X-Git-Url: https://git.arvados.org/arvados-formula.git/blobdiff_plain/06050e0a5377d3d6a4c54c7f50fe53a06a07c837..257615eab47f9d4bf64694dc0aac9dfff4e8edc4:/test/salt/pillar/examples/nginx_workbench_configuration.sls

diff --git a/test/salt/pillar/examples/nginx_workbench_configuration.sls b/test/salt/pillar/examples/nginx_workbench_configuration.sls
index 59cec20..e34ad2d 100644
--- a/test/salt/pillar/examples/nginx_workbench_configuration.sls
+++ b/test/salt/pillar/examples/nginx_workbench_configuration.sls
@@ -1,32 +1,27 @@
 ---
-{% set nginx_log = '/var/log/nginx' %}
+{%- if grains.os_family in ('RedHat',) %}
+  {%- set group = 'nginx' %}
+{%- else %}
+  {%- set group = 'www-data' %}
+{%- endif %}
 
 ### ARVADOS
 arvados:
   config:
-    group: www-data
+    group: {{ group }}
 
 ### NGINX
 nginx:
-  ### SERVER
-  server:
-    config:
-
-      ### STREAMS
-      http:
-        upstream workbench_upstream:
-          - server: '127.0.0.1:9000 fail_timeout=10s'
-
   ### SITES
   servers:
     managed:
       ### DEFAULT
-      arvados_workbench_default:
+      arvados_workbench_default.conf:
         enabled: true
         overwrite: true
         config:
           - server:
-            - server_name: workbench.example.net
+            - server_name: workbench.fixme.example.net
             - listen:
               - 80
             - location /.well-known:
@@ -34,38 +29,22 @@ nginx:
             - location /:
               - return: '301 https://$host$request_uri'
 
-      arvados_workbench:
+      arvados_workbench_ssl.conf:
         enabled: true
         overwrite: true
         config:
           - server:
-            - server_name: workbench.example.net
+            - server_name: workbench.fixme.example.net
             - listen:
               - 443 http2 ssl
             - index: index.html index.htm
             - location /:
-              - proxy_pass: 'http://workbench_upstream'
-              - proxy_read_timeout: 300
-              - proxy_connect_timeout: 90
-              - proxy_redirect: 'off'
-              - proxy_set_header: X-Forwarded-Proto https
-              - proxy_set_header: 'Host $http_host'
-              - proxy_set_header: 'X-Real-IP $remote_addr'
-              - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
-            # - include: 'snippets/letsencrypt.conf'
-            - include: 'snippets/snakeoil.conf'
-            - access_log: {{ nginx_log }}/workbench.example.net.access.log combined
-            - error_log: {{ nginx_log }}/workbench.example.net.error.log
-
-      arvados_workbench_upstream:
-        enabled: true
-        overwrite: true
-        config:
-          - server:
-            - listen: '127.0.0.1:9000'
-            - server_name: workbench
             - root: /var/www/arvados-workbench/current/public
-            - index:  index.html index.htm
-            - access_log: {{ nginx_log }}/workbench.example.net-upstream.access.log combined
-            - error_log: {{ nginx_log }}/workbench.example.net-upstream.error.log
+            - passenger_enabled: 'on'
+            - include: 'snippets/ssl_hardening_default.conf'
+            # - include: 'snippets/letsencrypt.conf'
+            - include: 'snippets/ssl_snakeoil.conf'
+            # yamllint disable-line rule:line-length
+            - access_log: /var/log/nginx/workbench.fixme.example.net.access.log combined
+            - error_log: /var/log/nginx/workbench.fixme.example.net.error.log