Skip to main content

Presentation

Le proxy redirige les requêtes vers xLoan. Les IP du proxy sont whitelistés côté xLoan.

Emplacement du fichier de configuration NGinx : cat /etc/nginx/sites-available/ftp-proxy

server {
    server_name cam-proxyftpxloan.ncit.cloud;

    proxy_read_timeout 300;
    proxy_connect_timeout 300;
    proxy_send_timeout 300;

    location /ftp {
        proxy_pass         http://localhost:5000;
        rewrite /ftp/(.*) /$1 break;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

    location /xloanwsrestCAMPRD {
        proxy_pass         http://172.20.187.1:8080/xloanwsrestCAMPRD;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location /xloanwsrestCAMRCT {
        proxy_pass         http://172.20.188.1:8081/xloanwsrestCAMRCT;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location /xloanwsrestCAMPRJ {
       proxy_pass         http://172.20.188.1:8082/xloanwsrestCAMPRJ;
       proxy_http_version 1.1;
       proxy_set_header   Upgrade $http_upgrade;
       proxy_set_header   Connection keep-alive;
       proxy_set_header   Host $host;
       proxy_cache_bypass $http_upgrade;
    }

    listen 443 ssl; # managed by Certbot
    allow 202.22.239.157; # allow CAM 1
    allow 202.171.79.23; # allow CAM 2
    allow 209.38.31.172; # allow NCIT
    allow 88.168.191.192; # allow Antony home
    allow 4.190.23.180; # allow Azure agent 1
    allow 4.190.23.188; # allow Azure agent 2
    allow 4.190.23.190; # allow Azure agent 3
    allow 4.190.23.201; # allow Azure agent 4
    allow 4.190.23.224; # allow Azure agent 5
    allow 4.190.23.233; # allow Azure agent 6
    allow 20.18.201.31; # allow Azure agent 7
    allow 20.18.201.54; # allow Azure agent 8
    allow 20.18.201.196; # allow Azure agent 9
    allow 20.18.201.203; # allow Azure agent 10
    allow 20.18.202.17; # allow Azure agent 11
    allow 20.48.16.247; # allow Azure agent 12
    allow 20.48.21.83; # allow Azure agent 13
    allow 20.48.21.242; # allow Azure agent 14
    allow 20.48.21.243; # allow Azure agent 15
    allow 20.48.40.122; # allow Azure agent 16
    allow 52.253.121.233; # allow Azure agent 17
    allow 138.91.0.30; # allow Azure agent 18
    allow 138.91.1.170; # allow Azure agent 19
    allow 138.91.1.173; # allow Azure agent 20
    allow 138.91.2.0; # allow Azure agent 21
    allow 138.91.4.43; # allow Azure agent 22
    deny all;
    ssl_certificate /etc/letsencrypt/live/cam-proxyftpxloan.ncit.cloud/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cam-proxyftpxloan.ncit.cloud/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}