v0.1 version: added ci, container, nginx + base apigw config

2022-10-06 17:41:43 +02:00
parent 70687169f1
commit b0505bb041
12 changed files with 224 additions and 1 deletions
--- a/data/etc/nginx/apigw.conf
+++ b/data/etc/nginx/apigw.conf
@@ -0,0 +1,45 @@
+include apigw_backends.conf;
+include apigw_keys.conf;
+
+server {
+    access_log /var/log/nginx/apigw_access.log main; 
+
+    listen 80;
+    # listen 443 ssl;
+    # server_name apigw_svc; # container name from stack config
+    # server_name api.example.com;
+
+    # TLS config
+    # ssl_certificate      /etc/ssl/certs/apigw.example.com.crt;
+    # ssl_certificate_key  /etc/ssl/private/apigw.example.com.key;
+    # ssl_session_cache    shared:SSL:10m;
+    # ssl_session_timeout  5m;
+    # ssl_ciphers          HIGH:!aNULL:!MD5;
+    # ssl_protocols        TLSv1.2 TLSv1.3;
+
+    # API definitions, one per file
+    include apigw_conf.d/*.conf;
+
+    # Error responses
+    # error_page 404 = @400;         # Treat invalid paths as bad requests
+    proxy_intercept_errors on;     # Do not send backend errors to client
+    include apigw_json_errors.conf;  # API client-friendly JSON errors
+    default_type application/json; # If no content-type, assume JSON
+
+    # API key validation
+    location = /_validate_apikey {
+        internal;
+
+        access_log /var/log/nginx/apigw_access.log main;
+        error_log /var/log/nginx/apigw_error.log warn;
+
+        if ($http_apikey = "") {
+            return 401; # Unauthorized
+        }
+        if ($apigw_client_name = "") {
+            return 403; # Forbidden
+        }
+
+        return 204; # OK (no content)
+    }
+}