From c152347badeb21cfe14a1fc5250e18f32cf86ed3 Mon Sep 17 00:00:00 2001
From: Slawomir Wieczorek <slawomir.wieczorek@bedag.ch>
Date: Thu, 18 Jan 2024 10:13:49 +0100
Subject: [PATCH] fix ui redirects from docker

---
 .../docker-compose/base/base-services.yaml    |   2 +-
 .../base/hello-data-portal-ui/nginx.conf      | 123 ------------------
 .../Dockerfile                                |   2 -
 .../build/docker/Dockerfile                   |   4 +-
 .../build/docker/nginx.conf                   |  12 +-
 5 files changed, 14 insertions(+), 129 deletions(-)
 delete mode 100644 hello-data-deployment/docker-compose/base/hello-data-portal-ui/nginx.conf
 rename hello-data-deployment/docker-compose/base/{hello-data-portal-ui => portal}/Dockerfile (98%)

diff --git a/hello-data-deployment/docker-compose/base/base-services.yaml b/hello-data-deployment/docker-compose/base/base-services.yaml
index a4e613b5..8e06dc68 100644
--- a/hello-data-deployment/docker-compose/base/base-services.yaml
+++ b/hello-data-deployment/docker-compose/base/base-services.yaml
@@ -495,7 +495,7 @@ services:
 
   hello-data-portal-ui:
     build:
-      context: base/hello-data-portal-ui
+      context: base/portal
       dockerfile: Dockerfile
       args:
         HELLO_DATA_AUTH_SERVER_URL: ${HELLO_DATA_AUTH_SERVER_URL}
diff --git a/hello-data-deployment/docker-compose/base/hello-data-portal-ui/nginx.conf b/hello-data-deployment/docker-compose/base/hello-data-portal-ui/nginx.conf
deleted file mode 100644
index eefad775..00000000
--- a/hello-data-deployment/docker-compose/base/hello-data-portal-ui/nginx.conf
+++ /dev/null
@@ -1,123 +0,0 @@
-user nginx;
-worker_processes auto;
-
-# Enables the use of JIT for regular expressions to speed-up their processing.
-pcre_jit on;
-
-error_log /var/log/nginx/error.log warn;
-pid /var/run/nginx.pid;
-
-events {
-  worker_connections 1024;
-  use epoll;
-}
-
-http {
-  include /etc/nginx/mime.types;
-  include /etc/nginx/conf.d/*.conf;
-  default_type application/octet-stream;
-
-  # Don't tell nginx version to clients.
-  server_tokens off;
-
-  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                  '$status $body_bytes_sent "$http_referer" '
-                  '"$http_user_agent" "$http_x_forwarded_for"';
-
-  access_log /var/log/nginx/access.log main;
-
-  client_header_timeout 10m;
-  client_body_timeout 10m;
-  send_timeout 10m;
-
-  connection_pool_size 256;
-  client_max_body_size 5m;
-
-  gzip on;
-  gzip_disable "msie6";
-
-  gzip_vary on;
-  gzip_proxied any;
-  gzip_comp_level 6;
-  gzip_buffers 16 8k;
-  gzip_http_version 1.1;
-  gzip_min_length 256;
-  gzip_types
-    application/atom+xml
-    application/geo+json
-    application/javascript
-    application/x-javascript
-    application/json
-    application/ld+json
-    application/manifest+json
-    application/rdf+xml
-    application/rss+xml
-    application/xhtml+xml
-    application/xml
-    font/eot
-    font/otf
-    font/ttf
-    image/svg+xml
-    text/css
-    text/javascript
-    text/plain
-    text/xml;
-
-  sendfile on;
-  tcp_nopush on;
-  tcp_nodelay on;
-
-  keepalive_timeout 75 20;
-
-  ignore_invalid_headers on;
-
-  # Sets a $real_scheme variable whose value is the scheme passed by the load
-  # balancer in X-Forwarded-Proto (if any), defaulting to $scheme.
-  # Similar to how the HttpRealIp module treats X-Forwarded-For.
-  map $http_x_forwarded_proto $real_scheme {
-    default $http_x_forwarded_proto;
-    ''      $scheme;
-  }
-
-  # Sets a $real_port variable whose value is the port passed by the load
-  # balancer in X-Forwarded-Port (if any), defaulting to $server_port.
-  map $http_x_forwarded_port $real_port {
-    default $http_x_forwarded_port;
-    ''      $server_port;
-  }
-
-  # prevent clickjacking
-  add_header X-Frame-Options SAMEORIGIN;
-
-  # X-XSS-Protection
-  add_header X-XSS-Protection "1; mode=block";
-
-  server {
-    listen 127.0.0.1:80;
-    server_name 127.0.0.1;
-
-    location = /stub_status {
-      stub_status;
-    }
-  }
-
-  server {
-     listen *:80;
-     root /app/;
-     client_max_body_size 1024m;
-     index index.html index.htm;
-
-     location @app {
-       rewrite ^$ /app/ redirect;
-       rewrite ^/$ /app/ redirect;
-       rewrite ^/app$ index.html;
-       rewrite ^/app.*$ /index.html;
-       try_files $uri $uri/ /index.html;
-     }
-
-     location /app {
-       alias /app/;
-       try_files $uri @app;
-     }
-   }
-}
diff --git a/hello-data-deployment/docker-compose/base/hello-data-portal-ui/Dockerfile b/hello-data-deployment/docker-compose/base/portal/Dockerfile
similarity index 98%
rename from hello-data-deployment/docker-compose/base/hello-data-portal-ui/Dockerfile
rename to hello-data-deployment/docker-compose/base/portal/Dockerfile
index 78b34f54..55c5d6f5 100644
--- a/hello-data-deployment/docker-compose/base/hello-data-portal-ui/Dockerfile
+++ b/hello-data-deployment/docker-compose/base/portal/Dockerfile
@@ -69,8 +69,6 @@ RUN echo "window.environment = { \
             } \
           }" > /app/config/environment.js
 
