Пример конфигурации клиентского приложения для Microsoft Windows: iam-config.yaml#
Клиентское приложение для Microsoft Windows является опциональным к установке и использованию. Приложение создано для использования в рамках ограниченной функциональности для Microsoft Windows.
kintsugi.common.conf: |- # общие параметры конфигурации IAM
proxy_pass_request_headers on;
proxy_set_header Authorization $http_authorization;
proxy_ssl_verify off;
kintsugi.server.conf: |- # конфигурация маршрутов IAM
location / {
return 301 /frontend/;
}
location /sockets/database/terminal {
proxy_pass_request_headers off;
proxy_set_header Authorization $http_authorization;
proxy_ssl_verify off;
set $ingress_terminal terminal.kintsugi.example.test;
proxy_ssl_name $ingress_terminal;
proxy_ssl_server_name on;
proxy_pass https://$ingress_terminal;
proxy_http_version 1.1;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $ingress_terminal;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header iv-user $http_iv_user;
}
location /sockets/database/structure {
proxy_pass_request_headers off;
proxy_set_header Authorization $http_authorization;
proxy_ssl_verify off;
set $ingress_backend backend.kintsugi.example.test;
proxy_ssl_name $ingress_backend;
proxy_ssl_server_name on;
proxy_pass https://$ingress_backend;
proxy_http_version 1.1;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $ingress_backend;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header iv-user $http_iv_user;
}
location /websocket {
proxy_pass_request_headers off;
proxy_set_header Authorization $http_authorization;
proxy_ssl_verify off;
set $ingress_kmetrics kmetrics.kintsugi.example.test;
proxy_ssl_name $ingress_kmetrics;
proxy_ssl_server_name on;
proxy_pass https://$ingress_kmetrics;
proxy_http_version 1.1;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $ingress_kmetrics;
}
location /sockets/monitoring/metrics {
proxy_pass_request_headers off;
proxy_set_header Authorization $http_authorization;
proxy_ssl_verify off;
set $ingress_piface piface.kintsugi.example.test;
proxy_ssl_name $ingress_piface;
proxy_ssl_server_name on;
proxy_pass https://$ingress_piface;
proxy_http_version 1.1;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $ingress_piface;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header iv-user $http_iv_user;
}
location /monitoring/data-collectors/states {
include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
set $ingress_piface piface.kintsugi.example.test;
proxy_set_header Host $ingress_piface;
proxy_ssl_name $ingress_piface;
proxy_ssl_server_name on;
proxy_pass https://$ingress_piface;
}
location = /backend/dblist {
include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
set $ingress_backend backend.kintsugi.example.test;
proxy_set_header Host $ingress_backend;
proxy_ssl_name $ingress_backend;
proxy_ssl_server_name on;
proxy_pass https://$ingress_backend/dblist;
}
location ~* /backend/(?<subpath>.*)$ {
include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
set $ingress_curator curator.kintsugi.example.test;
proxy_set_header Host $ingress_curator;
proxy_ssl_name $ingress_curator;
proxy_ssl_server_name on;
proxy_pass https://$ingress_curator/$subpath;
}
location ~* /frontend/(?<subpath>.*)$ {
include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
set $ingress_frontend frontend-slim.kintsugi.example.test;
proxy_set_header Host $ingress_frontend;
proxy_ssl_name $ingress_frontend;
proxy_ssl_server_name on;
proxy_pass https://$ingress_frontend/$subpath;
}
location /userinfo {
include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
set $keycloak_route keycloak.kintsugi.example.test;
proxy_set_header Host $keycloak_route;
proxy_ssl_name $keycloak_route;
proxy_ssl_server_name on;
proxy_pass https://$keycloak_route/auth/realms/example-kintsugi/protocol/openid-connect/userinfo;
}
location /iam-auth {
if ($http_referer = '') {
return 301 https://$host/frontend;
}
include /usr/local/openresty/nginx/conf/custom.d/kintsugi.common.conf;
proxy_ssl_name proxy.kintsugi.example.test;
proxy_ssl_server_name on;
proxy_pass https://proxy-proxy.kintsugi.example.test/backend/;
}
kintsugi.upstream.conf: |- # конфигурация upstream-ресурсов IAM
upstream ingress_backend {
include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
server backend.kintsugi.example.test:443;
}
upstream ingress_curator {
include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
server curator.kintsugi.example.test:443;
}
upstream ingress_kmetrics {
include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
server kmetrics.kintsugi.example.test:443;
}
upstream frontend_route {
include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
server frontend-se.kintsugi.example.test:443;
}
upstream keycloak_route {
include /usr/local/openresty/nginx/conf/common/jct.upstream.conf;
server keycloak.kintsugi.example.test:443;
}