add EEN CORS allowlist

[bgruening]

Don't merge yet, not clear if needed.

The EOSC EU Node wants to redirect users from the EU Node automatically, without login (SSO in the EOSC EU Node), back to Galaxy.

This might be needed. Thanks to Uwe for providing this snippet.

A review would be nice, so that I can merge and deploy it when it's needed.
See specifically the one comment in the code.

[mira-miracoli]

is galaxy_upstream correct? in other places we have just galaxy

infrastructure-playbook/templates/nginx/galaxy-main.j2

Line 6 in 0ffff4d

upstream galaxy {

infrastructure-playbook/templates/nginx/galaxy-main.j2

Line 44 in 0ffff4d

proxy_pass http://galaxy;

[mira-miracoli]

https://doc.traefik.io/traefik/reference/routing-configuration/http/middlewares/headers/
Traefik should add these and would overwrite if they are specified in the traefik config, which is not the case in service and router for usegalaxy.eu

[mira-miracoli]

Regarding the NGINX part, I can not 100% say if this is correct by just looking at it, I would need to test it

[kysrpex]

@mira-miracoli Björn came around this morning during the workshop and metioned that what's deployed on the server doesn't exactly match this PR, we'd have to look at what's actually deployed (and this PR would need to be updated).

[bgruening]

Updated the PR.

What I don't know is how to add:

    map $http_origin $cors_allow_origin {
        default "";
        ~^https://(?:usegalaxy\.eu|eosc-test-ds\.acc\.myaccessid\.org|open-science-cloud\.ec\.europa\.eu|www\.eosc\.athenarc\.gr|next-www\.dev-1\.eosc\.athenarc\.gr|www\.dev-1\.eosc\.athenarc\.gr|localhost:4200)$ $http_origin;
        ~^http://localhost:4200$ $http_origin;  # if you use HTTP locally
    }       
            

to the http section of /etc/nginx/nginx.conf