# SPDX-License-Identifier: Apache-2.0
server {
- listen 0.0.0.0:3002;
- server_name insecure-sso;
+ listen 127.0.0.1:9000;
+ server_name localhost-sso;
root /var/www/arvados-sso/current/public;
index index.html index.htm index.php;
passenger_enabled on;
# If you're using RVM, uncomment the line below.
passenger_ruby /usr/local/rvm/wrappers/default/ruby;
+
+ # `client_max_body_size` should match the corresponding setting in
+ # the API server's Nginx configuration.
+ client_max_body_size 128m;
+}
+
+upstream sso {
+ server 127.0.0.1:9000 fail_timeout=10s;
+}
+
+proxy_http_version 1.1;
+
+server {
+ listen 0.0.0.0:3002 ssl;
+ server_name public-sso;
+
+ ssl on;
+ ssl_certificate /etc/ssl/certs/sso.pem;
+ ssl_certificate_key /etc/ssl/private/sso.key;
+
+ index index.html index.htm index.php;
+ # `client_max_body_size` should match the corresponding setting in
+ # the API server's Nginx configuration.
+ client_max_body_size 128m;
+
+ location / {
+ proxy_pass http://sso;
+ proxy_redirect off;
+ proxy_connect_timeout 90s;
+ proxy_read_timeout 300s;
+
+ proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
}