diff --git a/config/docker-compose-citrineos.yml b/config/docker-compose-citrineos.yml index 0eba6cc..6a43933 100644 --- a/config/docker-compose-citrineos.yml +++ b/config/docker-compose-citrineos.yml @@ -24,7 +24,6 @@ services: condition: service_healthy volumes: - citrineos-data:/data - # No healthcheck - CitrineOS Core uses OCPP/WebSocket, not HTTP REST networks: - cariflex-internal @@ -96,24 +95,6 @@ services: - traefik-public - cariflex-internal - citrineos-core-proxy: - image: nginx:alpine - container_name: cariflex-citrineos-core-proxy - restart: unless-stopped - volumes: - - ./nginx-citrineos-core.conf:/etc/nginx/conf.d/default.conf:ro - labels: - - "traefik.enable=true" - - "traefik.http.routers.citrineos-core.rule=Host(`citrineos-core.digitribe.fr`)" - - "traefik.http.routers.citrineos-core.entrypoints=websecure" - - "traefik.http.routers.citrineos-core.tls.certresolver=letsencrypt" - - "traefik.http.services.citrineos-core.loadbalancer.server.port=8080" - depends_on: - - hasura - networks: - - traefik-public - - cariflex-internal - citrineos-operator-ui: image: citrineos-operator-ui:latest container_name: cariflex-citrineos-operator-ui @@ -121,7 +102,6 @@ services: ports: - "3002:3000" depends_on: - - citrineos-core-proxy - hasura labels: - "traefik.enable=true" diff --git a/config/nginx-citrineos-core.conf b/config/nginx-citrineos-core.conf index 403105e..6110e9b 100644 --- a/config/nginx-citrineos-core.conf +++ b/config/nginx-citrineos-core.conf @@ -1,16 +1,30 @@ +map $http_origin $cors_origin { + default ""; + "https://citrineos.digitribe.fr" "https://citrineos.digitribe.fr"; + "http://localhost:3000" "http://localhost:3000"; + "http://localhost:3002" "http://localhost:3002"; +} + server { listen 8080; server_name _; - # CORS headers for all responses - add_header Access-Control-Allow-Origin * always; + # CORS headers + add_header Access-Control-Allow-Origin $cors_origin always; add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Hasura-Admin-Secret, X-Hasura-Role, X-Hasura-User-Id, X-Hasura-Allowed-Roles, X-Requested-With, Cache-Control" always; add_header Access-Control-Max-Age 3600 always; + add_header Access-Control-Allow-Credentials "true" always; # Handle preflight OPTIONS - location = /options { - internal; + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Hasura-Admin-Secret, X-Hasura-Role, X-Hasura-User-Id, X-Hasura-Allowed-Roles, X-Requested-With, Cache-Control" always; + add_header Access-Control-Max-Age 3600 always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Content-Type "text/plain"; + add_header Content-Length 0; return 204; } @@ -26,8 +40,8 @@ server { return 200 '{"userPreferences":{"telemetryConsent":false},"ocppRouter":{"networkProfile":"default"}}'; } - # GraphQL endpoint - location /v1/graphql { + # GraphQL endpoint - both /v1/graphql and /graphql + location ~ ^/v?1?/graphql { proxy_pass http://cariflex-hasura:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -37,15 +51,8 @@ server { proxy_connect_timeout 60; } - # Default - proxy to Hasura + # Default - proxy everything to Hasura location / { - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin * always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Hasura-Admin-Secret, X-Hasura-Role, X-Hasura-User-Id, X-Hasura-Allowed-Roles, X-Requested-With, Cache-Control" always; - add_header Access-Control-Max-Age 3600 always; - return 204; - } proxy_pass http://cariflex-hasura:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;