Use non-root user in Dockerfile for a1-interface

[sim/a1-interface.git] / near-rt-ric-simulator / nginx.conf

diff --git a/near-rt-ric-simulator/nginx.conf b/near-rt-ric-simulator/nginx.conf
index 5ba9dbe..a3be25b 100644 (file)
--- a/near-rt-ric-simulator/nginx.conf
+++ b/near-rt-ric-simulator/nginx.conf
@@ -1,8 +1,10 @@
-user www-data;
+# user www-data;
 worker_processes auto;
 pid /run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;
 
+env ALLOW_HTTP;
+
 events {
     worker_connections 768;
     # multi_accept on;
@@ -27,9 +29,26 @@ http {
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
 
+    perl_set $allow_http 'sub { return $ENV{"ALLOW_HTTP"}; }';
+
     server { # simple reverse-proxy
-        listen      8085;
+       listen      8085;
         listen      [::]:8085;
+        server_name  localhost;
+       if ($allow_http != true) {
+           return 444;
+       }
+
+       # serve dynamic requests
+        location / {
+            proxy_set_header   Host                 $host;
+            proxy_set_header   X-Real-IP            $remote_addr;
+            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+            proxy_pass      http://localhost:2222;
+        }
+    }
+
+    server { # simple reverse-proxy
         listen      8185 ssl;
         listen      [::]:8185 ssl;
         server_name  localhost;
@@ -39,7 +58,10 @@ http {
 
         # serve dynamic requests
         location / {
-        proxy_pass      http://localhost:2222;
+            proxy_set_header   Host                 $host;
+            proxy_set_header   X-Real-IP            $remote_addr;
+            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+            proxy_pass      http://localhost:2222;
         }
     }
     ##