feat: 🎉 complete maker nginx(app)

pkg/resource/nginx/gateway.conf

@@ -0,0 +1,75 @@
+upstream hs-gateway-controller {
+    least_conn;
+    server gateway-service:9012 max_fails=3 fail_timeout=10s;
+}
+
+server {
+    listen      443 ssl proxy_protocol;
+    server_name hs-gateway-controller;
+
+    ssl_certificate      /yizhisec/ssl/server.crt;
+    ssl_certificate_key  /yizhisec/ssl/server.key;
+    ssl_client_certificate /yizhisec/ssl/ca.crt;
+    ssl_verify_client on;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+    ssl_session_tickets off;
+
+    # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
+    ssl_dhparam /etc/nginx/ssl/ffdhe2048.txt;
+
+    # intermediate configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+
+    client_max_body_size 50M;
+
+    location / {
+        proxy_pass http://hs-gateway-controller;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $proxy_protocol_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_read_timeout 300s;
+    }
+}
+
+server {
+    listen      443 ssl proxy_protocol;
+    server_name hs-gateway-register-controller;
+
+    ssl_certificate      /yizhisec/ssl/server.crt;
+    ssl_certificate_key  /yizhisec/ssl/server.key;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m;
+    ssl_session_tickets off;
+
+    ssl_dhparam /etc/nginx/ssl/ffdhe2048.txt;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    add_header Strict-Transport-Security "max-age=63072000" always;
+
+    client_max_body_size 50M;
+
+    location = /api/v1/gateway/setting {
+        if ($request_method != POST ) {
+           return 502 '{"code": -1, "msg": "invalid request"}';
+        }
+
+        proxy_pass http://hs-gateway-controller;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $proxy_protocol_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_read_timeout 300s;
+    }
+}