From 4b30b9b2239eff317273444f21d971133181a695 Mon Sep 17 00:00:00 2001
From: Hector Correa <hector@hectorcorrea.com>
Date: Wed, 15 Jan 2025 13:45:09 -0500
Subject: [PATCH] Updated the datacommons config files with the same changes
 that we did in https://github.com/pulibrary/princeton_ansible/pull/5744
 (#5748)

---
 .../files/conf/http/datacommons.conf          |  9 +++-
 .../files/conf/http/datacommons_staging.conf  |  9 +++-
 .../files/conf/http/pdc-describe_prod.conf    | 41 +++----------------
 .../files/conf/http/pdc-describe_staging.conf |  5 +++
 4 files changed, 26 insertions(+), 38 deletions(-)

diff --git a/roles/nginxplus/files/conf/http/datacommons.conf b/roles/nginxplus/files/conf/http/datacommons.conf
index 1b5144705..2ac4849a7 100644
--- a/roles/nginxplus/files/conf/http/datacommons.conf
+++ b/roles/nginxplus/files/conf/http/datacommons.conf
@@ -1,3 +1,8 @@
+# ================
+# PLEASE NOTE THAT if you make changes to this file you probably also
+# want to make the same changes to pdc-describe|discovery_prod.conf
+# ================
+
 # Ansible managed
 proxy_cache_path /var/cache/nginx/discovery-prod/ keys_zone=discovery-prodcache:10m;
 proxy_cache_path /var/cache/nginx/describe-prod/ keys_zone=describe-prodcache:10m;
@@ -39,7 +44,7 @@ server {
     ssl_prefer_server_ciphers  on;
     client_max_body_size       0;
 
-    # Redirect top level traffic to /discovery 
+    # Redirect top level traffic to /discovery
     # until the top level has content.
     location / {
         return 302 https://$server_name/discovery/;
@@ -57,6 +62,8 @@ server {
 	}
 
     location /describe/ {
+        app_protect_enable off;
+
         proxy_pass http://describe/describe/;
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Real-IP $remote_addr;
diff --git a/roles/nginxplus/files/conf/http/datacommons_staging.conf b/roles/nginxplus/files/conf/http/datacommons_staging.conf
index 3a2bacd80..3ae886c33 100644
--- a/roles/nginxplus/files/conf/http/datacommons_staging.conf
+++ b/roles/nginxplus/files/conf/http/datacommons_staging.conf
@@ -1,3 +1,8 @@
+# ================
+# PLEASE NOTE THAT if you make changes to this file you probably also
+# want to make the same changes to pdc-describe|discovery_staging.conf
+# ================
+
 # Ansible managed
 proxy_cache_path /var/cache/nginx/discovery-staging/ keys_zone=discovery-stagingcache:10m;
 proxy_cache_path /var/cache/nginx/describe-staging/ keys_zone=describe-stagingcache:10m;
@@ -40,7 +45,7 @@ server {
     ssl_prefer_server_ciphers  on;
     client_max_body_size       0;
 
-    # Redirect top level traffic to /discovery 
+    # Redirect top level traffic to /discovery
     # until the top level has content.
     location / {
         return 302 https://$server_name/discovery/;
@@ -57,6 +62,8 @@ server {
 	}
 
     location /describe/ {
+        app_protect_enable off;
+
         proxy_pass http://staging-describe/describe/;
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Real-IP $remote_addr;
diff --git a/roles/nginxplus/files/conf/http/pdc-describe_prod.conf b/roles/nginxplus/files/conf/http/pdc-describe_prod.conf
index e57c548a4..2ea67e1ee 100644
--- a/roles/nginxplus/files/conf/http/pdc-describe_prod.conf
+++ b/roles/nginxplus/files/conf/http/pdc-describe_prod.conf
@@ -1,3 +1,8 @@
+# ================
+# PLEASE NOTE THAT if you make changes to this file you probably also
+# want to make the same changes to datacommons.conf
+# ================
+
 # Ansible managed
 proxy_cache_path /var/cache/nginx/pdc-describe-prod/ keys_zone=pdc-describe-prodcache:10m;
 
@@ -12,15 +17,6 @@ upstream pdc-describe-prod {
           zone=pdcdescribeprodclient_sessions:1m;
 }
 
-#server {
-#    listen 80;
-#    server_name datacommons.princeton.edu;
-
-#    location / {
-#        return 301 https://$server_name$request_uri;
-#    }
-#}
-
 server {
     listen 80;
     server_name pdc-describe-prod.princeton.edu;
@@ -30,33 +26,6 @@ server {
     }
 }
 
-#server {
-#    listen 443 ssl http2;
-#    server_name datacommons.princeton.edu;
-
-#    ssl_certificate            /etc/letsencrypt/live/pdc-describe-prod/fullchain.pem;
-#    ssl_certificate_key        /etc/letsencrypt/live/pdc-describe-prod/privkey.pem;
-#    ssl_session_cache          shared:SSL:1m;
-#    ssl_prefer_server_ciphers  on;
-
-    # Redirect top level traffic to /describe
-    # until the top level has content.
-#    location / {
-#        return 302 https://$server_name/describe/;
-#    }
-
-#    location /describe/ {
-#        proxy_pass http://pdc-describe-prod/describe/;
-#        proxy_set_header X-Forwarded-Host $host;
-#        proxy_set_header X-Real-IP $remote_addr;
-#        proxy_cache pdc-describe-prodcache;
-        # health_check interval=10 fails=3 passes=2;
-#    }
-
-#    include /etc/nginx/conf.d/templates/prod-maintenance.conf;
-
-#}
-
 server {
     listen 443 ssl http2;
     server_name pdc-describe-prod.princeton.edu;
diff --git a/roles/nginxplus/files/conf/http/pdc-describe_staging.conf b/roles/nginxplus/files/conf/http/pdc-describe_staging.conf
index 490c24741..aeaf1f184 100644
--- a/roles/nginxplus/files/conf/http/pdc-describe_staging.conf
+++ b/roles/nginxplus/files/conf/http/pdc-describe_staging.conf
@@ -1,3 +1,8 @@
+# ================
+# PLEASE NOTE THAT if you make changes to this file you probably also
+# want to make the same changes to datacommons_staging.conf
+# ================
+
 # Ansible managed
 proxy_cache_path /var/cache/nginx/pdc-describe-staging/ keys_zone=pdc-describe-stagingcache:10m;