X-Git-Url: https://git.arvados.org/arvados-formula.git/blobdiff_plain/06050e0a5377d3d6a4c54c7f50fe53a06a07c837..6c52de7:/test/salt/pillar/examples/nginx_keepweb_configuration.sls

diff --git a/test/salt/pillar/examples/nginx_keepweb_configuration.sls b/test/salt/pillar/examples/nginx_keepweb_configuration.sls
index 42a7240..1250d89 100644
--- a/test/salt/pillar/examples/nginx_keepweb_configuration.sls
+++ b/test/salt/pillar/examples/nginx_keepweb_configuration.sls
@@ -1,6 +1,4 @@
 ---
-{% set nginx_log = '/var/log/nginx' %}
-
 ### NGINX
 nginx:
   ### SERVER
@@ -9,17 +7,17 @@ nginx:
       ### STREAMS
       http:
         upstream collections_downloads_upstream:
-          - server: '127.0.0.1:9002 fail_timeout=10s'
+          - server: 'collections.internal:9002 fail_timeout=10s'
 
   servers:
     managed:
       ### DEFAULT
-      arvados_collections_default:
+      arvados_collections_download_default.conf:
         enabled: true
         overwrite: true
         config:
           - server:
-            - server_name: collections.example.net download.example.net
+            - server_name: collections.fixme.example.net download.fixme.example.net
             - listen:
               - 80
             - location /.well-known:
@@ -28,12 +26,12 @@ nginx:
               - return: '301 https://$host$request_uri'
 
       ### COLLECTIONS / DOWNLOAD
-      arvados_collections_downloads:
+      arvados_collections_download_ssl.conf:
         enabled: true
         overwrite: true
         config:
           - server:
-            - server_name: collections.example.net download.example.net
+            - server_name: collections.fixme.example.net download.fixme.example.net
             - listen:
               - 443 http2 ssl
             - index: index.html index.htm
@@ -50,7 +48,8 @@ nginx:
             - client_max_body_size: 0
             - proxy_http_version: '1.1'
             - proxy_request_buffering: 'off'
+            - include: 'snippets/ssl_hardening_default.conf'
             # - include: 'snippets/letsencrypt.conf'
-            - include: 'snippets/snakeoil.conf'
-            - access_log: {{ nginx_log }}/collections.example.net.access.log combined
-            - error_log: {{ nginx_log }}/collections.example.net.error.log
+            - include: 'snippets/ssl_snakeoil.conf'
+            - access_log: /var/log/nginx/collections.fixme.example.net.access.log combined
+            - error_log: /var/log/nginx/collections.fixme.example.net.error.log