test/salt/pillar/examples/nginx_workbench_configuration.sls

   1 ---
   2 {%- if grains.os_family in ('RedHat',) %}
   3   {%- set group = 'nginx' %}
   4 {%- else %}
   5   {%- set group = 'www-data' %}
   6 {%- endif %}
   7
   8 ### ARVADOS
   9 arvados:
  10   config:
  11     group: {{ group }}
  12
  13 ### NGINX
  14 nginx:
  15   ### SERVER
  16   server:
  17     config:
  18
  19       ### STREAMS
  20       http:
  21         upstream workbench_upstream:
  22           - server: '127.0.0.2:9000 fail_timeout=10s'
  23
  24   ### SITES
  25   servers:
  26     managed:
  27       ### DEFAULT
  28       arvados_workbench_default.conf:
  29         enabled: true
  30         overwrite: true
  31         config:
  32           - server:
  33             - server_name: workbench.fixme.example.net
  34             - listen:
  35               - 80
  36             - location /.well-known:
  37               - root: /var/www
  38             - location /:
  39               - return: '301 https://$host$request_uri'
  40
  41       arvados_workbench_ssl.conf:
  42         enabled: true
  43         overwrite: true
  44         config:
  45           - server:
  46             - server_name: workbench.fixme.example.net
  47             - listen:
  48               - 443 http2 ssl
  49             - index: index.html index.htm
  50             - location /:
  51               - proxy_pass: 'http://workbench_upstream'
  52               - proxy_read_timeout: 300
  53               - proxy_connect_timeout: 90
  54               - proxy_redirect: 'off'
  55               - proxy_set_header: X-Forwarded-Proto https
  56               - proxy_set_header: 'Host $http_host'
  57               - proxy_set_header: 'X-Real-IP $remote_addr'
  58               - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
  59             - include: 'snippets/ssl_hardening_default.conf'
  60             # - include: 'snippets/letsencrypt.conf'
  61             - include: 'snippets/ssl_snakeoil.conf'
  62             - access_log: /var/log/nginx/workbench.fixme.example.net.access.log combined
  63             - error_log: /var/log/nginx/workbench.fixme.example.net.error.log
  64
  65       arvados_workbench_upstream.conf:
  66         enabled: true
  67         overwrite: true
  68         config:
  69           - server:
  70             - listen: '127.0.0.2:9000'
  71             - server_name: workbench
  72             - root: /var/www/arvados-workbench/current/public
  73             - index:  index.html index.htm
  74             - passenger_enabled: 'on'
  75             # yamllint disable-line rule:line-length
  76             - access_log: /var/log/nginx/workbench.fixme.example.net-upstream.access.log combined
  77             - error_log: /var/log/nginx/workbench.fixme.example.net-upstream.error.log