Preview Environment Nginx Config

Dockerfile

FROM nginx

# Copy custom error pages
COPY html /usr/share/nginx/html

# nginx defaults like logging
COPY nginx/default.conf /etc/nginx/conf.d/default.conf

# nginx mapping file for URL routing
COPY nginx/nginx.conf /etc/nginx/nginx.conf

html-404.html

<html>
<body><h1>404 😭</h1></body>
</html>

html-index.html

<html>
<body>There is nothing here. Be sure to enter the correct preview environment path.</body>
</html>

nginx-default.confg

server {
    listen       8080;
    server_name  localhost;

    # TLS is terminated upstream, so use forwarded proto to determine redirect need
    if ($http_x_forwarded_proto ~* ^http$ ) {
        return 301 https://$host$request_uri;
    }

    # Extract wildcard commit hash from hostname -> app_hash
    # Use this matcher for <app-hash>-<app-name>-<env-name>.preview.acme.com style wildcard DNS routing
    # server_name "~^(?<app_hash>[a-f0-9]{7})-(?<app_name>[a-z]{3,10})-(?<env_name>dev|prod})\.preview.acme.com$";
    # Use this matcher for preview.acme.com/<app-name>/<app-hash>/ style routing (env-name optional)
    server_name "preview.acme.com";

    # enable rewrite debugging logs - uncomment for debugging
    #rewrite_log on;
    #error_log /var/log/nginx/debug.log debug;

    # Map to our custom erorr page - use this for a custom error page (include in your HTML dir)
    error_page 404 /404.html;

    # Support health checking
    location ~ /health.html {
        return 204;
    }

    # NOTE: this is a little tricky, we need to add the app path TWICE, since the location matcher will STRIP IT
    location / {

        # Rewrite / -> /index.html on upstream
        # (1) / -> index.html
        rewrite ^/$ /cdn/$env_name/$app_name/$app_hash/index.html last;

        # (2) Anything without a file extension /foo, /foo/bar -> index.html
        rewrite ^/(.*/)?[^\.]+$ /cdn/$env_name/$app_name/$app_hash/index.html last;

        # (3) Add GCS path to all other requests
        rewrite ^/(.*)$ /cdn/$env_name/$app_name/$app_hash/$1 last;
    }

    # The app name will be blank if someone is just fuzzing this proxy - don't proxy to GCS
    # A blank app name (or otherwise invalid URL) will give us a double slash `//`
    location ~ // {
        return 404; # set 404 code
    }

    # Path parts matched here will be stripped by Nginx when resolving in the proxy, so just add the 'cdn/' prefix above
    # proxy resolvers like this can have NO DYNAMIC MATCHERS/PARTS
    location /cdn {

# Extra header info to help with debugging
        set $upstream_url https://storage.googleapis.com/<YOUR-BUCKET-NAME-HERE>/$app_name/$app_hash/$1;
        add_header X-app-hash "$app_hash";
        add_header X-app-name "$app_name";
        add_header X-upstream-url "$upstream_url";

        # Note: no trailing slash, as the rewrite rules above/stripping will leave us with an appended slash
        # TODO ADD YOUR BUCKET NAME HERE
        proxy_pass https://storage.googleapis.com/<YOUR-BUCKET-NAME-HERE>;
    }

    # Map error status codes
    location = /404.html {
        root  /usr/share/nginx/html;
        internal;
    }
}

nginx-nginx.conf

user  nginx;
worker_processes  1;

error_log   /var/log/nginx/error.log notice;

pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    server_tokens off;

    log_format  main  '[$time_local] "$host" "$remote_addr" "$http_x_forwarded_for" '
                      '"$http_x_forwarded_proto" "$http_referer" "$remote_user" "$request" $status $body_bytes_sent '
                      '$request_time $upstream_connect_time $upstream_header_time $upstream_response_time '
                      '"$http_user_agent"';

    # Turn on for detailed debugging
    #rewrite_log on;
    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
    include /etc/nginx/conf.d/*.conf;
}