ShellHubNative/Server/config/openresty.conf

user www-data;
worker_processes 1;

events {
    worker_connections 1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    error_log /var/log/nginx_error.log;

    client_body_temp_path /var/run/openresty/nginx-client-body;
    proxy_temp_path       /var/run/openresty/nginx-proxy;
    fastcgi_temp_path     /var/run/openresty/nginx-fastcgi;
    uwsgi_temp_path       /var/run/openresty/nginx-uwsgi;
    scgi_temp_path        /var/run/openresty/nginx-scgi;

    sendfile        on;

    keepalive_timeout  65;

    map $http_x_real_ip $x_real_ip {
        default $http_x_real_ip;
        "" $remote_addr;
    }

    server {
        include    /opt/ShellHub/nginx.env;
        listen 80;
        
        server_name _;
        resolver 127.0.0.1 ipv6=off;
        root /opt/ShellHub/ui;
        
        location / {
            add_header Cache-Control "no-cache, no-store";
            add_header Pragma "no-cache";

            index index.html index.htm;
            try_files $uri $uri/ /index.html;
        }

        location /api {
            auth_request /auth;
            auth_request_set $tenant_id $upstream_http_x_tenant_id;
            auth_request_set $username $upstream_http_x_username;
            error_page 500 =401 /auth;
            rewrite ^/api/(.*)$ /api/$1 break;
            proxy_set_header X-Tenant-ID $tenant_id;
            proxy_set_header X-Username $username;
            proxy_pass http://127.0.0.1:8080;
        }

        location /ssh/connection {
            auth_request /auth;
            auth_request_set $device_uid $upstream_http_x_device_uid;
            proxy_pass http://127.0.0.1:8081;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $x_real_ip;
            proxy_set_header X-Device-UID $device_uid;
            proxy_http_version 1.1;
            proxy_cache_bypass $http_upgrade;
            proxy_redirect off;
        }

        location /ssh/revdial {
            proxy_pass http://127.0.0.1:8081;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $x_real_ip;
            proxy_http_version 1.1;
            proxy_cache_bypass $http_upgrade;
            proxy_redirect off;
        }

        location /ssh/auth {
            auth_request /auth;
            auth_request_set $device_uid $upstream_http_x_device_uid;
            error_page 500 =401 /auth;
            proxy_pass http://127.0.0.1:8080;
            proxy_set_header X-Device-UID $device_uid;
        }

        location ~* /api/sessions/(.*)/close {
            auth_request /auth;
            auth_request_set $tenant_id $upstream_http_x_tenant_id;
            error_page 500 =401 /auth;
            rewrite ^/api/(.*)$ /$1 break;
            proxy_set_header X-Tenant-ID $tenant_id;
            proxy_pass http://127.0.0.1:8081;
        }

        location /api/devices/auth {
            auth_request off;
            rewrite ^/api/(.*)$ /api/$1 break;
            proxy_pass http://127.0.0.1:8080;
        }

        location /api/login {
            auth_request off;
            rewrite ^/api/(.*)$ /api/$1 break;
            proxy_pass http://127.0.0.1:8080;
        }

        location /auth {
            internal;
            rewrite ^/(.*)$ /internal/$1 break;
            proxy_pass http://127.0.0.1:8080;
        }

        location /ws {
            proxy_pass http://ssh:8081;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;

            proxy_set_header X-Real-IP $x_real_ip;
            proxy_http_version 1.1;
            proxy_cache_bypass $http_upgrade;
            proxy_redirect off;
        }

        location /info {
            default_type application/json;

            content_by_lua_block {
                local host=ngx.var.http_host
                local ssh_port=ngx.var.SHELLHUB_SSH_PORT
                local version=ngx.var.SHELLHUB_VERSION
                local json = require('cjson')
                local data = {version=version, endpoints={api=host, ssh=host .. ":" .. ssh_port}}
                ngx.say(json.encode(data))
            }
        }
        location ~ ^/(install.sh|kickstart.sh)$ {
        default_type "text/x-shellscript";
        index nonexistingindex.htm;
            content_by_lua_block {
                local host=ngx.var.http_host
                local scheme = ngx.var.http_x_forwarded_proto ~= '' and ngx.var.http_x_forwarded_proto or ngx.var.scheme
                local tenant_id=ngx.var.arg_tenant_id
                local keepalive_interval=ngx.var.arg_keepalive_interval
                local preferred_hostname=ngx.var.arg_preferred_hostname
                local version=ngx.var.SHELLHUB_VERSION
                local template = require "resty.template"
                template.render("kickstart.sh", {
                    scheme = scheme,
                    host = host,
                    tenant_id = tenant_id,
                    keepalive_interval = keepalive_interval,
                    preferred_hostname = preferred_hostname,
                    version = version
                })
            }
        }

    }

}