-COPY nginx.conf /etc/nginx/nginx.conf
-
 RUN chown -R nginx: /app
 
 EXPOSE 80
diff --git a/hello-data-portal/hello-data-portal-ui/build/docker/Dockerfile b/hello-data-portal/hello-data-portal-ui/build/docker/Dockerfile
index 8ae4388a..a5627b22 100644
--- a/hello-data-portal/hello-data-portal-ui/build/docker/Dockerfile
+++ b/hello-data-portal/hello-data-portal-ui/build/docker/Dockerfile
@@ -25,12 +25,12 @@
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
-FROM nginx:1
+FROM nginx:1.25.3
 
 LABEL MAINTAINER="HelloDATA Team"
 
 COPY hello-data-portal-ui /app
-
+RUN rm -rf /etc/nginx/conf.d/default.conf
 COPY nginx.conf /etc/nginx/nginx.conf
 COPY csp.conf /etc/nginx/conf.d/csp.conf.template
 
diff --git a/hello-data-portal/hello-data-portal-ui/build/docker/nginx.conf b/hello-data-portal/hello-data-portal-ui/build/docker/nginx.conf
index 93c17768..9aa2c7b5 100644
--- a/hello-data-portal/hello-data-portal-ui/build/docker/nginx.conf
+++ b/hello-data-portal/hello-data-portal-ui/build/docker/nginx.conf
@@ -92,6 +92,10 @@ http {
   # X-XSS-Protection
   add_header X-XSS-Protection "1; mode=block";
 
+  proxy_set_header Host $host;
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
   server {
     listen 127.0.0.1:80;
     server_name 127.0.0.1;
@@ -107,10 +111,16 @@ http {
     client_max_body_size 1024m;
     index index.html index.htm;
 
+    location = / {
+      absolute_redirect off;
+      rewrite ^/$ /app/ redirect;
+      try_files $uri $uri/ @app;
+    }
+
     location @app {
       rewrite ^$ /app/ redirect;
       rewrite ^/$ /app/ redirect;
-      rewrite ^/app$ index.html;
+      rewrite ^/app$ /index.html;
       rewrite ^/app.*$ /index.html;
       try_files $uri $uri/ /index.html;
     }