Add stg related config for UI

.github/workflows/ci-ui.yaml

@@ -71,6 +71,7 @@ jobs:
           then
             echo "AWS_ROLE=STG_AWS_ROLE" >> $GITHUB_OUTPUT
             echo "PROJECT_PREFIX=sirn-stg-mb" >> $GITHUB_OUTPUT
+            echo "DEFAULT_CONF=default-stg.conf" >> $GITHUB_OUTPUT
             echo "SLACK_WEBHOOK_URL=DEV_SLACK_WEBHOOK_URL" >> $GITHUB_OUTPUT    
           elif [ $ENV == 'dev' ]
           then

ui/default-stg.conf

@@ -0,0 +1,69 @@
+map $http_x_forwarded_for $allow {
+    default 0;
+    "103.138.236.18" 1;
+    "103.181.238.106" 1;
+    "103.142.30.151" 1;
+    "61.2.142.186" 1;
+}
+
+server {
+  listen 5000;
+  server_name conductor;
+  server_tokens off;
+
+  location / {
+
+    if ($allow != 1) {
+        return 401;
+    }
+
+    add_header Referrer-Policy "strict-origin";
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+    add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.orkes.io *.googletagmanager.com *.pendo.io https://cdn.jsdelivr.net; worker-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;";
+    add_header Permissions-Policy "accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), hid=(), idle-detection=(), serial=(), window-placement=(self)";
+
+    # This would be the directory where your React app's static files are stored at
+    root /usr/share/nginx/html;
+    try_files $uri /index.html;
+  }
+
+  location /api {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_pass http://sirn-stg-mb-svc-conductor-server.sirn-stg-mb.local:8080/api;
+    proxy_ssl_session_reuse off;
+    proxy_set_header Host $http_host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_redirect off;
+  }
+
+  location /actuator {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_pass http://sirn-stg-mb-svc-conductor-server.sirn-stg-mb.local:8080/actuator;
+    proxy_ssl_session_reuse off;
+    proxy_set_header Host $http_host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_redirect off;
+  }
+
+  location /swagger-ui {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_pass http://sirn-stg-mb-svc-conductor-server.sirn-stg-mb.local:8080/swagger-ui;
+    proxy_ssl_session_reuse off;
+    proxy_set_header Host $http_host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_redirect off;
+  }
+
+    location /health {
+            access_log off;
+            add_header 'Content-Type' 'application/json';
+            return 200 '{"status":"UP"}';
+    }
+}