---
+# This parameter will be used here to generate a list of upstreams and vhosts.
+# This dict is here for convenience and should be managed some other way, but the
+# different ways of orchestration that can be used for this are outside the scope
+# of this formula and their examples.
+# These upstreams should match those defined in `arvados:cluster:resources:virtual_machines`
+{% set webshell_virtual_machines = {
+ 'shell1': {
+ 'name': 'webshell1',
+ 'backend': '1.2.3.4',
+ 'port': 4200,
+ },
+ 'shell.internal': {},
+ 'webshell3': {
+ 'backend': '4.3.2.1',
+ 'port': 4500,
+ }
+}
+%}
+
### NGINX
nginx:
### SERVER
server:
config:
-
### STREAMS
http:
- {%- for shell_node, params in %}
- upstream webshell_upstream:
- - server: 'shell.internal:4200 fail_timeout=10s'
+ {%- for vm, params in webshell_virtual_machines.items() %}
+ {%- set vm_name = params.name | default(vm) %}
+ {%- set vm_backend = params.backend | default(vm_name) %}
+ {%- set vm_port = params.port | default(4200) %}
+
+ upstream {{ vm_name }}_upstream:
+ - server: '{{ vm_backend }}:{{ vm_port }} fail_timeout=10s'
+
+ {%- endfor %}
### SITES
servers:
- listen:
- 443 http2 ssl
- index: index.html index.htm
- - location /shell.fixme.example.net:
- - proxy_pass: 'http://webshell_upstream'
+ {%- for vm, params in webshell_virtual_machines.items() %}
+ {%- set vm_name = params.name | default(vm) %}
+ - location /{{ vm_name }}:
+ - proxy_pass: 'http://{{ vm_name }}_upstream'
- proxy_read_timeout: 90
- proxy_connect_timeout: 90
- proxy_set_header: 'Host $http_host'
- add_header: "'Access-Control-Allow-Origin' '*'"
- add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
- add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
+ {%- endfor %}
- include: 'snippets/ssl_hardening_default.conf'
# - include: 'snippets/letsencrypt.conf'
- include: 'snippets/ssl_snakeoil.conf'
- server_name: workbench.fixme.example.net
- listen:
- 443 http2 ssl
- - index: index.html index.htm
- - location /:
- root: /var/www/arvados-workbench/current/public
- passenger_enabled: 'on'
+ - index: index.html index.htm
- include: 'snippets/ssl_hardening_default.conf'
# - include: 'snippets/letsencrypt.conf'
- include: 'snippets/ssl_snakeoil.conf'