overleaf/services/clsi/nginx.conf

# keep in sync with clsi-startup.sh files
# keep in sync with server-ce/nginx/clsi-nginx.conf
# Changes to the above:
#  - added debug header

server {
  # Extra header for dev-env.
  add_header 'X-Served-By' 'clsi-nginx' always;

  listen 8080;
  server_name clsi-proxy;
  server_tokens off;
  access_log off;
  # Ignore symlinks possibly created by users
  disable_symlinks on;
  # enable compression for tex auxiliary files, but not for pdf files
  gzip on;
  gzip_types text/plain;
  gzip_proxied any;
  types {
      text/plain log blg aux stdout stderr;
      application/pdf pdf;
  }

  # user content domain access check
  # The project-id is zero prefixed. No actual user project uses these ids.
  # mongo-id 000000000000000000000000 -> 1970-01-01T00:00:00.000Z
  # mongo-id 000000010000000000000000 -> 1970-01-01T00:00:01.000Z
  # mongo-id 100000000000000000000000 -> 1978-07-04T21:24:16.000Z
  # This allows us to distinguish between check-traffic and regular output traffic.
  location ~ ^/project/0([0-9a-f]+)/user/([0-9a-f]+)/build/([0-9a-f-]+)/output/output\.pdf$ {
    if ($request_method = 'OPTIONS') {
      # handle OPTIONS method for CORS requests
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Allow' 'GET,HEAD';
      return 200 'GET,HEAD';
    }
    alias /var/clsi/tiny.pdf;
  }
  location ~ ^/project/0([0-9a-f]+)/build/([0-9a-f-]+)/output/output\.pdf$ {
    if ($request_method = 'OPTIONS') {
      # handle OPTIONS method for CORS requests
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Allow' 'GET,HEAD';
      return 200 'GET,HEAD';
    }
    alias /var/clsi/tiny.pdf;
  }

  # handle output files for specific users
  location ~ ^/project/([0-9a-f]+)/user/([0-9a-f]+)/build/([0-9a-f-]+)/output/output\.([a-z]+)$ {
    if ($request_method = 'OPTIONS') {
      # handle OPTIONS method for CORS requests
      add_header 'Allow' 'GET,HEAD';
      return 204;
    }
    alias /output/$1-$2/generated-files/$3/output.$4;
  }
  # handle output files for anonymous users
  location ~ ^/project/([0-9a-f]+)/build/([0-9a-f-]+)/output/output\.([a-z]+)$ {
    if ($request_method = 'OPTIONS') {
      # handle OPTIONS method for CORS requests
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Allow' 'GET,HEAD';
      return 200 'GET,HEAD';
    }
    alias /output/$1/generated-files/$2/output.$3;
  }

  # PDF range for specific users
  location ~ ^/project/([0-9a-f]+)/user/([0-9a-f]+)/content/([0-9a-f-]+/[0-9a-f]+)$ {
    if ($request_method = 'OPTIONS') {
      # handle OPTIONS method for CORS requests
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Allow' 'GET,HEAD';
      return 200 'GET,HEAD';
    }
    # Cache for one day
    expires 1d;
    alias /output/$1-$2/content/$3;
  }
  # PDF range for anonymous users
  location ~ ^/project/([0-9a-f]+)/content/([0-9a-f-]+/[0-9a-f]+)$ {
    if ($request_method = 'OPTIONS') {
      # handle OPTIONS method for CORS requests
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Allow' 'GET,HEAD';
      return 200 'GET,HEAD';
    }
    # Cache for one day
    expires 1d;
    alias /output/$1/content/$2;
  }

  # status endpoint for haproxy httpchk option
  location /status {
    return 200;
  }

  # load shedding probe
  location = /instance-state {
    alias /var/clsi/instance-state;
  }
}
Merge pull request #9053 from overleaf/jpa-dev-env-pdf-download-as-prod [misc] align clsi output file downloads in dev-env with production GitOrigin-RevId: 4c45ea3504b6d79a610dac5f57eb449fcc86be1c 2022-07-29 07:12:13 -04:00			`# keep in sync with clsi-startup.sh files`
Merge pull request #9972 from overleaf/jpa-fix-rate-limited-output-download [server-ce] serve output files via nginx GitOrigin-RevId: 0ba3b27f85f928b1d95646e663dfa42a22a9f832 2022-10-17 06:13:53 -04:00			`# keep in sync with server-ce/nginx/clsi-nginx.conf`
			`# Changes to the above:`
			`# - added debug header`
Merge pull request #9053 from overleaf/jpa-dev-env-pdf-download-as-prod [misc] align clsi output file downloads in dev-env with production GitOrigin-RevId: 4c45ea3504b6d79a610dac5f57eb449fcc86be1c 2022-07-29 07:12:13 -04:00
			`server {`
			`# Extra header for dev-env.`
			`add_header 'X-Served-By' 'clsi-nginx' always;`

