user www-data; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; error_log /var/log/nginx_error.log; client_body_temp_path /var/run/openresty/nginx-client-body; proxy_temp_path /var/run/openresty/nginx-proxy; fastcgi_temp_path /var/run/openresty/nginx-fastcgi; uwsgi_temp_path /var/run/openresty/nginx-uwsgi; scgi_temp_path /var/run/openresty/nginx-scgi; sendfile on; keepalive_timeout 65; map $http_x_real_ip $x_real_ip { default $http_x_real_ip; "" $remote_addr; } server { include /opt/ShellHub/nginx.env; listen 80; server_name _; resolver 127.0.0.1 ipv6=off; root /opt/ShellHub/ui; location / { add_header Cache-Control "no-cache, no-store"; add_header Pragma "no-cache"; index index.html index.htm; try_files $uri $uri/ /index.html; } location /api { auth_request /auth; auth_request_set $tenant_id $upstream_http_x_tenant_id; auth_request_set $username $upstream_http_x_username; error_page 500 =401 /auth; rewrite ^/api/(.*)$ /api/$1 break; proxy_set_header X-Tenant-ID $tenant_id; proxy_set_header X-Username $username; proxy_pass http://127.0.0.1:8080; } location /ssh/connection { auth_request /auth; auth_request_set $device_uid $upstream_http_x_device_uid; proxy_pass http://127.0.0.1:8081; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $x_real_ip; proxy_set_header X-Device-UID $device_uid; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_redirect off; } location /ssh/revdial { proxy_pass http://127.0.0.1:8081; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $x_real_ip; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_redirect off; } location /ssh/auth { auth_request /auth; auth_request_set $device_uid $upstream_http_x_device_uid; error_page 500 =401 /auth; proxy_pass http://127.0.0.1:8080; proxy_set_header X-Device-UID $device_uid; } location ~* /api/sessions/(.*)/close { auth_request /auth; auth_request_set $tenant_id $upstream_http_x_tenant_id; error_page 500 =401 /auth; rewrite ^/api/(.*)$ /$1 break; proxy_set_header X-Tenant-ID $tenant_id; proxy_pass http://127.0.0.1:8081; } location /api/devices/auth { auth_request off; rewrite ^/api/(.*)$ /api/$1 break; proxy_pass http://127.0.0.1:8080; } location /api/login { auth_request off; rewrite ^/api/(.*)$ /api/$1 break; proxy_pass http://127.0.0.1:8080; } location /auth { internal; rewrite ^/(.*)$ /internal/$1 break; proxy_pass http://127.0.0.1:8080; } location /ws { proxy_pass http://ssh:8081; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $x_real_ip; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_redirect off; } location /info { default_type application/json; content_by_lua_block { local host=ngx.var.http_host local ssh_port=ngx.var.SHELLHUB_SSH_PORT local version=ngx.var.SHELLHUB_VERSION local json = require('cjson') local data = {version=version, endpoints={api=host, ssh=host .. ":" .. ssh_port}} ngx.say(json.encode(data)) } } location ~ ^/(install.sh|kickstart.sh)$ { default_type "text/x-shellscript"; index nonexistingindex.htm; content_by_lua_block { local host=ngx.var.http_host local scheme = ngx.var.http_x_forwarded_proto ~= '' and ngx.var.http_x_forwarded_proto or ngx.var.scheme local tenant_id=ngx.var.arg_tenant_id local keepalive_interval=ngx.var.arg_keepalive_interval local preferred_hostname=ngx.var.arg_preferred_hostname local version=ngx.var.SHELLHUB_VERSION local template = require "resty.template" template.render("kickstart.sh", { scheme = scheme, host = host, tenant_id = tenant_id, keepalive_interval = keepalive_interval, preferred_hostname = preferred_hostname, version = version }) } } } }