helm: Convert the SSO server to be served over SSL.
[arvados-k8s.git] / arvados / config / sso / nginx.conf
1 # Copyright (C) The Arvados Authors. All rights reserved.
2 #
3 # SPDX-License-Identifier: Apache-2.0
4
5 server {
6   listen 127.0.0.1:9000;
7   server_name localhost-sso;
8
9   root /var/www/arvados-sso/current/public;
10   index  index.html index.htm index.php;
11
12   passenger_enabled on;
13   # If you're using RVM, uncomment the line below.
14   passenger_ruby /usr/local/rvm/wrappers/default/ruby;
15
16   # `client_max_body_size` should match the corresponding setting in
17   # the API server's Nginx configuration.
18   client_max_body_size 128m;
19 }
20
21 upstream sso {
22   server     127.0.0.1:9000  fail_timeout=10s;
23 }
24
25 proxy_http_version 1.1;
26
27 server {
28   listen       0.0.0.0:3002 ssl;
29   server_name  public-sso;
30
31   ssl on;
32   ssl_certificate     /etc/ssl/certs/sso.pem;
33   ssl_certificate_key /etc/ssl/private/sso.key;
34
35   index  index.html index.htm index.php;
36   # `client_max_body_size` should match the corresponding setting in
37   # the API server's Nginx configuration.
38   client_max_body_size 128m;
39
40   location / {
41     proxy_pass            http://sso;
42     proxy_redirect        off;
43     proxy_connect_timeout 90s;
44     proxy_read_timeout    300s;
45
46     proxy_set_header      X-Forwarded-Proto https;
47     proxy_set_header      Host $http_host;
48     proxy_set_header      X-Real-IP $remote_addr;
49     proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
50   }
51 }