Skip to content

Commit

Permalink
fix: nginx ???
Browse files Browse the repository at this point in the history
  • Loading branch information
Raphael Kabo committed Dec 6, 2023
1 parent af10c85 commit 8d1c654
Show file tree
Hide file tree
Showing 3 changed files with 147 additions and 1 deletion.
19 changes: 18 additions & 1 deletion .github/workflows/cypress-e2e.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,30 @@ jobs:
with:
cache: yarn

- name: Setup OS, Nginx, and Certs
run: |
sudo apt-get update -y
sudo apt-get install -y libnss3-tools
sudo service nginx restart
wget -q https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64
wget -q https://github.com/guardian/dev-nginx/releases/latest/download/dev-nginx.tar.gz
sudo cp mkcert-v1.4.3-linux-amd64 /usr/local/bin/mkcert
sudo chmod +x /usr/local/bin/mkcert
sudo mkdir -p /usr/local/bin/dev-nginx
sudo tar -xzf dev-nginx.tar.gz -C /usr/local
sudo chmod +x /usr/local/bin/dev-nginx
sudo dev-nginx setup-cert "profile.thegulocal.com"
sudo dev-nginx setup-cert "manage.thegulocal.com"
sudo cp ./cypress/cypress-nginx.conf /etc/nginx/nginx.conf
sudo dev-nginx restart-nginx
- name: Cypress run
uses: cypress-io/github-action@v6
env:
IDAPI_CLIENT_ACCESS_TOKEN: ${{ secrets.IDAPI_CLIENT_ACCESS_TOKEN }}
with:
start: yarn cypress:e2e:server
wait-on: 'http://localhost:9234, http://localhost:9233'
wait-on: 'http://manage.thegulocal.com'
wait-on-timeout: 30
quiet: true
browser: chrome
Expand Down
98 changes: 98 additions & 0 deletions cypress/cypress-nginx.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
# NGINX Conf file used by Cypress-Nginx Github actions
# so we can run cypress tests against the local nginx server
# with a ssl cert set on the domain

#user nobody;
worker_processes 1;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

# fixes issues for large response headers
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;


# manage.thegulocal.com
# ======================
server {
listen 443 ssl;
server_name manage.thegulocal.com;
proxy_http_version 1.1; # this is essential for chunked responses to work

ssl_certificate manage.thegulocal.com.crt;
ssl_certificate_key manage.thegulocal.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://localhost:9234/;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

server {
listen 443 ssl;
server_name profile.thegulocal.com;
proxy_http_version 1.1; # this is essential for chunked responses to work

ssl_certificate profile.thegulocal.com.crt;
ssl_certificate_key profile.thegulocal.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

# dummy location header for the API
proxy_set_header X-GU-ID-Geolocation ip:$remote_addr,country:GB,city:Leeds;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

location / {
proxy_pass https://profile.code.dev-theguardian.com;
proxy_next_upstream error timeout http_404 non_idempotent;
proxy_set_header "X-Forwarded-Proto" "https";
proxy_set_header "X-GU-Okta-Env" "profile.code.dev-theguardian.com";
proxy_set_header Host profile.code.dev-theguardian.com;
proxy_set_header Origin https://profile.code.dev-theguardian.com;
proxy_set_header Accept-Encoding "";
proxy_hide_header Content-Security-Policy;

proxy_cookie_domain profile.code.dev-theguardian.com profile.thegulocal.com;
proxy_cookie_domain .code.dev-theguardian.com .thegulocal.com;

sub_filter_types application/json;
sub_filter_once off;
sub_filter 'profile.code.dev-theguardian.com' 'profile.thegulocal.com';

######
# remove `sid` cookie in requests to Gateway
# save original "Cookie" header value
set $altered_cookie $http_cookie;
# check if the "sid" cookie is present
if ($http_cookie ~ '(.*)(^|;\s)sid=("[^"]*"|[^\s]*[^;]?)(\2|$|;$)(?:;\s)?(.*)') {
# cut "sid" cookie from the string
set $altered_cookie $1$4$5;
}
# hide original "Cookie" header
proxy_hide_header Cookie;
# set "Cookie" header to the new value
proxy_set_header Cookie $altered_cookie;
######
}
}
}
31 changes: 31 additions & 0 deletions nginx/identity-frontend-CODE-fallback.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,21 @@ server {
proxy_set_header Connection "Upgrade";
proxy_set_header "X-GU-Okta-Env" "profile.code.dev-theguardian.com";

######
# remove `sid` cookie in requests to Gateway
# save original "Cookie" header value
set $altered_cookie $http_cookie;
# check if the "sid" cookie is present
if ($http_cookie ~ '(.*)(^|;\s)sid=("[^"]*"|[^\s]*[^;]?)(\2|$|;$)(?:;\s)?(.*)') {
# cut "sid" cookie from the string
set $altered_cookie $1$4$5;
}
# hide original "Cookie" header
proxy_hide_header Cookie;
# set "Cookie" header to the new value
proxy_set_header Cookie $altered_cookie;
######

proxy_intercept_errors on;
error_page 404 502 503 504 = @fallback;
}
Expand All @@ -46,6 +61,22 @@ server {
sub_filter_types application/json;
sub_filter_once off;
sub_filter 'profile.code.dev-theguardian.com' 'profile.thegulocal.com';

######
# remove `sid` cookie in requests to Gateway
# save original "Cookie" header value
set $altered_cookie $http_cookie;
# check if the "sid" cookie is present
if ($http_cookie ~ '(.*)(^|;\s)sid=("[^"]*"|[^\s]*[^;]?)(\2|$|;$)(?:;\s)?(.*)') {
# cut "sid" cookie from the string
set $altered_cookie $1$4$5;
}
# hide original "Cookie" header
proxy_hide_header Cookie;
# set "Cookie" header to the new value
proxy_set_header Cookie $altered_cookie;
######

error_page 404 502 503 504 = @fallback;
}

Expand Down

0 comments on commit 8d1c654

Please sign in to comment.