---
-{% set nginx_log = '/var/log/nginx' %}
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
### NGINX
nginx:
### SERVER
server:
config:
-
### STREAMS
http:
'geo $external_client':
default: 1
- '127.0.0.0/24': 0
+ '127.0.0.0/8': 0
upstream controller_upstream:
- - server: 'localhost:8003 fail_timeout=10s'
+ - server: 'controller.internal:8003 fail_timeout=10s'
### SITES
servers:
managed:
### DEFAULT
- arvados_controller_default:
+ arvados_controller_default.conf:
enabled: true
overwrite: true
config:
- server:
- - server_name: example.net api.example.net
+ - server_name: fixme.example.net
- listen:
- 80 default
- location /.well-known:
- location /:
- return: '301 https://$host$request_uri'
- arvados_controller:
+ arvados_controller_ssl.conf:
enabled: true
overwrite: true
config:
- server:
- - server_name: example.net
+ - server_name: fixme.example.net
- listen:
- 443 http2 ssl
- index: index.html index.htm
- proxy_set_header: 'X-Real-IP $remote_addr'
- proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
- proxy_set_header: 'X-External-Client $external_client'
+ - include: 'snippets/ssl_hardening_default.conf'
# - include: 'snippets/letsencrypt.conf'
- - include: 'snippets/snakeoil.conf'
- - access_log: {{ nginx_log }}/example.net.access.log combined
- - error_log: {{ nginx_log }}/example.net.error.log
+ - include: 'snippets/ssl_snakeoil.conf'
+ - access_log: /var/log/nginx/fixme.example.net.access.log combined
+ - error_log: /var/log/nginx/fixme.example.net.error.log
- client_max_body_size: 128m