eliott/Olares
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8dd674aab36125ea4bc3280e7174b622aecfb59d
Olares/apps/system-apps/config/user/helm-charts/monitoring/templates/system-frontend.yaml
hys 8dd674aab3 feat: move studio back to user space
2025-03-28 14:43:43 +08:00

1416 lines
42 KiB
YAML
Raw Blame History

apiVersion: v1
kind: Service
metadata:
name: dashboard-service
namespace: {{ .Release.Namespace }}
spec:
selector:
app: system-frontend
type: ClusterIP
ports:
- protocol: TCP
name: dashboard
port: 80
targetPort: 81
---
apiVersion: v1
kind: Service
metadata:
name: control-hub-service
namespace: {{ .Release.Namespace }}
spec:
selector:
app: system-frontend
type: ClusterIP
ports:
- protocol: TCP
name: control-hub
port: 80
targetPort: 82
---
apiVersion: v1
kind: Service
metadata:
name: profile-service
namespace: {{ .Release.Namespace }}
spec:
type: ClusterIP
selector:
app: system-frontend
ports:
- name: "profile-editor"
protocol: TCP
port: 80
targetPort: 83
- name: "profile-preview"
protocol: TCP
port: 3000
targetPort: 8090
---
apiVersion: v1
kind: Service
metadata:
name: wise-svc
namespace: {{ .Release.Namespace }}
spec:
type: ClusterIP
selector:
app: system-frontend
ports:
- name: "frontend"
protocol: TCP
port: 80
targetPort: 84
---
apiVersion: v1
kind: Service
metadata:
name: headscale-svc
namespace: user-space-{{ .Values.bfl.username }}
spec:
selector:
app: system-frontend
type: ClusterIP
ports:
- protocol: TCP
name: headscale
port: 80
targetPort: 85
---
apiVersion: v1
kind: Service
metadata:
name: settings-service
namespace: {{ .Release.Namespace }}
spec:
selector:
app: system-frontend
type: ClusterIP
ports:
- protocol: TCP
name: settings
port: 80
targetPort: 86
---
apiVersion: v1
kind: Service
metadata:
name: vault-admin-server
namespace: {{ .Release.Namespace }}
spec:
type: ExternalName
externalName: vault-server.os-system.svc.cluster.local
ports:
- protocol: TCP
port: 3010
targetPort: 3010
---
apiVersion: v1
kind: Service
metadata:
name: studio-svc
namespace: {{ .Release.Namespace }}
spec:
selector:
app: system-frontend
ports:
- protocol: TCP
port: 8080
targetPort: 87
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: system-frontend-deployment
namespace: {{ .Release.Namespace }}
labels:
app: system-frontend
applications.app.bytetrade.io/name: system-frontend
applications.app.bytetrade.io/owner: '{{ .Values.bfl.username }}'
applications.app.bytetrade.io/group: 'true'
applications.app.bytetrade.io/author: bytetrade.io
annotations:
applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","wise":"https://file.bttcdn.com/appstore/rss/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png","studio":"https://file.bttcdn.com/appstore/devbox/icon.png"}'
applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","wise":"Wise","headscale":"Headscale","settings":"Settings","studio":"Studio"}'
applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","wise":"0.0.1","headscale":"0.0.1","settings":"0.0.1","studio":"0.0.1"}'
applications.app.bytetrade.io/policies: '{"dashboard":{"policies":[{"entranceName":"dashboard","uriRegex":"/js/script.js", "level":"public"},{"entranceName":"dashboard","uriRegex":"/js/api/send", "level":"public"}]}}'
applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"wise":[{"name":"wise", "host":"wise-svc", "port":80,"title":"Wise","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}],"studio":[{"name":"studio","host":"studio-svc","port":8080,"title":"Studio","openMethod":"window"}]}'
spec:
replicas: 1
selector:
matchLabels:
app: system-frontend
template:
metadata:
labels:
app: system-frontend
io.bytetrade.app: "true"
# annotations:
# instrumentation.opentelemetry.io/inject-nodejs: "olares-instrumentation"
# instrumentation.opentelemetry.io/nodejs-container-names: "settings-server"
# instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
# instrumentation.opentelemetry.io/inject-nginx-container-names: "system-frontend"
spec:
