fix(ui): replace variable in nginx.conf

luis-dk · luis-dk · commit de46c6bd38b6 · 2024-08-12T10:13:16.000-04:00
diff --git a/deploy/docker/observability-ui.dockerfile b/deploy/docker/observability-ui.dockerfile
@@ -22,7 +22,10 @@ FROM ${BASE_IMAGE_URL}nginxinc/nginx-unprivileged:1.25
 
 WORKDIR /observability_ui
 
+ENV OBSERVABILITY_API_HOSTNAME=
+ENV NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx
+
 COPY --from=build-image --chown=nginx:nginx /observability_ui/dist /observability_ui
-COPY --from=build-image --chown=nginx:nginx /observability_ui/nginx.conf /etc/nginx/nginx.conf
+COPY --from=build-image --chown=nginx:nginx /observability_ui/nginx.conf /etc/nginx/templates/nginx.conf.template
 
 RUN mv /observability_ui/auth /observability_ui/shell/
diff --git a/observability_ui/nginx.conf b/observability_ui/nginx.conf
@@ -57,11 +57,12 @@ http {
     location / {
       sub_filter_once off;
       sub_filter RandomNonceValue $request_id;
+      set $api_hostname "$OBSERVABILITY_API_HOSTNAME";
 
       try_files /shell$uri /shell/index.html =404;
 
       add_header X-Content-Type-Options nosniff always;
-      add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-${request_id}' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.materialdesignicons.com https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-ancestors 'none'; connect-src 'self' https://fonts.gstatic.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net; upgrade-insecure-requests;" always;
+      add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-${request_id}' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.materialdesignicons.com https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-ancestors 'none'; connect-src 'self' https://fonts.gstatic.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net ${api_hostname}; upgrade-insecure-requests;" always;
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -57,11 +57,12 @@ http {`
`57`	`57`	`location / {`
`58`	`58`	`sub_filter_once off;`
`59`	`59`	`sub_filter RandomNonceValue $request_id;`
	`60`	`+ set $api_hostname "$OBSERVABILITY_API_HOSTNAME";`
`60`	`61`
`61`	`62`	`try_files /shell$uri /shell/index.html =404;`
`62`	`63`
`63`	`64`	`add_header X-Content-Type-Options nosniff always;`
`64`		`- add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-${request_id}' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.materialdesignicons.com https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-ancestors 'none'; connect-src 'self' https://fonts.gstatic.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net; upgrade-insecure-requests;" always;`
	`65`	`+ add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-${request_id}' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.materialdesignicons.com https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-ancestors 'none'; connect-src 'self' https://fonts.gstatic.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net ${api_hostname}; upgrade-insecure-requests;" always;`
`65`	`66`	`}`
`66`	`67`	`}`
`67`	`68`	`}`