updates to nginx to support subdomain apps

modules/docs/files/STORAGE_README

@@ -44,4 +44,17 @@ data from persistent instllations.
 
   6.) Confirm new data directory:
   $> sudo -u postgres psql -c "show data_directory"
-  
+
+--------------
+# Change NilmDB data directory
+
+1.) Create the destination folder and grant the joule user write access
+2.) Modify /etc/nilmdb/nilmdb.wsgi, replacing "/opt/data" with the desired path:
+     
+     import nilmdb.server
+     application = nilmdb.server.wsgi_application("/opt/data","/nilmdb")
+                                      #change this-----^
+3.) Restart NilmDB:
+    $> sudo service nilmdb restart
+4.) Confirm the new data directory
+    $> nilmtool info
\ No newline at end of file

modules/nginx/files/joule.conf

@@ -4,6 +4,8 @@
     proxy_set_header X-Auth-Required "true";
     proxy_http_version 1.1;
     proxy_buffering off;
+    proxy_request_buffering off;
+    client_max_body_size 0;
     proxy_set_header X-Forwarded-For $remote_addr;
     proxy_set_header X-Api-Port "443";
     proxy_set_header X-Api-Scheme "https";
@@ -34,9 +36,5 @@
     proxy_set_header X-App-Id $joule_proxy_id;
     proxy_set_header X-Auth-Required "true";
   }
-  # Lumen API REMOVE?
-  #location /lumen/ {
-  #  proxy_pass http://unix:/tmp/joule/api:/;
-  #  proxy_set_header X-Auth-Required "true";
-  #}
+
 

modules/nginx/files/lumen.conf

@@ -10,7 +10,11 @@
     passenger_app_root /opt/api;
     passenger_document_root /opt/api/public;
     passenger_enabled on;
+
     passenger_set_header X-App-Base-Uri "/app";
+    passenger_set_header X-App-Server-Name $server_name;
+    passenger_set_header X-App-Server-Scheme $scheme;
+    passenger_set_header X-Subdomain-Apps $subdomain_apps;
   }
   # Lumen reverse proxy for data apps
   location /app {

modules/nginx/templates/nginx.conf.erb

@@ -19,6 +19,8 @@ http {
 	tcp_nodelay on;
 	keepalive_timeout 65;
 	types_hash_max_size 2048;
+	# enable large uploads
+	client_max_body_size 0;
 	# server_tokens off;
 
 	# server_names_hash_bucket_size 64;
@@ -62,6 +64,7 @@ http {
 	include /etc/nginx/map.conf;
 	server{
 	  listen 80;
+	  set $subdomain_apps false; # set to true to enable subdomains (requires DNS)
 	  include /etc/nginx/docs.conf;
 	  include /etc/nginx/lumen.conf;
 	  <% if @nilmdb -%>
@@ -70,6 +73,7 @@ http {
 	}
 	server{
 	  listen 443 ssl;
+  	  set $subdomain_apps false; # set to true to enable subdomains (requires DNS)
 	  include /etc/nginx/lumen.conf;
 	  include /etc/nginx/joule.conf;
 	  <% if @nilmdb == true -%>
@@ -77,9 +81,38 @@ http {
 	  <% end -%>
 
 	  # Security configuration
-#	  ssl on;
+	  # Note: replace these with LetsEncrypt certificates or
+	  #   similar for public facing systems. For subdomain apps
+	  #   they must be a wildcard *.app.<yourdomain>
   	  ssl_certificate /etc/joule/security/server.crt;
   	  ssl_certificate_key /etc/joule/security/server.key;
 	}
+	
+	#     --- subdomain configuration for apps ---
+	# enable by setting $subdomain_apps in server blocks
+	 server{
+          listen 443 ssl;
+          server_name "~^(?<app_id>\d+)\.app\.(?<domain>.+)$";
+          location / {
+            proxy_pass "https://127.0.0.1/app/${app_id}${uri}?${args}";
+            proxy_hide_header Content-Security-Policy;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
+          }
+	  # must be a wildcard *.app.<yourdomain>
+  	  ssl_certificate /etc/joule/security/server.crt;
+  	  ssl_certificate_key /etc/joule/security/server.key;
+        }
+
+	server{
+          listen 80;
+          server_name "~^(?<app_id>\d+)\.app\.(?<domain>.+)$";
+          location / {
+            proxy_pass "http://127.0.0.1/app/${app_id}${uri}?${args}";
+            proxy_hide_header Content-Security-Policy;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
+          }
+        }
 
 }

site.pp

 
 node 'default' {
+  include common
   include timescaledb
   include rails_api
   include joule_labjack