2022-10-06 17:41:43 +02:00
|
|
|
include apigw_backends.conf;
|
|
|
|
|
include apigw_keys.conf;
|
|
|
|
|
|
|
|
|
|
server {
|
2022-10-06 19:52:12 +02:00
|
|
|
access_log /var/log/nginx/apigw_access.log main;
|
|
|
|
|
error_log /var/log/nginx/apigw_error.log warn;
|
2022-10-06 17:41:43 +02:00
|
|
|
|
|
|
|
|
listen 80;
|
|
|
|
|
# listen 443 ssl;
|
|
|
|
|
# server_name apigw_svc; # container name from stack config
|
|
|
|
|
# server_name api.example.com;
|
|
|
|
|
|
|
|
|
|
# TLS config
|
|
|
|
|
# ssl_certificate /etc/ssl/certs/apigw.example.com.crt;
|
|
|
|
|
# ssl_certificate_key /etc/ssl/private/apigw.example.com.key;
|
|
|
|
|
# ssl_session_cache shared:SSL:10m;
|
|
|
|
|
# ssl_session_timeout 5m;
|
|
|
|
|
# ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
|
|
# ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
|
|
|
|
|
|
# API definitions, one per file
|
|
|
|
|
include apigw_conf.d/*.conf;
|
|
|
|
|
|
|
|
|
|
# Error responses
|
|
|
|
|
# error_page 404 = @400; # Treat invalid paths as bad requests
|
|
|
|
|
proxy_intercept_errors on; # Do not send backend errors to client
|
|
|
|
|
include apigw_json_errors.conf; # API client-friendly JSON errors
|
|
|
|
|
default_type application/json; # If no content-type, assume JSON
|
|
|
|
|
|
|
|
|
|
# API key validation
|
|
|
|
|
location = /_validate_apikey {
|
|
|
|
|
internal;
|
|
|
|
|
|
|
|
|
|
if ($http_apikey = "") {
|
|
|
|
|
return 401; # Unauthorized
|
|
|
|
|
}
|
|
|
|
|
if ($apigw_client_name = "") {
|
|
|
|
|
return 403; # Forbidden
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 204; # OK (no content)
|
|
|
|
|
}
|
|
|
|
|
}
|
