241 lines
8.0 KiB
Nginx Configuration File
241 lines
8.0 KiB
Nginx Configuration File
worker_processes auto;
|
|
error_log /var/logs/nginx/error.log debug;
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
use epoll;
|
|
multi_accept on;
|
|
}
|
|
|
|
http {
|
|
include '/etc/nginx/mime.types';
|
|
default_type application/octet-stream;
|
|
|
|
keepalive_timeout 65;
|
|
keepalive_requests 100000;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
|
|
proxy_buffers 16 16k;
|
|
proxy_buffer_size 32k;
|
|
proxy_busy_buffers_size 64k;
|
|
proxy_max_temp_file_size 128k;
|
|
|
|
|
|
gzip on;
|
|
gzip_disable "msie6";
|
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
|
|
|
|
server {
|
|
listen 80;
|
|
server_name YOUR_DOMAIN;
|
|
|
|
client_max_body_size 0;
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
root /var/www/certbot;
|
|
}
|
|
|
|
location / {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name YOUR_DOMAIN;
|
|
ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
|
|
root /var/www/html;
|
|
|
|
gzip on;
|
|
gzip_types text/css application/javascript application/json image/svg+xml;
|
|
gzip_comp_level 9;
|
|
etag on;
|
|
|
|
location /sw.js {
|
|
add_header Cache-Control "no-cache";
|
|
proxy_cache_bypass $http_pragma;
|
|
proxy_cache_revalidate on;
|
|
expires off;
|
|
access_log off;
|
|
}
|
|
|
|
|
|
location /oauth2 {
|
|
expires -1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Auth-Request-Redirect $request_uri;
|
|
proxy_pass http://localhost:4180$uri$is_args$args;
|
|
}
|
|
|
|
location /oauth2/callback {
|
|
proxy_pass http://localhost:4180;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
location /oauth2/sign_out {
|
|
expires -1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Auth-Request-Redirect /oauth2/sign_in;
|
|
proxy_pass http://localhost:4180;
|
|
}
|
|
|
|
|
|
location /pacs/ {
|
|
auth_request /oauth2/auth;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
expires 0;
|
|
add_header Cache-Control private;
|
|
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
|
add_header 'Access-Control-Allow-Headers' 'Authorization, Origin, X-Requested-With, Content-Type, Accept' always;
|
|
|
|
if ($request_method = OPTIONS) {
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
add_header 'Access-Control-Allow-Headers' 'Authorization, Origin, X-Requested-With, Content-Type, Accept';
|
|
add_header 'Access-Control-Max-Age' 1728000;
|
|
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
|
add_header 'Content-Length' 0;
|
|
return 204;
|
|
}
|
|
|
|
rewrite ^/pacs/(.*) /dcm4chee-arc/aets/DCM4CHEE/rs/$1 break;
|
|
proxy_pass http://arc:8080;
|
|
}
|
|
|
|
location /pacs-admin {
|
|
return 301 /pacs-admin/;
|
|
}
|
|
|
|
# Redirect /pacs-admin to /dcm4chee-arc/ui2/
|
|
location = /pacs-admin {
|
|
return 301 $scheme://$host/dcm4chee-arc/ui2/;
|
|
}
|
|
|
|
# Handle /pacs-admin/ requests
|
|
location /pacs-admin/ {
|
|
return 301 $scheme://$host/dcm4chee-arc/ui2/;
|
|
}
|
|
|
|
# Proxy pass for /dcm4chee-arc/ui2/
|
|
location /dcm4chee-arc/ui2/ {
|
|
error_page 401 = /oauth2/sign_in?rd=$scheme://$host$request_uri;
|
|
auth_request /oauth2/auth?allowed_groups=pacsadmin;
|
|
|
|
auth_request_set $user $upstream_http_x_auth_request_user;
|
|
auth_request_set $token $upstream_http_x_auth_request_access_token;
|
|
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
|
|
|
proxy_set_header X-User $user;
|
|
proxy_set_header X-Access-Token $token;
|
|
add_header Set-Cookie $auth_cookie;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
expires 0;
|
|
add_header Cache-Control private;
|
|
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
|
add_header 'Access-Control-Allow-Headers' 'Authorization, Origin, X-Requested-With, Content-Type, Accept' always;
|
|
|
|
if ($request_method = OPTIONS) {
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
|
add_header 'Access-Control-Allow-Headers' 'Authorization, Origin, X-Requested-With, Content-Type, Accept';
|
|
add_header 'Access-Control-Max-Age' 1728000;
|
|
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
|
add_header 'Content-Length' 0;
|
|
return 204;
|
|
}
|
|
|
|
proxy_pass http://arc:8080;
|
|
}
|
|
|
|
# Proxy pass for other /dcm4chee-arc/ requests
|
|
location /dcm4chee-arc/ {
|
|
proxy_pass http://arc:8080;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
|
|
location /pacs {
|
|
return 301 /pacs/;
|
|
}
|
|
|
|
|
|
location /ohif-viewer/ {
|
|
expires -1;
|
|
error_page 401 = /oauth2/sign_in?rd=$scheme://$host$request_uri;
|
|
auth_request /oauth2/auth;
|
|
|
|
auth_request_set $user $upstream_http_x_auth_request_user;
|
|
auth_request_set $token $upstream_http_x_auth_request_access_token;
|
|
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
|
|
|
proxy_set_header X-User $user;
|
|
proxy_set_header X-Access-Token $token;
|
|
add_header Set-Cookie $auth_cookie;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
index index.html;
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
|
|
|
|
location /ohif-viewer {
|
|
return 301 /ohif-viewer/;
|
|
}
|
|
|
|
location = / {
|
|
return 301 /ohif-viewer/;
|
|
}
|
|
|
|
location / {
|
|
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
|
add_header 'Cross-Origin-Opener-Policy' 'same-origin' always;
|
|
add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always;
|
|
}
|
|
|
|
location /keycloak/ {
|
|
proxy_pass http://keycloak:8080/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
location /keycloak {
|
|
return 301 /keycloak/;
|
|
}
|
|
}
|
|
}
|