CenterForOpenScience · olehavramenko · Dec 12, 2025 · Dec 15, 2025 · Dec 16, 2025 · Dec 16, 2025
diff --git a/.gitignore b/.gitignore
@@ -1 +1,3 @@
-charts/
+charts/
+**/stage-4.yaml
+**/Chart.lock
diff --git a/angular-osf/Chart.yaml b/angular-osf/Chart.yaml
@@ -1,15 +1,21 @@
-apiVersion: v1
-description: An Angular application for the Open Science Framework
+apiVersion: v2
 name: angular-osf
-version: 0.0.4
+description: Angular OSF application
+type: application
+version: 1.0.0
 keywords:
   - angular
+dependencies:
+  # - name: cos-common
+  #   version: 1.0.0
+  #   repository: "file://../cos-common"
+  - name: cos-common
+    version: 1.0.0
+    repository: https://centerforopenscience.github.io/helm-charts/
 maintainers:
   - name: Matt Frazier
     email: matt@cos.io
     url: https://github.com/mfraezz
   - name: Uditi Mehta
     email: uditi@cos.io
     url: https://github.com/uditijmehta
-engine: gotpl
-tillerVersion: '>=2.7.0'
diff --git a/angular-osf/files/nginx.conf b/angular-osf/files/nginx.conf
@@ -0,0 +1,320 @@
+user nginx;
+worker_processes 1;
+
+load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
+{{- if .Values.main.nginx.vts.enabled }}
+load_module /usr/lib/nginx/modules/ngx_http_geoip_module.so;
+load_module /usr/lib/nginx/modules/ngx_http_vhost_traffic_status_module.so;
+{{- end }}
+{{- range .Values.main.nginx.modules }}
+load_module {{ . }};
+{{- end }}
+
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $upstream_cache_status $remote_user [$time_local] '
+                    '"$request" $status $body_bytes_sent '
+                    '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" '
+                    'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"'
+                    ' Proxy: "$proxy_host" "$upstream_addr"'
+                    ' URI: "$uri"'
+                    ' Prerender: "$prerender"';
+    access_log /var/log/nginx/access.log main;
+
+    real_ip_header {{ .Values.main.nginx.realIpHeader }};
+    real_ip_recursive {{ .Values.main.nginx.realIpRecursive }};
+    {{- range .Values.main.nginx.proxySourceRanges }}
+    set_real_ip_from {{ . }};
+    {{- end }}
+
+    {{- if .Values.main.nginx.vts.enabled }}
+    geoip_country       /etc/nginx/GeoIP.dat;
+    geoip_city          /etc/nginx/GeoLiteCity.dat;
+    geoip_proxy_recursive on;
+    {{- range .Values.main.nginx.proxySourceRanges }}
+    geoip_proxy {{ . }};
+    {{- end }}
+
+    vhost_traffic_status_zone shared:vhost_traffic_status:{{ .Values.main.nginx.vts.statusZoneSize }};
+    vhost_traffic_status_filter_by_set_key {{ .Values.main.nginx.vts.defaultFilterKey }};
+    {{- end }}
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 620s;
+    types_hash_max_size 2048;
+#   sendfile_max_chunk 512;
+    server_tokens off;
+
+    gzip on;
+    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
+    gzip_comp_level 2;
+    gzip_min_length 512;
+    gzip_proxied any;
+    gzip_vary on;
+    gzip_types text/plain text/css image/svg+xml application/javascript application/x-javascript text/xml application/xml text/javascript application/json application/xml+rss application/vnd.api+json;
+
+    brotli on;
+    brotli_types text/plain text/css image/svg+xml application/javascript application/x-javascript text/xml application/xml text/javascript application/json application/xml+rss application/vnd.api+json;
+
+    {{- if .Values.main.nginx.vts.enabled }}
+    server {
+        listen {{ .Values.main.nginx.vts.internalPort }};
+        server_name _;
+
+        location /healthz {
+            access_log off;
+            return 200;
+        }
+
+        location /nginx_status {
+            vhost_traffic_status_display;
+            vhost_traffic_status_display_format html;
+        }
+    }
+    {{- end }}
+
+
+    {{- if .Values.main.nginx.brandedSubdomains }}
