test/salt/pillar/examples/nginx_webshell_configuration.sls

   1 ---
   2 ### NGINX
   3 nginx:
   4   ### SERVER
   5   server:
   6     config:
   7
   8       ### STREAMS
   9       http:
  10         upstream webshell_upstream:
  11           - server: '127.0.0.2:4200 fail_timeout=10s'
  12
  13   ### SITES
  14   servers:
  15     managed:
  16       arvados_webshell_default:
  17         enabled: true
  18         overwrite: true
  19         config:
  20           - server:
  21             - server_name: webshell.fixme.example.net
  22             - listen:
  23               - 80
  24             - location /.well-known:
  25               - root: /var/www
  26             - location /:
  27               - return: '301 https://$host$request_uri'
  28
  29       arvados_webshell_ssl:
  30         enabled: true
  31         overwrite: true
  32         config:
  33           - server:
  34             - server_name: webshell.fixme.example.net
  35             - listen:
  36               - 443 http2 ssl
  37             - index: index.html index.htm
  38             - location /shell.fixme.example.net:
  39               - proxy_pass: 'http://webshell_upstream'
  40               - proxy_read_timeout: 90
  41               - proxy_connect_timeout: 90
  42               - proxy_set_header: 'Host $http_host'
  43               - proxy_set_header: 'X-Real-IP $remote_addr'
  44               - proxy_set_header: X-Forwarded-Proto https
  45               - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
  46               - proxy_ssl_session_reuse: 'off'
  47
  48               - "if ($request_method = 'OPTIONS')":
  49                 - add_header: "'Access-Control-Allow-Origin' '*'"
  50                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
  51                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
  52                 - add_header: "'Access-Control-Max-Age' 1728000"
  53                 - add_header: "'Content-Type' 'text/plain charset=UTF-8'"
  54                 - add_header: "'Content-Length' 0"
  55                 - return: 204
  56
  57               - "if ($request_method = 'POST')":
  58                 - add_header: "'Access-Control-Allow-Origin' '*'"
  59                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
  60                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
  61
  62               - "if ($request_method = 'GET')":
  63                 - add_header: "'Access-Control-Allow-Origin' '*'"
  64                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
  65                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
  66
  67             # - include: 'snippets/letsencrypt.conf'
  68             - include: 'snippets/snakeoil.conf'
  69             - access_log: /var/log/nginx/webshell.fixme.example.net.access.log combined
  70             - error_log: /var/log/nginx/webshell.fixme.example.net.error.log
  71