priorityClassName: "system-cluster-critical"
initContainers:
- args:
- -it
- authelia-backend.os-system:9091,infisical-service:80,system-server.user-system-{{ .Values.bfl.username }}:80
image: owncloudci/wait-for:latest
imagePullPolicy: IfNotPresent
name: check-auth
- name: terminus-sidecar-init
image: openservicemesh/init:v1.2.3
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
capabilities:
add:
- NET_ADMIN
runAsNonRoot: false
runAsUser: 0
command:
- /bin/sh
- -c
- |
iptables-restore --noflush <<EOF
# sidecar interception rules
*nat
:PROXY_IN_REDIRECT - [0:0]
:PROXY_INBOUND - [0:0]
-A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-A PREROUTING -p tcp -j PROXY_INBOUND
COMMIT
EOF
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: dashboard-init
image: beclab/dashboard-frontend-v1:v0.4.9
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
mkdir -p /www/dashboard
cp -r /app/* /www/dashboard
volumeMounts:
- mountPath: /www
name: www-dir
- name: control-hub-init
image: beclab/admin-console-frontend-v1:v0.5.2
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
mkdir -p /www/control-hub
cp -r /app/* /www/control-hub
volumeMounts:
- mountPath: /www
name: www-dir
- name: profile-editor-init
image: beclab/profile-editor:v0.2.1
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
mkdir -p /www/profile-editor
cp -r /app/* /www/profile-editor
volumeMounts:
- mountPath: /www
name: www-dir
- name: profile-preview-init
image: beclab/profile-preview:v0.2.1
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
mkdir -p /www/profile-preview
cp -r /app/* /www/profile-preview
volumeMounts:
- mountPath: /www
name: www-dir
- name: wise-init
image: beclab/wise:v1.3.44
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
mkdir -p /www/wise
cp -r /app/* /www/wise
volumeMounts:
- mountPath: /www
name: www-dir
- name: settings-init
image: beclab/settings:v0.2.15
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
mkdir -p /www/settings
cp -r /app/* /www/settings
volumeMounts:
- mountPath: /www
name: www-dir
- name: studio-init
image: beclab/devbox:v0.1.39
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- |
mkdir -p /www/studio
cp -r /app/* /www/studio
volumeMounts:
- mountPath: /www
name: www-dir
containers:
- name: terminus-envoy-sidecar
image: bytetrade/envoy:v1.25.11
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
runAsUser: 1000
ports:
- name: proxy-admin
containerPort: 15000
- name: proxy-inbound
containerPort: 15003
- name: tapr
containerPort: 15080
volumeMounts:
- name: terminus-sidecar-config
readOnly: true
mountPath: /etc/envoy/envoy.yaml
subPath: envoy.yaml
command:
- /usr/local/bin/envoy
- --log-level
- debug
- -c
- /etc/envoy/envoy.yaml
- name: system-frontend
image: beclab/docker-nginx-headers-more:v0.1.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 81
- containerPort: 82
- containerPort: 83
- containerPort: 84
- containerPort: 85
- containerPort: 86
- containerPort: 8090
command:
- /bin/sh
- -c
- |
rm /etc/nginx/conf.d/default.conf
nginx -g 'daemon off;'
volumeMounts:
- name: terminus-sidecar-config
readOnly: true
mountPath: /etc/envoy/envoy.yaml
subPath: envoy.yaml
- name: www-dir
mountPath: /www
- name: wise-download-dir
mountPath: /data/Home
- name: system-frontend-nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: system-frontend-nginx-config
mountPath: /etc/nginx/conf.d/dashboard-control-hub.conf
subPath: dashboard-control-hub.conf
- name: system-frontend-nginx-config
mountPath: /etc/nginx/conf.d/profile-preview.conf
subPath: profile-preview.conf
- name: system-frontend-nginx-config
mountPath: /etc/nginx/conf.d/profile-editor.conf
subPath: profile-editor.conf
- name: system-frontend-nginx-config
mountPath: /etc/nginx/conf.d/wise.conf
subPath: wise.conf
