Bitte Seite neu laden - Verbindung wird automatisch erneut versucht.
+ + '; + } + # ---- Static assets: keine Auth, damit Browser die .js/.css korrekt erhält ---- location ~* \.(?:js|css|png|jpg|jpeg|gif|ico|svg|webp)$ { - proxy_pass https://appRobot_Control:10010; + proxy_pass https://$serverBackendControl; proxy_set_header Host thinkcentre.local; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -123,7 +142,7 @@ server { # ---- WebSocket-Endpoint (falls z.B. /echo) - auth prüfen ---- location /echo { auth_request /nginxauth; - proxy_pass https://appRobot_Control:10010/echo; + proxy_pass https://$serverBackendControl/echo; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; @@ -143,7 +162,7 @@ server { location / { auth_request /nginxauth; - proxy_pass https://appRobot_Control:10010/; + proxy_pass https://$serverBackendControl/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; @@ -169,7 +188,7 @@ server { # /nginxauth (lokal für diesen vhost, aber internal request wird an auth-service weitergeleitet) location = /nginxauth { internal; - proxy_pass http://appServer_Auth:3000/internal/auth; #***# AUTH + proxy_pass http://$auth_backend/internal/auth; #***# AUTH proxy_set_header Cookie $http_cookie; #***# AUTH #***# AUTH HEADER ERWEITERUNG @@ -177,6 +196,9 @@ server { proxy_set_header X-Original-Host $host; proxy_set_header X-Forwarded-Host $host; } + + proxy_intercept_errors on; + error_page 502 503 504 = @fallback; } # ------------------------------------------------------------ @@ -194,21 +216,19 @@ server { set $serverBackendSimulation "appRobot_Simulation:1003"; set $auth_backend "appServer_Auth:3000"; - ############# FALLBACK LOCATION (NEU – RICHTIGER ORT) location @fallback { default_type text/html; return 200 ' -Bitte Seite neu laden – Verbindung wird automatisch erneut versucht.
+Bitte Seite neu laden - Verbindung wird automatisch erneut versucht.
'; } - ############# # ---- Static assets: keine Auth ---- location ~* \.(?:js|css|png|jpg|jpeg|gif|ico|svg|webp|stl)$ { @@ -295,7 +315,7 @@ server { } # ------------------------------------------------------------ -# xyz.server.schooltech.ch (Guacamole on ThinkCentre) +# xyz.server.schooltech.ch (Guacamole ) # ------------------------------------------------------------ server { listen 443 ssl http2; @@ -306,41 +326,43 @@ server { ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; - location / { - auth_request /nginxauth; # Auth prüfen + set $serverBackendGuacamole "appServer_guacamole:8080"; + + location @fallback { + default_type text/html; + return 200 ' + + +Bitte Seite neu laden - Verbindung wird automatisch erneut versucht.
+ + '; + } - proxy_pass http://appRobot_guacamole:8080/; + location / { + proxy_pass http://$serverBackendGuacamole; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - # Proxy Header (Upstream erwartet thinkcentre.local) - proxy_set_header Host thinkcentre.local; # bewusst: Upstream Host-Expectation - proxy_set_header Origin $http_origin; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_buffering off; + proxy_request_buffering off; + + proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; - # iFrame erlauben - proxy_hide_header X-Frame-Options; - add_header X-Frame-Options "ALLOWALL" always; - - proxy_hide_header Content-Security-Policy; - add_header Content-Security-Policy "frame-ancestors *" always; + add_header Content-Security-Policy "frame-ancestors https://server.schooltech.ch" always; + + proxy_intercept_errors on; + error_page 502 503 504 = @fallback; } - location = /nginxauth { - internal; - proxy_pass http://appServer_Auth:3000/internal/auth; #***# XYZ: proxy_pass wie überall - proxy_set_header Cookie $http_cookie; - - proxy_set_header X-Original-URI $request_uri; - - #***# XYZ AUTH HOST: Original-Host weitergeben (wichtig für Redirects/Checks) - proxy_set_header X-Original-Host $host; - proxy_set_header X-Forwarded-Host $host; - } } ## ------------------------------------------------------------ @@ -352,11 +374,24 @@ server { ssl_certificate /etc/letsencrypt/live/server.schooltech.ch/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/server.schooltech.ch/privkey.pem; - #ssl_protocols TLSv1.2 TLSv1.3; - #ssl_prefer_server_ciphers on; + + set $auth_backend "appServer_Auth:3000"; + + location @fallback { + default_type text/html; + return 200 ' + + +Bitte Seite neu laden - Verbindung wird automatisch erneut versucht.
+ + '; + } location / { - #auth_request /nginxauth; proxy_pass http://portainer:9000; proxy_http_version 1.1; @@ -376,16 +411,22 @@ server { add_header X-Frame-Options "SAMEORIGIN" always; add_header Content-Security-Policy "frame-ancestors https://server.schooltech.ch" always; + + proxy_intercept_errors on; + error_page 502 503 504 = @fallback; # <-- Fallback } location = /nginxauth { internal; - proxy_pass http://appServer_Auth:3000/internal/auth; #***# AUTH - proxy_set_header Cookie $http_cookie; #***# AUTH + proxy_pass http://$auth_backend/internal/auth; + proxy_set_header Cookie $http_cookie; #***# AUTH HEADER ERWEITERUNG proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Original-Host $host; proxy_set_header X-Forwarded-Host $host; + + proxy_intercept_errors on; + error_page 502 503 504 = @fallback; # <-- Fallback } }