location = /favicon.ico { + alias /usr/share/nginx/html/favicon.ico; + } + + # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000 + location / { + include uwsgi_params; + # Here "antibody-api" is the hostname defined in `docker-compose.yml` + # We have to use this hostname because the entity API is running on a different container + uwsgi_pass uwsgi://antibody-api:5000; + } + +} diff --git a/nginx/conf.d-stage/antibody-api.conf b/nginx/conf.d-stage/antibody-api.conf new file mode 100644 index 0000000..4c8ae09 --- /dev/null +++ b/nginx/conf.d-stage/antibody-api.conf @@ -0,0 +1,108 @@ +# Define the upstream antibody-api-server to be used by other containers on the same docker network +upstream antibody-api-server { + server localhost:8888; +} + +# Port 80 on host maps to 8080 on container +server { + # Only root can listen on ports below 1024, we use higher-numbered ports + # since nginx is running under non-root user hubmap + listen 8080; + server_name antibody-api.stage.hubmapconsortium.org; + + location / { + return 301 https://$host$request_uri; + } +} + +# Port 443 on host maps to 4430 on container +server { + # Only root can listen on ports below 1024, we use higher-numbered ports + # since nginx is running under non-root user hubmap + listen 4430 ssl; # managed by Certbot + server_name antibody-api.stage.hubmapconsortium.org; + root /usr/share/nginx/html; + + ssl_certificate /etc/letsencrypt/live/gateway.stage.hubmapconsortium.org/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/gateway.stage.hubmapconsortium.org/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + # Logging to the mounted volume for outside container access + access_log /usr/src/app/log/nginx_access_antibody-api.log; + error_log /usr/src/app/log/nginx_error_antibody-api.log warn; + + # No auth_request for favicon + location = /favicon.ico { + alias /usr/share/nginx/html/favicon.ico; + } + + location / { + # Always enable CORS + # Response to preflight requests + if ($request_method = 'OPTIONS') { + # The directive `add_header` doesn't work when response status code is 401, 403 or 500 + # The `always` parameter is specified so the header field will be added regardless of the response code + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always; + + # Custom headers and headers various browsers should be OK with but aren't + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; + + # Cache the response to this preflight request in browser for 24 hours (86400 seconds) + # without sending another preflight request + add_header 'Access-Control-Max-Age' 86400 always; + + add_header 'Content-Type' 'text/plain; charset=utf-8' always; + add_header 'Content-Length' 0 always; + return 204; + } + + # Response to the original requests (HTTP methods are case-sensitive) with CORS enabled + if ($request_method ~ (POST|GET|PUT)) { + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,Authorization, MAuthorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; + } + + # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000 + include uwsgi_params; + # Here "antibody-api" is the hostname defined in `docker-compose.yml` + # We have to use this hostname because the entity API is running on a different container + uwsgi_pass uwsgi://antibody-api:5000; + } + +} + + + +# antibody-api-server +# `http://hubmap-auth:8888` can be used by gateway +# to make calls to antibody-api directly bypassing gateway +server { + # Only root can listen on ports below 1024, we use higher-numbered ports + # since nginx is running under non-root user hubmap + listen 8888; + + server_name localhost; + root /usr/share/nginx/html; + + # We need this logging for inspecting auth requests from other internal services + # Logging to the mounted volume for outside container access + access_log /usr/src/app/log/nginx_access_antibody-api-server.log; + error_log /usr/src/app/log/nginx_error_antibody-api-server.log warn; + + location = /favicon.ico { + alias /usr/share/nginx/html/favicon.ico; + } + + # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000 + location / { + include uwsgi_params; + # Here "antibody-api" is the hostname defined in `docker-compose.yml` + # We have to use this hostname because the entity API is running on a different container + uwsgi_pass uwsgi://antibody-api:5000; + } + +} diff --git a/nginx/conf.d-test/antibody-api.conf b/nginx/conf.d-test/antibody-api.conf index e1ee7d1..b8d45af 100644 --- a/nginx/conf.d-test/antibody-api.conf +++ b/nginx/conf.d-test/antibody-api.conf @@ -66,7 +66,7 @@ server { add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; } - # Once authenticated/authorized, pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000 + # Pass reqeusts to the uWSGI server using the "uwsgi" protocol on port 5000 include uwsgi_params; # Here "antibody-api" is the hostname defined in `docker-compose.yml` # We have to use this hostname because the entity API is running on a different container