+    server {
+        listen {{ .Values.main.http.containers.nginx.internalPort }};
+        server_name "~^(?<sub>({{ join "|" .Values.main.nginx.brandedSubdomains }}))\.{{ .Values.main.nginx.primaryDomain | replace "." "\\." }}$";
+        {{- if .Values.main.prerender.enabled }}
+        set $prerender 0;
+
+        if ($http_user_agent ~* "baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator|googlebot|google-inspectiontool|archive.org_bot|pingbot") {
+            set $prerender 1;
+        }
+
+        # Google translate
+        if ($http_referer ~* "translate\.googleusercontent\.com") {
+            set $prerender 1;
+        }
+
+        if ($args ~* "_escaped_fragment_") {
+            set $prerender 1;
+        }
+
+        if ($http_user_agent ~* "prerender") {
+            set $prerender 0;
+        }
+
+        if ($uri ~* "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|ttf|woff)") {
+            set $prerender 0;
+        }
+
+        # Exclude download links from prerender
+        if ($uri ~* ^/download.*) {
+            set $prerender 0;
+        }
+
+        if ($arg_action ~* "download") {
+            set $prerender 0;
+        }
+
+        if ($uri ~* ^/\w+/download(/?$|/.*)) {
+            set $prerender 0;
+        }
+
+        if ($uri ~* ^/preprints/(\w+/download|\w+/\w+/download)(/?$|/.*)) {
+            set $prerender 0;
+        }
+        {{- end }}
+
+
+        if ($http_x_forwarded_proto = "http") {
+            return 301 https://$host$request_uri;
+        }
+
+        location = /favicon.ico {
+            # TODO: determine real favicon location
+            alias /static/assets/images/favicon.ico;
+        }
+
+        location = /robots.txt {
+            alias /static/robots.txt;
+        }
+
+        location / {
+            {{- if .Values.main.prerender.enabled }}
+            if ($prerender = 1) {
+                rewrite .* /https://$host$request_uri? break;
+                proxy_pass http://{{ .Values.main.prerender.service.name }}:{{ .Values.main.prerender.service.externalPort }};
+            }
+            {{- end }}
+
+            if ($request_uri ~* "^/\w{5}(/.*)?/?$") {
+            return 307 https://{{ .Values.main.nginx.primaryDomain }}$request_uri;
+            }
+            return 307 https://{{ .Values.main.nginx.primaryDomain }}/registries/$sub$request_uri;
+        }
+
+    }
+    {{- end }}
+
+    {{- if .Values.main.nginx.preprintDomainMap }}
+    {{- range $key, $val := .Values.main.nginx.preprintDomainMap }}
+    server {
+        listen {{ .Values.main.http.containers.nginx.internalPort }};
+        server_name {{ $key }};
+        return 301 https://{{ $.Values.main.nginx.primaryDomain }}/preprints/{{ $val }}$request_uri;
+    }
+    {{- end }}
+    {{- end }}
+
+    {{- if .Values.main.nginx.institutionDomainMap }}
+    {{- range $key, $val := .Values.main.nginx.institutionDomainMap }}
+    server {
+        listen {{ .Values.main.http.containers.nginx.internalPort }};
+        server_name {{ $key }};
+        return 301 https://{{ $.Values.main.nginx.primaryDomain }}/institutions/{{ $val }}$request_uri;
+    }
+    {{- end }}
+    {{- end }}
+
+    server {
+        listen {{ .Values.main.http.containers.nginx.internalPort }} default_server;
+        server_name _;
+
+        client_max_body_size 25M;
+        keepalive_timeout 620s;
+
+        root /static;
+        index index.html;
+        {{- if .Values.main.prerender.enabled }}
+        set $prerender 0;
+
+        if ($http_user_agent ~* "baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator|googlebot|google-inspectiontool|archive.org_bot|pingbot") {
+            set $prerender 1;
+        }
+
+        # Google translate
+        if ($http_referer ~* "translate\.googleusercontent\.com") {
+            set $prerender 1;
