grafana/devenv/frontend-service/configs/nginx.conf

otel_exporter {
  endpoint alloy:4317;
}

otel_service_name "proxy";

###
# Instance
###
upstream backend {
  server grafana-api:3000;
}

upstream frontend {
  server frontend-service:3000;
}

map "$request_method:$cookie_fs_unavailable" $reject_login {
  default  0;
  "POST:1" 1;
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
  listen 80;
  server_name _;

  otel_trace         on;
  otel_trace_context propagate;
  otel_span_name "$request_method Request";

  location ~ ^/-/down/?$ {
    add_header Set-Cookie "fs_unavailable=true; Max-Age=60; Path=/; HttpOnly" always;
    return 302 $scheme://$http_host/;
  }

  location ~ ^/-/down/(?<age>\d+)/?$ {
    add_header Set-Cookie "fs_unavailable=true; Max-Age=$age; Path=/; HttpOnly" always;
    return 302 $scheme://$http_host/;
  }

  location ~ ^/-/up/?$ {
    return 302 $scheme://$http_host/-/down/0;
  }

  # Special‐case POST /login to backend, GET to frontend
  location = /login {
    proxy_set_header Host              $host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    if ($reject_login) {
      add_header    Content-Type application/json always;
      return 503 '{"code":"Loading", "message": "Soon!"}';
    }

    if ($request_method = POST) {
      proxy_pass http://backend;
      break;
    }

    if ($request_method = GET) {
      proxy_pass http://frontend;
      break;
    }

    return 405;
  }

  # API calls go to the backend
  location ~ ^/(api|apis|avatar|bootdata|render|logout|public\/plugins|goto) {
    # Add debug headers to the response
    add_header Nginx-Trace-Id $otel_trace_id always;
    add_header Nginx-Route "backend" always;

    if ($cookie_fs_unavailable) {
      add_header Content-Type application/json always;
      return 503 '{"code":"Loading", "message": "Soon!"}';
    }

    proxy_pass http://backend;
    proxy_set_header Host              $host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  # Everything else to the frontend
  location / {
    # Add debug headers to the response
    add_header Nginx-Trace-Id $otel_trace_id always;
    add_header Nginx-Route "frontend" always;

    proxy_pass http://frontend;
    proxy_set_header Host              $host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}


###
# CDN
###
map $request $loggable {
  default 1;
  "~^\x16\x03" 0;
}

server {
  listen 81;
  server_name localhost;
  root /cdn;

  # Enable directory listing
  autoindex on;
  autoindex_exact_size off;
  autoindex_format html;
  autoindex_localtime on;

  add_header Cache-Control "no-cache, no-store, must-revalidate" always;
  add_header Pragma "no-cache" always;
  add_header Expires "0" always;
  add_header Access-Control-Allow-Origin "*" always;
  add_header Access-Control-Allow-Headers "X-Grafana-Device-Id" always;

  # Suppress access log for malformed HTTPS requests (those starting with a TLS handshake)
  access_log  /var/log/nginx/access.log  main if=$loggable;

  # This serves paths like /grafana/12.1.0-88106/public/build/foo
  location ~ ^/grafana[^/]*/[^/]+/(.*)$ {
    alias /cdn/$1;
  }
}