- name: system-frontend-nginx-config
mountPath: /etc/nginx/conf.d/headscale.conf
subPath: headscale.conf
- name: system-frontend-nginx-config
mountPath: /etc/nginx/conf.d/settings.conf
subPath: settings.conf
- name: system-frontend-nginx-config
mountPath: /etc/nginx/conf.d/studio.conf
subPath: studio.conf
env:
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: terminus-ws-sidecar
image: 'beclab/ws-gateway:v1.0.5'
imagePullPolicy: IfNotPresent
command:
- /ws-gateway
env:
- name: WS_PORT
value: '3010'
- name: WS_URL
value: /websocket/message
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
- name: settings-server
image: beclab/settings-server:v0.2.15
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
env:
{{- range $key, $val := .Values.terminusGlobalEnvs }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
- name: DEV_MODE
value: ''
- name: OS_SYSTEM_SERVER
value: system-server.user-system-{{ .Values.bfl.username }}
- name: OS_APP_SECRET
value: '{{ .Values.os.settings.appSecret }}'
- name: OS_APP_KEY
value: {{ .Values.os.settings.appKey }}
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: TERMINUSD_HOST
value: $(NODE_IP):18088
- name: APP_SERVICE_SERVICE_HOST
value: app-service.os-system
- name: APP_SERVICE_SERVICE_PORT
value: '6755'
- name: APP_SERVICE_CHAIN_ID
value: '10'
- name: APP_SERVICE_VERIFYING_CONTRACT
value: '0xe2eaba0979277a90511f8873ae1e8ca26b54e740'
- name: APP_SERVICE_CLOUD_URL
value: 'https://cloud-api.bttcdn.com'
# value: none / nvidia / nvshare / virtaitech
- name: GPU
value: {{ .Values.gpu }}
volumes:
- name: userspace-dir
hostPath:
type: Directory
path: {{ .Values.userspace.userData }}
- name: terminus-sidecar-config
configMap:
name: sidecar-configs
items:
- key: envoy.yaml
path: envoy.yaml
- name: www-dir
emptyDir: {}
- name: wise-download-dir
hostPath:
type: Directory
path: {{ .Values.userspace.userData }}
- name: system-frontend-nginx-config
configMap:
name: system-frontend-nginx-config
items:
- key: nginx.conf
path: nginx.conf
- key: dashboard-control-hub.conf
path: dashboard-control-hub.conf
- key: profile-preview.conf
path: profile-preview.conf
- key: profile-editor.conf
path: profile-editor.conf
- key: wise.conf
path: wise.conf
- key: headscale.conf
path: headscale.conf
- key: settings.conf
path: settings.conf
- key: studio.conf
path: studio.conf
---
apiVersion: sys.bytetrade.io/v1alpha1
kind: ApplicationPermission
metadata:
name: dashboard-vault
namespace: user-system-{{ .Values.bfl.username }}
spec:
app: dashboard
appid: dashboard
key: {{ .Values.os.dashboard.appKey }}
secret: {{ .Values.os.dashboard.appSecret }}
permissions:
- dataType: secret
group: secret.infisical
ops:
- RetrieveSecret?workspace=dashboard
- CreateSecret?workspace=dashboard
- DeleteSecret?workspace=dashboard
- UpdateSecret?workspace=dashboard
- ListSecret?workspace=dashboard
version: v1
status:
state: active
---
apiVersion: sys.bytetrade.io/v1alpha1
kind: ApplicationPermission
metadata:
name: profile
namespace: user-system-{{ .Values.bfl.username }}
spec:
app: profile
appid: profile
key: {{ .Values.os.profile.appKey }}
secret: {{ .Values.os.profile.appSecret }}
permissions:
- dataType: datastore
group: service.bfl
ops:
- GetKey
- GetKeyPrefix
- SetKey
- DeleteKey
version: v1
- dataType: nft
group: service.settings
ops:
- getNFTAddress
version: v1
status:
state: active
---
apiVersion: sys.bytetrade.io/v1alpha1
kind: ApplicationPermission
metadata:
name: studio
namespace: user-system-{{ .Values.bfl.username }}
spec:
app: studio
appid: studio
key: {{ .Values.os.studio.appKey }}
secret: {{ .Values.os.studio.appSecret }}
permissions:
- dataType: app
group: service.appstore
ops:
- InstallDevApp
- UninstallDevApp
version: v1
- dataType: legacy_api
group: api.intent
appName: desktop
svc: edge-desktop
namespace: user-space
port: 80
ops:
- POST
version: v2
status:
state: active
---
apiVersion: sys.bytetrade.io/v1alpha1
kind: ApplicationPermission
metadata:
name: settings
namespace: user-system-{{ .Values.bfl.username }}
spec:
app: settings
appid: settings
key: {{ .Values.os.settings.appKey }}
secret: {{ .Values.os.settings.appSecret }}
permissions:
- dataType: config
group: service.desktop
ops:
- Update
version: v1
- dataType: secret
group: secret.infisical
ops:
- RetrieveSecret?workspace=settings
- CreateSecret?workspace=settings
- DeleteSecret?workspace=settings
- UpdateSecret?workspace=settings
- ListSecret?workspace=settings
version: v1
- dataType: headscale
group: service.headscale
ops:
- GetMachine
- RenameMachine
- DeleteMachine
- GetRoute
- EnableRoute
- DisableRoute
- SetTags
version: v1
- dataType: files
group: service.files
ops:
- Query
- GetSearchFolderStatus
- UpdateSearchFolderPaths
- GetDatasetFolderStatus
- UpdateDatasetFolderPaths
version: v1
- dataType: datastore
group: service.bfl
ops:
- GetKey
- GetKeyPrefix
- SetKey
- DeleteKey
version: v1
- dataType: app
group: service.bfl
ops:
- UserApps
version: v1
- dataType: config
group: service.desktop
ops:
- Update
version: v1
status:
state: active
---
apiVersion: sys.bytetrade.io/v1alpha1
kind: ProviderRegistry
metadata:
name: settings-nft
namespace: user-system-{{ .Values.bfl.username }}
spec:
dataType: nft
deployment: settings
description: Get Cloud Bind NFT List
endpoint: settings-service.{{ .Release.Namespace }}
group: service.settings
kind: provider
namespace: {{ .Release.Namespace }}
opApis:
- name: getNFTAddress
uri: /api/cloud/getNFTAddress
version: v1
status:
state: active
---
apiVersion: sys.bytetrade.io/v1alpha1
kind: ProviderRegistry
metadata:
name: settings-account
namespace: user-system-{{ .Values.bfl.username }}
spec:
dataType: account
deployment: settings
description: Get Acccount saved in Settings
endpoint: settings-service.{{ .Release.Namespace }}
group: service.settings
kind: provider
namespace: {{ .Release.Namespace }}
opApis:
- name: getAccount
uri: /api/account
version: v1
status:
state: active
---
apiVersion: sys.bytetrade.io/v1alpha1
kind: ProviderRegistry
metadata:
name: settings-backup-password
namespace: user-system-{{ .Values.bfl.username }}
spec:
dataType: backupPassword
deployment: settings
description: Get Backup Plan's Password
endpoint: settings-service.{{ .Release.Namespace }}
group: service.settings
kind: provider
namespace: {{ .Release.Namespace }}
opApis:
- name: getAccount
uri: /api/backup/password
version: v1
status:
state: active
---
apiVersion: sys.bytetrade.io/v1alpha1
kind: ProviderRegistry
metadata:
name: settings-event-watcher
namespace: user-system-{{ .Values.bfl.username }}
spec:
callbacks:
- filters:
type:
- app-installation-event
op: Create
uri: /api/event/app_installation_event
- filters:
type:
- settings-event
op: Create
uri: /api/event/app_installation_event
- filters:
type:
- entrance-state-event
op: Create
uri: /api/event/entrance_state_event
- filters:
type:
- system-upgrade-event
op: Create
uri: /api/event/system_upgrade_event
dataType: event
deployment: settings
description: desktop event watcher
endpoint: settings-service.{{ .Release.Namespace }}
group: message-disptahcer.system-server
kind: watcher
namespace: {{ .Release.Namespace }}
version: v1
status:
state: active
---
apiVersion: sys.bytetrade.io/v1alpha1
kind: ProviderRegistry
metadata:
name: settings-account-retrieve
namespace: user-system-{{ .Values.bfl.username }}
spec:
dataType: legacy_api
deployment: settings
description: settings account retrieve legacy api
endpoint: settings-service.{{ .Release.Namespace }}
group: service.settings
kind: provider
namespace: {{ .Release.Namespace }}
version: v1
opApis:
- name: POST
uri: /api/account/retrieve
- name: GET
uri: /api/account/all
- name: POST
uri: /api/cookie/retrieve
status:
state: active
---
kind: ConfigMap
apiVersion: v1
metadata:
name: system-frontend-nginx-config
