根据不同的上游服务将 Nginx 默认 conf 拆分为单独的文件

根据不同的上游服务将 Nginx 默认 conf 拆分为单独的文件

拥有一个正在运行的 Nginx 身份验证代理服务器,并且default.conf.template文件不断增长。

想要根据不同的上游服务将其拆分为多个文件。

./templates/default.conf.template 文件:

js_import scripts/auth.js;
 
upstream payment {
    server ${PAYMENT_SVC_HOST};
}
 
upstream eligibility {
    server ${ELIGIBILITY_SVC_HOST};
}
 
upstream datasource {
    server ${DATASOURCE_SVC_HOST};
}
 
map $http_origin $allow_origin {
  '~^${ALLOWED_ORIGINS}$' $http_origin;
  default "";
}
 
server {
    listen       80;
    server_name  localhost;
 
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
    add_header Access-Control-Expose-Header "Content-Disposition" always;
    add_header Access-Control-Expose-Headers "x-b3-traceid" always;
    add_header Access-Control-Allow-Origin $allow_origin always;
    add_header Access-Control-Allow-Methods '*' always;
    add_header Access-Control-Allow-Headers '*' always;
    add_header Access-Control-Allow-Credentials 'true' always;
 
    error_page 401 = @handle_auth_401;
    error_page 403 = @handle_auth_403;
    error_page 500 = @handle_auth_500;
 
    location /__healthcheck {
        return 200;
    }
 
    location /payment {
        include cors.conf;
        proxy_intercept_errors off;
        default_type  application/json;
        auth_request  /_oauth2_token_introspection;
        rewrite ^/payment(/.*)$ $1 break;
        proxy_pass  http://payment;
        proxy_set_header x-b3-traceid $request_id;
    }
 
    location /eligibility {
        include cors.conf;
        proxy_intercept_errors off;
        default_type  application/json;
        auth_request /_oauth2_token_introspection;
        rewrite ^/eligibility/(.*)$ /api/v1/$1 break;
        proxy_pass  http://eligibility;
        proxy_set_header x-b3-traceid $request_id;
    }
 
    location /datasource {
        include cors.conf;
        proxy_intercept_errors off;
        default_type  application/json;
        auth_request /_oauth2_token_introspection;
        rewrite ^/datasource/(.*)$ /v1/$1 break;
        proxy_pass  http://datasource;
        proxy_set_header x-b3-traceid $request_id;
    }
 
    location = /_oauth2_token_introspection {
        internal;
        js_content auth.introspectToken;
    }
 
    location /_oauth2_do_introspection {
        internal;
        js_set  $auth_token auth.getToken;
        proxy_method  POST;
        proxy_set_header  Content-Type  "application/x-www-form-urlencoded";
        proxy_set_body    "client_id=${BFF_CLIENT_ID}&client_secret=${BFF_CLIENT_SECRET}&token=$auth_token";
        proxy_pass        ${TOKEN_INTROSPECTION_URL};
 
        proxy_cache       token_responses;
        proxy_cache_key   $auth_token;
        proxy_cache_lock  on;
        proxy_cache_valid 200 5s;
        proxy_ignore_headers  Cache-Control Expires Set-Cookie;
    }
 
    location @handle_auth_401 {
        default_type  application/json;
        return 401 '{"timestamp":"$time_iso8601","status":401,"error":"Unauthorized","path":"$request_uri"}';
    }
 
    location @handle_auth_403 {
        default_type  application/json;
        return 403 '{"timestamp":"$time_iso8601","status":403,"error":"Forbidden","path":"$request_uri"}';
    }
 
    location @handle_auth_500 {
        default_type  application/json;
        return 500 '{"timestamp":"$time_iso8601","status":500,"error":"Internal Server Error","path":"$request_uri"}';
    }
}

  尝试移动upstreamlocation块,但是直到我移动与令牌自省相关的所有内容(代码重复)后才起作用。

最好的方法是什么?

如果需要更多详细信息,请告诉我。

相关内容