e28fb9a67c3b036dfdd297d432a2db417cbfa729
[arvados-formula.git] / test / salt / pillar / examples / nginx_webshell_configuration.sls
1 ---
2 ### NGINX
3 nginx:
4   ### SERVER
5   server:
6     config:
7
8       ### STREAMS
9       http:
10         {%- for shell_node, params in %}
11         upstream webshell_upstream:
12           - server: 'shell.internal:4200 fail_timeout=10s'
13
14   ### SITES
15   servers:
16     managed:
17       arvados_webshell_default.conf:
18         enabled: true
19         overwrite: true
20         config:
21           - server:
22             - server_name: webshell.fixme.example.net
23             - listen:
24               - 80
25             - location /.well-known:
26               - root: /var/www
27             - location /:
28               - return: '301 https://$host$request_uri'
29
30       arvados_webshell_ssl.conf:
31         enabled: true
32         overwrite: true
33         config:
34           - server:
35             - server_name: webshell.fixme.example.net
36             - listen:
37               - 443 http2 ssl
38             - index: index.html index.htm
39             - location /shell.fixme.example.net:
40               - proxy_pass: 'http://webshell_upstream'
41               - proxy_read_timeout: 90
42               - proxy_connect_timeout: 90
43               - proxy_set_header: 'Host $http_host'
44               - proxy_set_header: 'X-Real-IP $remote_addr'
45               - proxy_set_header: X-Forwarded-Proto https
46               - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
47               - proxy_ssl_session_reuse: 'off'
48
49               - "if ($request_method = 'OPTIONS')":
50                 - add_header: "'Access-Control-Allow-Origin' '*'"
51                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
52                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
53                 - add_header: "'Access-Control-Max-Age' 1728000"
54                 - add_header: "'Content-Type' 'text/plain charset=UTF-8'"
55                 - add_header: "'Content-Length' 0"
56                 - return: 204
57
58               - "if ($request_method = 'POST')":
59                 - add_header: "'Access-Control-Allow-Origin' '*'"
60                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
61                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
62
63               - "if ($request_method = 'GET')":
64                 - add_header: "'Access-Control-Allow-Origin' '*'"
65                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
66                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
67             - include: 'snippets/ssl_hardening_default.conf'
68             # - include: 'snippets/letsencrypt.conf'
69             - include: 'snippets/ssl_snakeoil.conf'
70             - access_log: /var/log/nginx/webshell.fixme.example.net.access.log combined
71             - error_log: /var/log/nginx/webshell.fixme.example.net.error.log
72