mirror of
https://github.com/mainflux/mainflux.git
synced 2025-04-28 13:48:49 +08:00
530f925c4d
* remove owner id Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add users endpoint for retrieving users from group Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove groups from things and users Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move groups into auth Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * separate endpoints for users and things Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix problems with retrieving members Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add groups test Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove groups from users Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove groups from things Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * rename constant Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add new errors Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove unnecessary constants Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix validation Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * create groups db mock Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * adding tests Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * revert changes to docker related files Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove groups endpoints from users openapi Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove groups endpoints from users openapi Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move constant from postgres to groups Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move constant from postgres to groups Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move constant from postgres to groups Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove testing group Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * renam typ to groupType Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add error for max level Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove print Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove groups.Member interface Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix query building and add test cases Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * uncomment tests Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * move groups package Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove group type, add bulk assign and unassign Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update openapi, remove parentID from create request, reorder endpoints Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update openapi Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * update openapi for users and things Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix groups test Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix linter errors Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * resolve comments Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * rename assignReq structure Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor mocks, response, remove type from endpoint Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * some refactor, renaming, errors Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * simplify check Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove package alias Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix naming and comment Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * additional comments Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add members grpc endpoint test Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix retrieving members for different types Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix retrieving members for different types Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove unecessary structure Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix api grpc Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * rename const Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactore retrieve parents and children with common function Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * small changes for errors Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix compile error Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix sorting in mock Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove regexp for groups Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * revert as change is made by mistake Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * revert as change is made by mistake Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * refactor groups and keys package Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix naming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix naming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix test for timestamp compare Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix error handling Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * remove errors not being used Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * var renaming Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * resolve comments Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor changes Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix test Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * add endpoints for groups into nginx Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * reorganize endpoints, remove some errors Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * reorganize endpoints, remove some errors Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * small fix Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix linter errors Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * minor changes Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * resolve comments Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix group save path problem Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * description constant Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * rename variables Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix validation Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * get back return Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com> * fix compile Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
146 lines
4.6 KiB
Plaintext
146 lines
4.6 KiB
Plaintext
# Copyright (c) Mainflux
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
# This is the Mainflux NGINX configuration for mututal authentication based on X.509 certifiactes.
|
|
|
|
user nginx;
|
|
worker_processes auto;
|
|
worker_cpu_affinity auto;
|
|
pid /run/nginx.pid;
|
|
load_module /etc/nginx/modules/ngx_stream_js_module.so;
|
|
load_module /etc/nginx/modules/ngx_http_js_module.so;
|
|
include /etc/nginx/modules-enabled/*.conf;
|
|
|
|
events {
|
|
# Explanation: https://serverfault.com/questions/787919/optimal-value-for-nginx-worker-connections
|
|
# We'll keep 10k connections per core (assuming one worker per core)
|
|
worker_connections 10000;
|
|
}
|
|
|
|
http {
|
|
include snippets/http_access_log.conf;
|
|
|
|
js_include authorization.js;
|
|
js_set $auth_key setKey;
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# Include single-node or multiple-node (cluster) upstream
|
|
include snippets/mqtt-ws-upstream.conf;
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
listen 443 ssl http2 default_server;
|
|
listen [::]:443 ssl http2 default_server;
|
|
ssl_verify_client optional;
|
|
include snippets/ssl.conf;
|
|
include snippets/ssl-client.conf;
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header Access-Control-Allow-Origin '*';
|
|
add_header Access-Control-Allow-Methods '*';
|
|
add_header Access-Control-Allow-Headers '*';
|
|
|
|
server_name localhost;
|
|
|
|
# Proxy pass to users service
|
|
location /groups/users/ {
|
|
include snippets/proxy-headers.conf;
|
|
proxy_pass http://users:${MF_USERS_HTTP_PORT}/groups/;
|
|
}
|
|
|
|
# Proxy pass to users service
|
|
location ~ ^/(users|tokens|password) {
|
|
include snippets/proxy-headers.conf;
|
|
proxy_pass http://users:${MF_USERS_HTTP_PORT};
|
|
}
|
|
|
|
|
|
# Proxy pass to things service
|
|
location /groups/things/ {
|
|
include snippets/proxy-headers.conf;
|
|
add_header Access-Control-Expose-Headers Location;
|
|
proxy_pass http://things:${MF_THINGS_HTTP_PORT}/groups/;
|
|
}
|
|
|
|
# Proxy pass to things service
|
|
location ~ ^/(things|channels|connect) {
|
|
include snippets/proxy-headers.conf;
|
|
add_header Access-Control-Expose-Headers Location;
|
|
proxy_pass http://things:${MF_THINGS_HTTP_PORT};
|
|
}
|
|
|
|
location ~ ^/(groups|members|keys) {
|
|
include snippets/proxy-headers.conf;
|
|
add_header Access-Control-Expose-Headers Location;
|
|
proxy_pass http://auth:${MF_AUTH_HTTP_PORT};
|
|
}
|
|
|
|
|
|
location /version {
|
|
include snippets/proxy-headers.conf;
|
|
proxy_pass http://things:${MF_THINGS_HTTP_PORT};
|
|
}
|
|
|
|
# Proxy pass to mainflux-http-adapter
|
|
location /http/ {
|
|
include snippets/verify-ssl-client.conf;
|
|
include snippets/proxy-headers.conf;
|
|
proxy_set_header Authorization $auth_key;
|
|
|
|
# Trailing `/` is mandatory. Refer to the http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
|
|
# If the proxy_pass directive is specified with a URI, then when a request is passed to the server,
|
|
# the part of a normalized request URI matching the location is replaced by a URI specified in the directive
|
|
proxy_pass http://http-adapter:${MF_HTTP_ADAPTER_PORT}/;
|
|
}
|
|
|
|
# Proxy pass to mainflux-mqtt-adapter over WS
|
|
location /mqtt {
|
|
include snippets/verify-ssl-client.conf;
|
|
include snippets/proxy-headers.conf;
|
|
include snippets/ws-upgrade.conf;
|
|
proxy_pass http://mqtt_ws_cluster;
|
|
}
|
|
}
|
|
}
|
|
|
|
# MQTT
|
|
stream {
|
|
include snippets/stream_access_log.conf;
|
|
|
|
# Include JS script for mTLS
|
|
js_include authorization.js;
|
|
|
|
# Include single-node or multiple-node (cluster) upstream
|
|
include snippets/mqtt-upstream.conf;
|
|
ssl_verify_client on;
|
|
include snippets/ssl-client.conf;
|
|
|
|
server {
|
|
listen ${MF_NGINX_MQTT_PORT};
|
|
listen [::]:${MF_NGINX_MQTT_PORT};
|
|
listen ${MF_NGINX_MQTTS_PORT} ssl;
|
|
listen [::]:${MF_NGINX_MQTTS_PORT} ssl;
|
|
|
|
include snippets/ssl.conf;
|
|
js_preread authenticate;
|
|
|
|
proxy_pass mqtt_cluster;
|
|
}
|
|
}
|
|
|
|
error_log info.log info;
|