Commit 5623a1da by Tyler Hallada Committed by GitHub

Insights Cloudfront CDN configuration (#3961)

* Initialize INSIGHTS_CLOUDFRONT to null

* Put cloudfront domain under INSIGHTS_CONFIG

* Use INSIGHTS_CLOUDFRONT_DOMAIN in insights config

* Define INSIGHTS_CLOUDFRONT_DOMAIN null by default

* Set CORS_ORIGIN_WHITELIST to INSIGHTS_DOMAIN

* Add CORS header to Insights static files

* Split CORS whitelist into default and extra

* Allow HEAD, GET, OPTIONS in Insights static

* Try setting CORS Origin to $http_origin

* Use if cond to enable/disable CORS instead of map

* Missing space

* Don't initialize $cors

* Back to the old $cors_origin map

* Don't send CORS whitelist to django settings

* Replace tab with spaces

* Remove allow_all var, and update changelog

* Rename CLOUDFRONT to CDN in var name
parent f05666f9
......@@ -303,3 +303,8 @@
- Role: insights
- Removed `SUPPORT_EMAIL` setting from `INSIGHTS_CONFIG`, as it is was replaced by `SUPPORT_URL`.
- Role: insights
- Added `INSIGHTS_DOMAIN` to configure the domain Insights is deployed on
- Added `INSIGHTS_CLOUDFRONT_DOMAIN` to configure the domain static files can be served from
- Added `INSIGHTS_CORS_ORIGIN_WHITELIST_EXTRA` to configure allowing CORS on domains other than the `INSIGHTS_DOMAIN`
......@@ -51,6 +51,8 @@ INSIGHTS_THEME_SCSS: 'sass/themes/open-edx.scss'
INSIGHTS_RESEARCH_URL: 'https://www.edx.org/research-pedagogy'
INSIGHTS_OPEN_SOURCE_URL: 'http://set-me-please'
INSIGHTS_DOMAIN: 'insights'
# Comma-delimited list of field names to include in the Learner List CSV download
# e.g., "username,segments,cohort,engagements.videos_viewed,last_updated"
# Default (null) includes all available fields, in alphabetical order
......@@ -79,6 +81,13 @@ INSIGHTS_LMS_COURSE_SHORTCUT_BASE_URL: "URL_FOR_LMS_COURSE_LIST_PAGE"
INSIGHTS_SESSION_EXPIRE_AT_BROWSER_CLOSE: false
INSIGHTS_CDN_DOMAIN: !!null
INSIGHTS_CORS_ORIGIN_WHITELIST_EXTRA: []
INSIGHTS_CORS_ORIGIN_WHITELIST_DEFAULT:
- "{{ INSIGHTS_DOMAIN }}"
INSIGHTS_CORS_ORIGIN_WHITELIST: "{{ INSIGHTS_CORS_ORIGIN_WHITELIST_DEFAULT + INSIGHTS_CORS_ORIGIN_WHITELIST_EXTRA }}"
#
# This block of config is dropped into /edx/etc/insights.yml
# and is read in by analytics_dashboard/settings/production.py
......@@ -136,6 +145,8 @@ INSIGHTS_CONFIG:
SESSION_EXPIRE_AT_BROWSER_CLOSE: "{{ INSIGHTS_SESSION_EXPIRE_AT_BROWSER_CLOSE }}"
CMS_COURSE_SHORTCUT_BASE_URL: "{{ INSIGHTS_CMS_COURSE_SHORTCUT_BASE_URL }}"
LEARNER_API_LIST_DOWNLOAD_FIELDS: "{{ INSIGHTS_LEARNER_API_LIST_DOWNLOAD_FIELDS }}"
# CDN url to serve assets from
CDN_DOMAIN: "{{ INSIGHTS_CDN_DOMAIN }}"
INSIGHTS_NEWRELIC_APPNAME: "{{ COMMON_ENVIRONMENT }}-{{ COMMON_DEPLOYMENT }}-analytics-api"
INSIGHTS_PIP_EXTRA_ARGS: "-i {{ COMMON_PYPI_MIRROR_URL }}"
......
......@@ -4,6 +4,19 @@ upstream insights_app_server {
{% endfor %}
}
# The Origin request header indicates where a fetch originates from. It doesn't include any path information,
# but only the server name (e.g. https://www.example.com).
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin for details.
#
# Here we set the value that is included in the Access-Control-Allow-Origin response header. If the origin is one
# of our known hosts--served via HTTP or HTTPS--we allow for CORS. Otherwise, we set the "null" value, disallowing CORS.
map $http_origin $cors_origin {
default "null";
{% for host in INSIGHTS_CORS_ORIGIN_WHITELIST %}
"~*^https?:\/\/{{ host|replace('.', '\.') }}$" $http_origin;
{% endfor %}
}
server {
listen {{ INSIGHTS_NGINX_PORT }} default_server;
......@@ -20,6 +33,13 @@ server {
location ~ ^/static/(?P<file>.*) {
root {{ COMMON_DATA_DIR }}/{{ insights_service_name }};
add_header Cache-Control "max-age=31536000";
add_header 'Access-Control-Allow-Origin' $cors_origin;
add_header 'Access-Control-Allow-Methods' 'HEAD, GET, OPTIONS';
# Inform downstream caches to take certain headers into account when reading/writing to cache.
add_header 'Vary' 'Accept-Encoding,Origin';
try_files /staticfiles/$file =404;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment