initial aps base

nginx-ingress/entrypoint.sh

@@ -1,5 +1,13 @@
 #!/bin/sh
 
+if [[ $APS_APP_URL ]]; then
+  sed -i s%http:\/\/activiti-app:8080%"$APS_APP_URL"%g /etc/nginx/nginx.conf
+fi
+
+if [[ $APS_ADMIN_URL ]]; then
+  sed -i s%http:\/\/activiti-admin:8080%"$APS_ADMIN_URL"%g /etc/nginx/nginx.conf
+fi
+
 if [[ $ACCESS_LOG ]]; then
   sed -i s%\#ENV_ACCESS_LOG%"access_log $ACCESS_LOG;"%g /etc/nginx/nginx.conf
 fi

nginx-ingress/nginx.conf

@@ -25,5 +25,35 @@ http {
         proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_pass_header Set-Cookie;
+        
+        # Protect access to SOLR APIs
+        location ~ ^(/.*/service/api/solr/.*)$ {return 403;}
+        location ~ ^(/.*/s/api/solr/.*)$ {return 403;}
+        location ~ ^(/.*/wcservice/api/solr/.*)$ {return 403;}
+        location ~ ^(/.*/wcs/api/solr/.*)$ {return 403;}
+
+        location ~ ^(/.*/proxy/alfresco/api/solr/.*)$ {return 403 ;}
+        location ~ ^(/.*/-default-/proxy/alfresco/api/.*)$ {return 403;}
+        
+        # Protect access to Prometheus endpoint
+        location ~ ^(/.*/s/prometheus)$ {return 403;}
+        
+        location / {
+            return 301 $scheme://$http_host/activiti-app;
+        }
+
+        location /activiti-app/ {
+            proxy_pass http://activiti-app:8080;
+
+            # If using external proxy / load balancer (for initial redirect if no trailing slash)
+            absolute_redirect off;
+        }
+
+        location /activiti-admin/ {
+            proxy_pass http://activiti-admin:8080;
+
+            # If using external proxy / load balancer (for initial redirect if no trailing slash)
+            absolute_redirect off;
+        }
     }
 }