namespace: {{ .Release.Namespace }}
annotations:
kubesphere.io/creator: bytetrade.io
data:
nginx.conf: |-
user nginx;
worker_processes 2;
worker_rlimit_nofile 65535;
worker_shutdown_timeout 240s;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
multi_accept on;
worker_connections 16384;
use epoll;
}
http {
aio threads;
aio_write on;
tcp_nopush on;
tcp_nodelay on;
log_subrequest on;
reset_timedout_connection on;
keepalive_timeout 75s;
keepalive_requests 100;
client_body_temp_path /tmp/client-body;
fastcgi_temp_path /tmp/fastcgi-temp;
proxy_temp_path /tmp/proxy-temp;
client_max_body_size 1g;
client_header_buffer_size 1k;
client_header_timeout 60s;
large_client_header_buffers 4 8k;
client_body_buffer_size 8k;
client_body_timeout 60s;
types_hash_max_size 2048;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 1024;
map_hash_bucket_size 64;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
variables_hash_bucket_size 256;
variables_hash_max_size 2048;
underscores_in_headers off;
ignore_invalid_headers on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
proxy_ssl_session_reuse on;
sendfile on;
resolver_timeout 30s;
send_timeout 60s;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
include /etc/nginx/conf.d/*.conf;
}
dashboard-control-hub.conf: |-
upstream SettingsServer {
server monitoring-server.os-system;
}
upstream Middleware {
server middleware-service.os-system;
}
upstream Analytics {
server anayltic2-server.os-system:3010;
}
server {
listen 81;
gzip off;
gzip_disable "msie6";
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_types *;
root /www/dashboard;
location / {
try_files $uri $uri/index.html /index.html;
add_header Cache-Control "private,no-cache";
add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
expires 0;
}
location /ws {
proxy_pass http://127.0.0.1:40010;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
location /bfl {
add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
proxy_pass http://bfl;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header X-Frame-Options SAMEORIGIN;
}
location /kapis {
proxy_pass http://SettingsServer;
}
location /api/profile/init {
proxy_pass http://127.0.0.1:3010;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api {
proxy_pass http://SettingsServer;
}
location /capi {
proxy_pass http://SettingsServer;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /js/api/send {
proxy_pass http://Analytics;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite ^/js(.*)$ $1 break;
}
location /analytics_service {
proxy_pass http://Analytics;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
rewrite ^/analytics_service(.*)$ $1 break;
}
location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
proxy_pass http://SettingsServer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location = /js/script.js {
add_header Access-Control-Allow-Origin "*";
}
location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
add_header Cache-Control "public, max-age=2678400";
}
}
server {
listen 82;
gzip off;
gzip_disable "msie6";
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_types *;
root /www/control-hub;
location / {
try_files $uri $uri/index.html /index.html;
add_header Cache-Control "private,no-cache";
add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
expires 0;
}
location /bfl {
add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
proxy_pass http://bfl;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header X-Frame-Options SAMEORIGIN;
}
location /kapis {
proxy_pass http://SettingsServer;
}
location /api {
proxy_pass http://SettingsServer;
}
location /current_user {
proxy_pass http://SettingsServer;
}
location /capi {
proxy_pass http://SettingsServer;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /js/api/send {
proxy_pass http://Analytics;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite ^/js(.*)$ $1 break;
