---
-{% set nginx_log = '/var/log/nginx' %}
+{%- if grains.os_family in ('RedHat',) %}
+ {%- set group = 'nginx' %}
+{%- else %}
+ {%- set group = 'www-data' %}
+{%- endif %}
### ARVADOS
arvados:
config:
- group: www-data
+ group: {{ group }}
### NGINX
nginx:
### STREAMS
http:
upstream workbench_upstream:
- - server: '127.0.0.1:9000 fail_timeout=10s'
+ - server: 'workbench.internal:9000 fail_timeout=10s'
### SITES
servers:
managed:
### DEFAULT
- arvados_workbench_default:
+ arvados_workbench_default.conf:
enabled: true
overwrite: true
config:
- server:
- - server_name: workbench.example.net
+ - server_name: workbench.fixme.example.net
- listen:
- 80
- location /.well-known:
- location /:
- return: '301 https://$host$request_uri'
- arvados_workbench:
+ arvados_workbench_ssl.conf:
enabled: true
overwrite: true
config:
- server:
- - server_name: workbench.example.net
+ - server_name: workbench.fixme.example.net
- listen:
- 443 http2 ssl
- index: index.html index.htm
- proxy_set_header: 'Host $http_host'
- proxy_set_header: 'X-Real-IP $remote_addr'
- proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
+ - include: 'snippets/ssl_hardening_default.conf'
# - include: 'snippets/letsencrypt.conf'
- - include: 'snippets/snakeoil.conf'
- - access_log: {{ nginx_log }}/workbench.example.net.access.log combined
- - error_log: {{ nginx_log }}/workbench.example.net.error.log
+ - include: 'snippets/ssl_snakeoil.conf'
+ - access_log: /var/log/nginx/workbench.fixme.example.net.access.log combined
+ - error_log: /var/log/nginx/workbench.fixme.example.net.error.log
- arvados_workbench_upstream:
+ arvados_workbench_upstream.conf:
enabled: true
overwrite: true
config:
- server:
- - listen: '127.0.0.1:9000'
+ - listen: 'workbench.internal:9000'
- server_name: workbench
- root: /var/www/arvados-workbench/current/public
- index: index.html index.htm
- - access_log: {{ nginx_log }}/workbench.example.net-upstream.access.log combined
- - error_log: {{ nginx_log }}/workbench.example.net-upstream.error.log
-
+ - passenger_enabled: 'on'
+ # yamllint disable-line rule:line-length
+ - access_log: /var/log/nginx/workbench.fixme.example.net-upstream.access.log combined
+ - error_log: /var/log/nginx/workbench.fixme.example.net-upstream.error.log