2 # Copyright (C) The Arvados Authors. All rights reserved.
4 # SPDX-License-Identifier: AGPL-3.0
9 . /usr/local/lib/arvbox/common.sh
11 openssl verify -CAfile $root_cert $server_cert
13 cat <<EOF >/var/lib/arvados/nginx.conf
14 worker_processes auto;
15 pid /var/lib/arvados/nginx.pid;
22 worker_connections 64;
27 include /etc/nginx/mime.types;
28 default_type application/octet-stream;
29 client_max_body_size 128M;
31 geo \$external_client {
38 listen ${services[doc]} default_server;
39 listen [::]:${services[doc]} default_server;
40 root /usr/src/arvados/doc/.site;
46 listen 80 default_server;
48 return 301 https://\$host\$request_uri;
52 server localhost:${services[controller]};
55 listen *:${services[controller-ssl]} ssl default_server;
56 server_name controller;
57 ssl_certificate "${server_cert}";
58 ssl_certificate_key "${server_cert_key}";
60 proxy_pass http://controller;
61 proxy_set_header Host \$http_host;
62 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
63 proxy_set_header X-Forwarded-Proto https;
64 proxy_set_header X-External-Client \$external_client;
70 server localhost:${services[websockets]};
73 listen *:${services[websockets-ssl]} ssl default_server;
74 server_name websockets;
76 proxy_connect_timeout 90s;
77 proxy_read_timeout 300s;
80 ssl_certificate "${server_cert}";
81 ssl_certificate_key "${server_cert_key}";
84 proxy_pass http://arvados-ws;
85 proxy_set_header Upgrade \$http_upgrade;
86 proxy_set_header Connection "upgrade";
87 proxy_set_header Host \$http_host;
88 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
93 server localhost:${services[workbench2]};
96 listen *:${services[workbench2-ssl]} ssl default_server;
97 server_name workbench2;
98 ssl_certificate "${server_cert}";
99 ssl_certificate_key "${server_cert_key}";
101 proxy_pass http://workbench2;
102 proxy_set_header Host \$http_host;
103 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
104 proxy_set_header X-Forwarded-Proto https;
107 location /sockjs-node {
108 proxy_pass http://workbench2;
109 proxy_set_header Upgrade \$http_upgrade;
110 proxy_set_header Connection "upgrade";
111 proxy_set_header Host \$http_host;
112 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
117 server localhost:${services[keep-web]};
120 listen *:${services[keep-web-ssl]} ssl default_server;
121 server_name keep-web;
122 ssl_certificate "${server_cert}";
123 ssl_certificate_key "${server_cert_key}";
124 client_max_body_size 0;
126 proxy_pass http://keep-web;
127 proxy_set_header Host \$http_host;
128 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
129 proxy_set_header X-Forwarded-Proto https;
136 server localhost:${services[keepproxy]};
139 listen *:${services[keepproxy-ssl]} ssl default_server;
140 server_name keepproxy;
141 ssl_certificate "${server_cert}";
142 ssl_certificate_key "${server_cert_key}";
143 client_max_body_size 128M;
145 proxy_pass http://keepproxy;
146 proxy_set_header Host \$http_host;
147 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
148 proxy_set_header X-Forwarded-Proto https;
153 upstream arvados-git-httpd {
154 server localhost:${services[arv-git-httpd]};
157 listen *:${services[arv-git-httpd-ssl]} ssl default_server;
158 server_name arvados-git-httpd;
159 proxy_connect_timeout 90s;
160 proxy_read_timeout 300s;
163 ssl_certificate "${server_cert}";
164 ssl_certificate_key "${server_cert_key}";
165 client_max_body_size 50m;
168 proxy_pass http://arvados-git-httpd;
169 proxy_set_header Host \$http_host;
170 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
171 proxy_set_header X-Forwarded-Proto https;
180 exec nginx -c /var/lib/arvados/nginx.conf