worker_processes auto;
|
daemon off;
|
pid /tmp/nginx.pid;
|
|
events {
|
worker_connections 1024;
|
}
|
|
http {
|
##
|
# Temp folders
|
##
|
proxy_temp_path /tmp/proxy_temp;
|
client_body_temp_path /tmp/client_temp;
|
fastcgi_temp_path /tmp/fastcgi_temp;
|
uwsgi_temp_path /tmp/uwsgi_temp;
|
scgi_temp_path /tmp/scgi_temp;
|
|
##
|
# Basic Settings
|
##
|
sendfile on;
|
tcp_nopush on;
|
tcp_nodelay on;
|
types_hash_max_size 2048;
|
server_tokens off;
|
|
##
|
# Logging Settings
|
##
|
map $msec $msec_no_decimal { ~(.*)\.(.*) $1$2; }
|
|
log_format json_detailed escape=json
|
'{'
|
'"timestamp":"$msec_no_decimal",'
|
'"http":{'
|
'"method":"$request_method",'
|
'"request_id":"$request_id",'
|
'"status_code":$status,'
|
'"content_type":"$content_type",'
|
'"useragent":"$http_user_agent",'
|
'"referrer":"$http_referer",'
|
'"origin":"$http_origin",'
|
'"x_forwarded_for":"$http_x_forwarded_for",'
|
'"url":"$request_uri",'
|
'"version":"$server_protocol",'
|
'"connection":"$connection",'
|
'"connection_requests":"$connection_requests"'
|
'},'
|
'"network":{'
|
'"bytes_written":$bytes_sent,'
|
'"bytes_read":$request_length,'
|
'"client":{'
|
'"ip":"$remote_addr",'
|
'"port":$remote_port'
|
'},'
|
'"destination":{'
|
'"ip":"$server_addr",'
|
'"port":$server_port'
|
'},'
|
'"nginx":{'
|
'"request_time":"$request_time",'
|
'"upstream_connect_time":"$upstream_connect_time",'
|
'"upstream_response_time":"$upstream_response_time",'
|
'"upstream_header_time":"$upstream_header_time"'
|
'}'
|
'}'
|
'}';
|
access_log /dev/stdout json_detailed;
|
error_log /dev/stderr info;
|
|
# MIME
|
include /etc/nginx/mime.types;
|
default_type application/octet-stream;
|
|
##
|
# SSL Settings
|
##
|
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
##
|
# Gzip Settings
|
##
|
gzip on;
|
gzip_vary on;
|
gzip_proxied any;
|
gzip_comp_level 6;
|
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
|
include resolv.conf;
|
|
server {
|
listen 8085;
|
add_header X-Request-ID $request_id; # Return to client
|
|
# The lines below are handled by entrypoint.sh.
|
# Do not delete it.
|
#listen 8086 ssl;
|
#ssl_certificate @cert@;
|
#ssl_certificate_key @certkey@;
|
|
if ($request_method !~ ^(GET|POST|PUT|PATCH|DELETE|HEAD|CONNECT|OPTIONS)$) {
|
return 405;
|
}
|
|
add_header Access-Control-Allow-Origin *;
|
add_header Access-Control-Max-Age 3600;
|
add_header Access-Control-Expose-Headers Content-Length;
|
add_header Access-Control-Allow-Headers Range;
|
add_header Strict-Transport-Security "max-age=31536000";
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
client_max_body_size 200m; # adjust to taste
|
|
if ($request_method = OPTIONS) {
|
return 204;
|
}
|
|
location /static/ {
|
alias /label-studio/label_studio/core/static_build/;
|
}
|
|
# LabelStudio frontend
|
# Source: https://github.com/HumanSignal/label-studio/blob/HEAD/label_studio/frontend/src
|
location /react-app/ {
|
alias /label-studio/web/dist/apps/labelstudio/;
|
}
|
|
location /nginx_health {
|
return 200;
|
}
|
|
location = /favicon.ico {
|
alias /label-studio/label_studio/core/static_build/images/favicon.ico;
|
}
|
|
location ~ ^/file_download/(.*?)/(.*?)/(.*) {
|
internal;
|
# Extract the remote URL parts
|
set $download_protocol $1;
|
set $download_host $2;
|
set $download_path $3;
|
# Reconstruct the remote URL
|
set $download_url $download_protocol://$download_host/$download_path;
|
# Hide GCS headers
|
proxy_hide_header x-goog-hash;
|
proxy_hide_header x-goog-generation;
|
proxy_hide_header x-goog-metageneration;
|
proxy_hide_header x-goog-stored-content-encoding;
|
proxy_hide_header x-goog-stored-content-length;
|
proxy_hide_header x-goog-storage-class;
|
proxy_hide_header x-guploader-uploadid;
|
# Hide AWS headers
|
proxy_hide_header x-amz-delete-marker;
|
proxy_hide_header x-amz-id-2;
|
proxy_hide_header x-amz-request-id;
|
proxy_hide_header x-amz-version-id;
|
proxy_hide_header x-amz-meta-server-side-encryption;
|
proxy_hide_header x-amz-server-side-encryption;
|
# Headers for the remote server, unset Authorization and Cookie for security reasons.
|
proxy_set_header Host $download_host;
|
proxy_set_header Authorization '';
|
proxy_set_header Cookie '';
|
proxy_hide_header Content-Disposition;
|
add_header Content-Disposition $upstream_http_content_disposition;
|
# Enable TLS SNI (important!)
|
proxy_ssl_server_name on;
|
proxy_ssl_name $download_host;
|
# Stops the local disk from being written to (just forwards data through)
|
proxy_max_temp_file_size 0;
|
# Proxy the remote file through to the client
|
proxy_pass $download_url$is_args$args;
|
proxy_intercept_errors on;
|
error_page 301 302 307 = @handle_redirect;
|
}
|
|
location @handle_redirect {
|
set $saved_redirect_location '$upstream_http_location';
|
proxy_pass $saved_redirect_location;
|
}
|
|
location / {
|
absolute_redirect off;
|
proxy_connect_timeout 90;
|
proxy_send_timeout 90;
|
proxy_read_timeout 90;
|
send_timeout 90;
|
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header Host $http_host;
|
proxy_set_header X-Request-ID $request_id;
|
proxy_pass_header Content-Type;
|
proxy_redirect off;
|
proxy_pass http://localhost:8000/;
|
}
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
root /usr/share/nginx/html;
|
}
|
}
|
}
|
