angular-cn/aio/aio-builds-setup/dockerbuild/nginx/aio-builds.conf

# Redirect all HTTP traffic to HTTPS
server {
  server_name _;

  listen {{$AIO_NGINX_PORT_HTTP}} default_server;
  listen [::]:{{$AIO_NGINX_PORT_HTTP}};

  access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;
  error_log  {{$AIO_NGINX_LOGS_DIR}}/error.log;

  # Ideally we want 308 (permanent + keep original method),
  # but it is relatively new and not supported by some clients (e.g. cURL).
  return 307 https://$host:{{$AIO_NGINX_PORT_HTTPS}}$request_uri;
}

# Serve PR-preview requests
server {
  server_name "~^pr(?<pr>[1-9][0-9]*)-(?<sha>[0-9a-f]{7,40})\.";

  listen {{$AIO_NGINX_PORT_HTTPS}} ssl http2;
  listen [::]:{{$AIO_NGINX_PORT_HTTPS}} ssl http2;

  ssl_certificate           {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.crt;
  ssl_certificate_key       {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.key;
  ssl_prefer_server_ciphers on;
  ssl_ciphers               EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

  root             {{$AIO_BUILDS_DIR}}/$pr/$sha;
  disable_symlinks on from=$document_root;
  index            index.html;

  gzip            on;
  gzip_comp_level 7;
  gzip_types      *;

  access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;
  error_log  {{$AIO_NGINX_LOGS_DIR}}/error.log;

  error_page 404 /404.html;
  location "=/404.html" {
    internal;
  }

  location "~/[^/]+\.[^/]+$" {
    try_files $uri $uri/ =404;
  }

  location / {
    try_files $uri $uri/ /index.html =404;
  }
}

# Handle all other requests
server {
  server_name _;

  listen {{$AIO_NGINX_PORT_HTTPS}} ssl http2 default_server;
  listen [::]:{{$AIO_NGINX_PORT_HTTPS}} ssl http2;

  ssl_certificate           {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.crt;
  ssl_certificate_key       {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.key;
  ssl_prefer_server_ciphers on;
  ssl_ciphers               EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

  access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;
  error_log  {{$AIO_NGINX_LOGS_DIR}}/error.log;

  # Health check
  location "~^/health-check/?$" {
    add_header Content-Type text/plain;
    return 200 '';
  }

  # Check PRs previewability
  location "~^/can-have-public-preview/\d+/?$" {
    if ($request_method != "GET") {
      add_header Allow "GET";
      return 405;
    }

    proxy_pass_request_headers on;
    proxy_redirect             off;
    proxy_method               GET;
    proxy_pass                 http://{{$AIO_PREVIEW_SERVER_HOSTNAME}}:{{$AIO_PREVIEW_SERVER_PORT}}$request_uri;

    resolver 127.0.0.1;
  }

  # Notify about CircleCI builds
  location "~^/circle-build/?$" {
    if ($request_method != "POST") {
      add_header Allow "POST";
      return 405;
    }

    proxy_pass_request_headers on;
    proxy_redirect             off;
    proxy_method               POST;
    proxy_pass                 http://{{$AIO_PREVIEW_SERVER_HOSTNAME}}:{{$AIO_PREVIEW_SERVER_PORT}}$request_uri;

    resolver 127.0.0.1;
  }

  # Notify about PR changes
  location "~^/pr-updated/?$" {
    if ($request_method != "POST") {
      add_header Allow "POST";
      return 405;
    }

    proxy_pass_request_headers on;
    proxy_redirect             off;
    proxy_method               POST;
    proxy_pass                 http://{{$AIO_PREVIEW_SERVER_HOSTNAME}}:{{$AIO_PREVIEW_SERVER_PORT}}$request_uri;

    resolver 127.0.0.1;
  }

  # Everything else
  location / {
    return 404;
  }
}
feat(aio): redirect HTTP to HTTPS 2017-03-08 16:29:37 +02:00			`# Redirect all HTTP traffic to HTTPS`
			`server {`
			`server_name _;`

			`listen {{$AIO_NGINX_PORT_HTTP}} default_server;`
			`listen [::]:{{$AIO_NGINX_PORT_HTTP}};`

feat(aio): make it easy to keep relevant logs outside the docker container 2017-03-08 16:30:55 +02:00			`access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;`
			`error_log {{$AIO_NGINX_LOGS_DIR}}/error.log;`

feat(aio): redirect HTTP to HTTPS 2017-03-08 16:29:37 +02:00			`# Ideally we want 308 (permanent + keep original method),`
			`# but it is relatively new and not supported by some clients (e.g. cURL).`
			`return 307 https://$host:{{$AIO_NGINX_PORT_HTTPS}}$request_uri;`
			`}`

ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`# Serve PR-preview requests`
			`server {`
feat(aio): use shorter URLs for previews Use the 7 first characters of the 40-chars long SHAs for shorter/cleaner URLs. The collision probability is extremely low (since all SHAs are further "namespaced" under the corresponding PR). In case of a collision, the second PR will not be deployed, in order to avoid overwriting the original build. (This is a design decision to keep the implementation simple. It can be changed later if necessary.) 2017-06-25 22:13:03 +03:00			`server_name "~^pr(?<pr>[1-9][0-9]*)-(?<sha>[0-9a-f]{7,40})\.";`
feat(aio): add support for HTTPS (certificates provided by host - fallback to self-signed) 2017-02-27 12:11:55 +02:00
build(aio): enable HTTP/2 on the preview server (#16826) Fixes #16780 2017-05-17 07:07:28 +03:00			`listen {{$AIO_NGINX_PORT_HTTPS}} ssl http2;`
			`listen [::]:{{$AIO_NGINX_PORT_HTTPS}} ssl http2;`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00
build(aio): enable HTTP/2 on the preview server (#16826) Fixes #16780 2017-05-17 07:07:28 +03:00			`ssl_certificate {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.crt;`
			`ssl_certificate_key {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.key;`
			`ssl_prefer_server_ciphers on;`
			`ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00
			`root {{$AIO_BUILDS_DIR}}/$pr/$sha;`
			`disable_symlinks on from=$document_root;`
			`index index.html;`

build(aio): serve gzipped content from the preview server Fixes #16699 2017-05-11 00:22:16 +03:00			`gzip on;`
			`gzip_comp_level 7;`
			`gzip_types *;`

feat(aio): make it easy to keep relevant logs outside the docker container 2017-03-08 16:30:55 +02:00			`access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;`
			`error_log {{$AIO_NGINX_LOGS_DIR}}/error.log;`

ci(docs-infra): show custom 404 page on preview server (for consistency) (#26199) PR Close #26199 2018-10-01 23:19:58 +03:00			`error_page 404 /404.html;`
			`location "=/404.html" {`
			`internal;`
			`}`

feat(aio): enable deep-linking on deployed apps (until prerendering is done) (#15049) 2017-03-13 18:35:16 +02:00			`location "~/[^/]+\.[^/]+$" {`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`try_files $uri $uri/ =404;`
			`}`
feat(aio): enable deep-linking on deployed apps (until prerendering is done) (#15049) 2017-03-13 18:35:16 +02:00
			`location / {`
revert: build(aio): implement prerendering (#15346) This reverts commit d0bc83ca275964fa1de6684c3cdc6714de386efd. Protractor-based prerendering is flakey on Travis and takes several minutes to complete, slowing down the build. Prerendering has a lower impact now that we use a ServiceWorker. We will revisit in the future (probably using a `PlatformServer`-based approach). PR Close #15346 2017-03-21 15:46:20 +02:00			`try_files $uri $uri/ /index.html =404;`
feat(aio): enable deep-linking on deployed apps (until prerendering is done) (#15049) 2017-03-13 18:35:16 +02:00			`}`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`}`

			`# Handle all other requests`
			`server {`
feat(aio): add support for HTTPS (certificates provided by host - fallback to self-signed) 2017-02-27 12:11:55 +02:00			`server_name _;`

build(aio): enable HTTP/2 on the preview server (#16826) Fixes #16780 2017-05-17 07:07:28 +03:00			`listen {{$AIO_NGINX_PORT_HTTPS}} ssl http2 default_server;`
			`listen [::]:{{$AIO_NGINX_PORT_HTTPS}} ssl http2;`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00
build(aio): enable HTTP/2 on the preview server (#16826) Fixes #16780 2017-05-17 07:07:28 +03:00			`ssl_certificate {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.crt;`
			`ssl_certificate_key {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.key;`
			`ssl_prefer_server_ciphers on;`
			`ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00
feat(aio): make it easy to keep relevant logs outside the docker container 2017-03-08 16:30:55 +02:00			`access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;`
			`error_log {{$AIO_NGINX_LOGS_DIR}}/error.log;`

ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`# Health check`
feat(aio): enable deep-linking on deployed apps (until prerendering is done) (#15049) 2017-03-13 18:35:16 +02:00			`location "~^/health-check/?$" {`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`add_header Content-Type text/plain;`
			`return 200 '';`
			`}`

feat(docs-infra): add API endpoint for checking if PR can have preview (#25671) There several reasons why PRs cannot have (public) previews: - The PR did not affect any relevant files (e.g. non-spec files in `aio/` or `packages/`). - The PR cannot be automatically verified as "trusted" (based on its author or labels). Note: The endpoint does not check whether there currently is a (public) preview for the specified PR; only whether there can be one. PR Close #25671 2018-08-26 00:29:14 +03:00			`# Check PRs previewability`
			`location "~^/can-have-public-preview/\d+/?$" {`
			`if ($request_method != "GET") {`
			`add_header Allow "GET";`
			`return 405;`
			`}`

			`proxy_pass_request_headers on;`
			`proxy_redirect off;`
			`proxy_method GET;`
			`proxy_pass http://{{$AIO_PREVIEW_SERVER_HOSTNAME}}:{{$AIO_PREVIEW_SERVER_PORT}}$request_uri;`

			`resolver 127.0.0.1;`
			`}`

ci(docs-infra): move AIO preview deployment to CircleCI Now instead of pushing the AIO build artifacts to the preview server from inside a Travis job, the artifacts are built and hosted on the CircleCI infrastructure. The preview server will then pull these down after being triggered by a CircleCI build webhook. 2018-05-09 18:54:13 +01:00			`# Notify about CircleCI builds`
			`location "~^/circle-build/?$" {`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`if ($request_method != "POST") {`
			`add_header Allow "POST";`
			`return 405;`
			`}`

			`proxy_pass_request_headers on;`
			`proxy_redirect off;`
ci(docs-infra): move AIO preview deployment to CircleCI Now instead of pushing the AIO build artifacts to the preview server from inside a Travis job, the artifacts are built and hosted on the CircleCI infrastructure. The preview server will then pull these down after being triggered by a CircleCI build webhook. 2018-05-09 18:54:13 +01:00			`proxy_method POST;`
ci(docs-infra): rename 'upload-server' to 'preview-server' The server no longer has files uploaded to it. Instead it is more accurate to refer to it as dealing with "previews" of PRs. 2018-08-15 13:47:45 +01:00			`proxy_pass http://{{$AIO_PREVIEW_SERVER_HOSTNAME}}:{{$AIO_PREVIEW_SERVER_PORT}}$request_uri;`
ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00
			`resolver 127.0.0.1;`
			`}`

feat(aio): add API endpoint for notifying about PR updates This commit adds an API endpoint for notifying the preview server about PR updates (`/pr-updated`). According to the update, the preview server can take several actions. Currently, it will only check and (if necessary) update the PR's preview visibility (but more actions could be supported in the future). The API can be used with an automatic trigger (e.g. a GitHub webhook) to instantly update a PR's preview visibility when it changes. Fixes #16526 2017-06-27 19:43:02 +03:00			`# Notify about PR changes`
			`location "~^/pr-updated/?$" {`
			`if ($request_method != "POST") {`
			`add_header Allow "POST";`
			`return 405;`
			`}`

			`proxy_pass_request_headers on;`
			`proxy_redirect off;`
			`proxy_method POST;`
ci(docs-infra): rename 'upload-server' to 'preview-server' The server no longer has files uploaded to it. Instead it is more accurate to refer to it as dealing with "previews" of PRs. 2018-08-15 13:47:45 +01:00			`proxy_pass http://{{$AIO_PREVIEW_SERVER_HOSTNAME}}:{{$AIO_PREVIEW_SERVER_PORT}}$request_uri;`
feat(aio): add API endpoint for notifying about PR updates This commit adds an API endpoint for notifying the preview server about PR updates (`/pr-updated`). According to the update, the preview server can take several actions. Currently, it will only check and (if necessary) update the PR's preview visibility (but more actions could be supported in the future). The API can be used with an automatic trigger (e.g. a GitHub webhook) to instantly update a PR's preview visibility when it changes. Fixes #16526 2017-06-27 19:43:02 +03:00
			`resolver 127.0.0.1;`
			`}`

ci(aio): add initial implementation for aio-builds setup 2017-02-06 20:40:28 +02:00			`# Everything else`
			`location / {`
			`return 404;`
			`}`
			`}`