+        }
+
+        if ($args ~* "_escaped_fragment_") {
+            set $prerender 1;
+        }
+
+        if ($http_user_agent ~* "prerender") {
+            set $prerender 0;
+        }
+
+        if ($uri ~* "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|ttf|woff)") {
+            set $prerender 0;
+        }
+
+        # Exclude download links from prerender
+        if ($uri ~* ^/download.*) {
+            set $prerender 0;
+        }
+
+        if ($arg_action ~* "download") {
+            set $prerender 0;
+        }
+
+        if ($uri ~* ^/\w+/download(/?$|/.*)) {
+            set $prerender 0;
+        }
+
+        if ($uri ~* ^/preprints/(\w+/download|\w+/\w+/download)(/?$|/.*)) {
+            set $prerender 0;
+        }
+        {{- end }}
+
+        if ($http_x_forwarded_proto = "http") {
+            return 301 https://$host$request_uri;
+        }
+
+        location = /healthz {
+            access_log off;
+            return 200;
+        }
+
+        location = /robots.txt {
+            alias /static/robots.txt;
+        }
+
+        location = /favicon.ico {
+            # TODO: determine real favicon location
+            alias /static/assets/images/favicon.ico;
+        }
+
+
+        {{- if (index .Values.main.nginx "additionalConfig") }}
+        {{- .Values.main.nginx.additionalConfig | nindent 10 }}
+        {{- end }}
+
+        include /etc/nginx/conf.d/*.conf;
+
+        location ~* ^/share(/?$|/.*) {
+            return 301 {{ .Values.main.share.url }};
+        }
+
+        location / {
+            {{- if .Values.main.prerender.enabled }}
+            if ($prerender = 1) {
+                rewrite .* /https://$host$request_uri? break;
+                proxy_pass http://{{ .Values.main.prerender.service.name }}:{{ .Values.main.prerender.service.externalPort }};
+            }
+            {{- end }}
+
+            # Disable caching of application requests
+            #add_header Cache-Control "no-cache, no-store, max-age=0, must-revalidate";
+            #add_header Expires "-1";
+            #add_header Pragma "no-cache";
+
+            # Don't cache index.html and main bundle files
+            location ~* (?:index\.html|main.*\.js|\.json)$ {
+                expires -1;
+                add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+            }
+
+            # Cache static assets
+            location ~* \.(?:jpg|jpeg|gif|png|ico|svg|woff|woff2|ttf|eot|css|js)$ {
+                expires 1y;
+                add_header Cache-Control "public, immutable";
+                access_log off;
+            }
+
+
+            # URL rewrites
+            rewrite "^/project/.*?/node/(.*)" https://$host/$1 permanent;
+            rewrite "^/project/([a-zA-Z0-9]{5,}.*)" https://$host/$1 permanent;
+            rewrite "^/profile/([a-zA-Z0-9]{5,})" https://$host/$1 permanent;
+            rewrite "^/([a-zA-Z0-9]{5})/download(/.*)?" https://$host/download/$1 permanent;
+            {{- range .Values.main.nginx.additionalRewrites }}
+            {{ . }}
+            {{- end }}
+            if ($args ~* "(.*)action=download(.*)") {
+                set $args "$1$2";
+                rewrite "^/([a-zA-Z0-9]{5})(/.*)?" https://$host/download/$1 permanent;
+            }
+
+            try_files $uri $uri/ /index.html;
+        }
+    }
+
+    {{- if .Values.main.nginx.redirects.enabled }}
+    # WARNING: Must remain at the bottom to ensure connections default to
+    # the first server configuration for institutions
+    {{- range $value := .Values.main.nginx.redirects.domains }}
+    server {
+        listen {{ .Values.main.http.containers.nginx.internalPort }};
+        server_name {{ $value.from | join " " }};
+        return 301 https://{{ $value.to }}$request_uri;
+    }
+    {{- end }}
+    {{- end }}
+}