}
location /analytics_service {
proxy_pass http://Analytics;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
rewrite ^/analytics_service(.*)$ $1 break;
}
location /middleware {
add_header 'Access-Control-Allow-Headers' 'x-api-nonce,x-api-ts,x-api-ver,x-api-source';
proxy_pass http://Middleware;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header X-Frame-Options SAMEORIGIN;
}
location ~ /(kapis/terminal|api/v1/watch|apis/apps/v1/watch) {
proxy_pass http://SettingsServer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location = /js/script.js {
add_header Access-Control-Allow-Origin "*";
}
location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
add_header Cache-Control "public, max-age=2678400";
}
}
profile-preview.conf: |-
server {
listen 8090;
# Gzip Settings
gzip off;
gzip_disable "msie6";
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types *;
root /www/profile-preview;
# normal routes
# serve given url and default to index.html if not found
# e.g. /, /user and /foo/bar will return index.html
location / {
try_files $uri $uri/index.html /index.html;
add_header Cache-Control "private,no-cache";
add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
expires 0;
}
location /api {
proxy_pass http://127.0.0.1:3010;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
{
add_header Cache-Control "public, max-age=2678400";
}
}
profile-editor.conf: |-
server {
listen 83;
# Gzip Settings
gzip off;
gzip_disable "msie6";
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types *;
root /www/profile-editor;
# normal routes
# serve given url and default to index.html if not found
# e.g. /, /user and /foo/bar will return index.html
location / {
try_files $uri $uri/index.html /index.html;
add_header Cache-Control "private,no-cache";
add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
expires 0;
}
location /api {
proxy_pass http://127.0.0.1:3010;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api/cloud/getNFTAddress {
proxy_pass http://127.0.0.1:80;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /images {
proxy_pass http://127.0.0.1:15080;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
}
location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
{
add_header Cache-Control "public, max-age=2678400";
}
}
wise.conf: |-
upstream KnowledgeServer {
server rss-svc:3010;
}
upstream RSSServer {
server rss-server.os-system:3010;
}
upstream ArgoworkflowsSever {
server argoworkflows-svc:2746;
}
server {
listen 84;
# Gzip Settings
gzip off;
gzip_disable "msie6";
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types *;
root /www/wise;
# normal routes
# serve given url and default to index.html if not found
# e.g. /, /user and /foo/bar will return index.html
location / {
try_files $uri $uri/index.html /index.html;
add_header Cache-Control "private,no-cache";
add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
expires 0;
}
location /ws {
proxy_pass http://rss-svc:40010;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
location /knowledge {
proxy_pass http://KnowledgeServer;
add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header X-Frame-Options SAMEORIGIN;
}
location /rss {
proxy_pass http://RSSServer;
add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header X-Frame-Options SAMEORIGIN;
}
location /api/v1 {
proxy_pass http://ArgoworkflowsSever;
}
location /artifact-files {
proxy_pass http://ArgoworkflowsSever;
}
location ~ ^/download/preview/(.*)$
{
alias /data/Home/$1;
}
location /videos/ {
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Credentials true;
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
add_header Access-Control-Allow-Headers "access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,content-type,x-auth,x-unauth-error,x-authorization";
add_header Access-Control-Allow-Methods "PUT, GET, DELETE, POST, OPTIONS";
