Update the nginx config for the keep-proxy-https pod.

No issue #

Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <wvandewege@veritasgenetics.com>

diff --git a/charts/arvados/templates/keep-proxy-https.yaml b/charts/arvados/templates/keep-proxy-https.yaml
index 9c6b1af55d1060faefb2c2af476c10765a81eda8..cc53d829b6a8470f0d9c32bfacd48950abaa02c1 100644 (file)
--- a/charts/arvados/templates/keep-proxy-https.yaml
+++ b/charts/arvados/templates/keep-proxy-https.yaml
@@ -65,26 +65,26 @@ data:
       listen                0.0.0.0:25107 ssl;
       server_name           arvados-keep-proxy-https;
     
-      proxy_connect_timeout 90s;
-      proxy_read_timeout    300s;
-      proxy_set_header      X-Real-IP $remote_addr;
-    
       ssl                   on;
       ssl_certificate       /etc/nginx/ssl.crt;
       ssl_certificate_key   /etc/nginx/ssl.key;
     
       # Clients need to be able to upload blocks of data up to 64MiB in size.
+      client_body_buffer_size 64M;
       client_max_body_size  64m;
     
       # Redirect plain HTTP requests to HTTPS.
       error_page 497 301 =307 https://$host:$server_port$request_uri;
     
       location / {
-        proxy_pass          http://httpContainer;
-        proxy_set_header    Upgrade         $http_upgrade;
-        proxy_set_header    Connection      "upgrade";
-        proxy_set_header    Host            $host:$server_port;
-        proxy_set_header    X-Forwarded-For $remote_addr;
+        proxy_pass            http://httpContainer;
+        proxy_connect_timeout 90s;
+        proxy_read_timeout    300s;
+        proxy_redirect        off;
+        proxy_set_header      X-Forwarded-Proto https;
+        proxy_set_header      Host $host:$server_port;
+        proxy_set_header      X-Real-IP $remote_addr;
+        proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
       }
     }
 ---