			`listen 8080;`
			`server_name clsi-proxy;`
			`server_tokens off;`
			`access_log off;`
			`# Ignore symlinks possibly created by users`
			`disable_symlinks on;`
			`# enable compression for tex auxiliary files, but not for pdf files`
			`gzip on;`
			`gzip_types text/plain;`
			`gzip_proxied any;`
			`types {`
			`text/plain log blg aux stdout stderr;`
			`application/pdf pdf;`
			`}`
Merge pull request #11246 from overleaf/jpa-user-content-domain-access-check [misc] prepare migration to user content domain GitOrigin-RevId: 581ccab6d39ec021fb44a555a09e55441c35d0d1 2023-01-17 10:23:51 -05:00
			`# user content domain access check`
			`# The project-id is zero prefixed. No actual user project uses these ids.`
			`# mongo-id 000000000000000000000000 -> 1970-01-01T00:00:00.000Z`
			`# mongo-id 000000010000000000000000 -> 1970-01-01T00:00:01.000Z`
			`# mongo-id 100000000000000000000000 -> 1978-07-04T21:24:16.000Z`
			`# This allows us to distinguish between check-traffic and regular output traffic.`
			`location ~ ^/project/0([0-9a-f]+)/user/([0-9a-f]+)/build/([0-9a-f-]+)/output/output\.pdf$ {`
			`if ($request_method = 'OPTIONS') {`
			`# handle OPTIONS method for CORS requests`
			`add_header 'Content-Type' 'text/plain charset=UTF-8';`
			`add_header 'Allow' 'GET,HEAD';`
			`return 200 'GET,HEAD';`
			`}`
			`alias /var/clsi/tiny.pdf;`
			`}`
			`location ~ ^/project/0([0-9a-f]+)/build/([0-9a-f-]+)/output/output\.pdf$ {`
			`if ($request_method = 'OPTIONS') {`
			`# handle OPTIONS method for CORS requests`
			`add_header 'Content-Type' 'text/plain charset=UTF-8';`
			`add_header 'Allow' 'GET,HEAD';`
			`return 200 'GET,HEAD';`
			`}`
			`alias /var/clsi/tiny.pdf;`
			`}`

Merge pull request #9053 from overleaf/jpa-dev-env-pdf-download-as-prod [misc] align clsi output file downloads in dev-env with production GitOrigin-RevId: 4c45ea3504b6d79a610dac5f57eb449fcc86be1c 2022-07-29 07:12:13 -04:00			`# handle output files for specific users`
			`location ~ ^/project/([0-9a-f]+)/user/([0-9a-f]+)/build/([0-9a-f-]+)/output/output\.([a-z]+)$ {`
			`if ($request_method = 'OPTIONS') {`
			`# handle OPTIONS method for CORS requests`
			`add_header 'Allow' 'GET,HEAD';`
			`return 204;`
			`}`
			`alias /output/$1-$2/generated-files/$3/output.$4;`
			`}`
			`# handle output files for anonymous users`
			`location ~ ^/project/([0-9a-f]+)/build/([0-9a-f-]+)/output/output\.([a-z]+)$ {`
			`if ($request_method = 'OPTIONS') {`
			`# handle OPTIONS method for CORS requests`
			`add_header 'Content-Type' 'text/plain charset=UTF-8';`
			`add_header 'Allow' 'GET,HEAD';`
			`return 200 'GET,HEAD';`
			`}`
			`alias /output/$1/generated-files/$2/output.$3;`
			`}`

			`# PDF range for specific users`
			`location ~ ^/project/([0-9a-f]+)/user/([0-9a-f]+)/content/([0-9a-f-]+/[0-9a-f]+)$ {`
			`if ($request_method = 'OPTIONS') {`
			`# handle OPTIONS method for CORS requests`
			`add_header 'Content-Type' 'text/plain charset=UTF-8';`
			`add_header 'Allow' 'GET,HEAD';`
			`return 200 'GET,HEAD';`
			`}`
			`# Cache for one day`
			`expires 1d;`
			`alias /output/$1-$2/content/$3;`
			`}`
			`# PDF range for anonymous users`
			`location ~ ^/project/([0-9a-f]+)/content/([0-9a-f-]+/[0-9a-f]+)$ {`
			`if ($request_method = 'OPTIONS') {`
			`# handle OPTIONS method for CORS requests`
			`add_header 'Content-Type' 'text/plain charset=UTF-8';`
			`add_header 'Allow' 'GET,HEAD';`
			`return 200 'GET,HEAD';`
			`}`
			`# Cache for one day`
			`expires 1d;`
			`alias /output/$1/content/$2;`
			`}`

			`# status endpoint for haproxy httpchk option`
			`location /status {`
			`return 200;`
			`}`

			`# load shedding probe`
			`location = /instance-state {`
			`alias /var/clsi/instance-state;`
			`}`
			`}`