add_header Access-Control-Allow-Origin $http_origin;
proxy_pass http://media-server-service.os-system:9090;
}
location /api {
proxy_pass http://files-service.os-system:80;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 600s;
client_max_body_size 4000M;
proxy_request_buffering off;
keepalive_timeout 750s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
location /upload {
proxy_pass http://files-service.os-system:80;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
add_header Accept-Ranges bytes;
client_body_timeout 600s;
client_max_body_size 4000M;
proxy_request_buffering off;
keepalive_timeout 750s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
# # files
# # for all routes matching a dot, check for files and return 404 if not found
# # e.g. /file.js returns a 404 if not found
location ~.*\.(js|css|png|jpg|svg|woff|woff2)$
{
add_header Cache-Control "public, max-age=2678400";
}
}
headscale.conf: |-
server {
listen 85;
# Gzip Settings
gzip on;
gzip_disable "msie6";
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types *;
index index.html;
location /ts2021 {
proxy_pass http://headscale-server-svc:8080;
proxy_method POST;
proxy_http_version 1.1;
proxy_set_header Upgrade 'tailscale-control-protocol';
proxy_set_header Connection '$connection_upgrade';
more_set_headers 'Upgrade: $http_upgrade';
}
location / {
proxy_pass http://headscale-server-svc:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection '$connection_upgrade';
}
}
settings.conf: |-
upstream SettingsServer_Monitoring {
server monitoring-server.os-system;
}
upstream InfisicalServer {
server infisical-service:8080;
}
upstream NotificationServer {
server notifications-server;
}
server {
listen 86;
# Gzip Settings
gzip off;
gzip_disable "msie6";
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types *;
root /www/settings;
# normal routes
# serve given url and default to index.html if not found
# e.g. /, /user and /foo/bar will return index.html
location / {
try_files $uri $uri/index.html /index.html;
add_header Cache-Control "private,no-cache";
add_header Last-Modified "Oct, 03 Jan 2022 13:46:41 GMT";
expires 0;
}
location /ws {
proxy_pass http://127.0.0.1:40010;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
location /kapis {
proxy_pass http://SettingsServer_Monitoring;
# rewrite ^/server(.*)$ $1 break;
# Add original-request-related headers
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /headscale {
proxy_pass http://127.0.0.1:3010;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api {
proxy_pass http://127.0.0.1:3010;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
}
location /drive {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
}
location /api/cloud/sign {
proxy_pass http://127.0.0.1:3010;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
}
location /admin {
proxy_pass http://InfisicalServer;
}
location /images {
proxy_pass http://127.0.0.1:15080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
}
location /vault {
add_header Access-Control-Allow-Headers "x-authorization";
proxy_pass http://vault-admin-server:3010;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
}
location /notification {
proxy_pass http://NotificationServer;
}
location ~.*\.(js|css|png|jpg|svg|woff|woff2)$ {
add_header Cache-Control "public, max-age=2678400";
}
}
studio.conf: |-
server {
listen 87;
# Gzip Settings
gzip off;
gzip_disable "msie6";
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types *;
root /www/studio;
location / {
add_header Cache-Control "no-store";
try_files $uri $uri/index.html /index.html;
}
location /api/ {
proxy_pass http://studio-server:8080;
proxy_set_header Host $http_host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection '$connection_upgrade';
proxy_read_timeout 180;
}
}
Reference in New Issue View Git Blame Copy Permalink