sdk/python/tests/nginx.conf

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: Apache-2.0
   4
   5 daemon off;
   6 error_log "{{ERRORLOG}}" info;          # Yes, must be specified here _and_ cmdline
   7 events {
   8 }
   9 http {
  10   log_format customlog
  11     '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
  12     '"$http_referer" "$http_user_agent"';
  13   access_log "{{ACCESSLOG}}" customlog;
  14   client_body_temp_path "{{TMPDIR}}/nginx";
  15   proxy_temp_path "{{TMPDIR}}/nginx";
  16   fastcgi_temp_path "{{TMPDIR}}/nginx";
  17   uwsgi_temp_path "{{TMPDIR}}/nginx";
  18   scgi_temp_path "{{TMPDIR}}/nginx";
  19   upstream controller {
  20     server {{LISTENHOST}}:{{CONTROLLERPORT}};
  21   }
  22   server {
  23     listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl;
  24     server_name controller ~.*;
  25     ssl_certificate "{{SSLCERT}}";
  26     ssl_certificate_key "{{SSLKEY}}";
  27     client_max_body_size 0;
  28     location  / {
  29       proxy_pass http://controller;
  30       proxy_set_header Host $http_host;
  31       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  32       proxy_set_header X-Forwarded-Proto https;
  33       proxy_redirect off;
  34     }
  35   }
  36   upstream arv-git-http {
  37     server {{LISTENHOST}}:{{GITPORT}};
  38   }
  39   server {
  40     listen {{LISTENHOST}}:{{GITSSLPORT}} ssl;
  41     server_name arv-git-http git.*;
  42     ssl_certificate "{{SSLCERT}}";
  43     ssl_certificate_key "{{SSLKEY}}";
  44     location  / {
  45       proxy_pass http://arv-git-http;
  46       proxy_set_header Host $http_host;
  47       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  48       proxy_set_header X-Forwarded-Proto https;
  49       proxy_redirect off;
  50     }
  51   }
  52   upstream keepproxy {
  53     server {{LISTENHOST}}:{{KEEPPROXYPORT}};
  54   }
  55   server {
  56     listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl;
  57     server_name keepproxy keep.*;
  58     ssl_certificate "{{SSLCERT}}";
  59     ssl_certificate_key "{{SSLKEY}}";
  60     location  / {
  61       proxy_pass http://keepproxy;
  62       proxy_set_header Host $http_host;
  63       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  64       proxy_set_header X-Forwarded-Proto https;
  65       proxy_redirect off;
  66
  67       proxy_http_version 1.1;
  68       proxy_request_buffering off;
  69     }
  70   }
  71   upstream keep-web {
  72     server {{LISTENHOST}}:{{KEEPWEBPORT}};
  73   }
  74   server {
  75     listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl;
  76     server_name keep-web collections.* ~\.collections\.;
  77     ssl_certificate "{{SSLCERT}}";
  78     ssl_certificate_key "{{SSLKEY}}";
  79     location  / {
  80       proxy_pass http://keep-web;
  81       proxy_set_header Host $http_host;
  82       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  83       proxy_set_header X-Forwarded-Proto https;
  84       proxy_redirect off;
  85
  86       client_max_body_size 0;
  87       proxy_http_version 1.1;
  88       proxy_request_buffering off;
  89     }
  90   }
  91   upstream health {
  92     server {{LISTENHOST}}:{{HEALTHPORT}};
  93   }
  94   server {
  95     listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl;
  96     server_name health health.*;
  97     ssl_certificate "{{SSLCERT}}";
  98     ssl_certificate_key "{{SSLKEY}}";
  99     location  / {
 100       proxy_pass http://health;
 101       proxy_set_header Host $http_host;
 102       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 103       proxy_set_header X-Forwarded-Proto https;
 104       proxy_redirect off;
 105
 106       proxy_http_version 1.1;
 107       proxy_request_buffering off;
 108     }
 109   }
 110   server {
 111     listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl;
 112     server_name keep-web-dl download.* ~.*;
 113     ssl_certificate "{{SSLCERT}}";
 114     ssl_certificate_key "{{SSLKEY}}";
 115     location  / {
 116       proxy_pass http://keep-web;
 117       proxy_set_header Host $http_host;
 118       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 119       proxy_set_header X-Forwarded-Proto https;
 120       proxy_redirect off;
 121
 122       client_max_body_size 0;
 123       proxy_http_version 1.1;
 124       proxy_request_buffering off;
 125     }
 126   }
 127   upstream ws {
 128     server {{LISTENHOST}}:{{WSPORT}};
 129   }
 130   server {
 131     listen {{LISTENHOST}}:{{WSSSLPORT}} ssl;
 132     server_name websocket ws.*;
 133     ssl_certificate "{{SSLCERT}}";
 134     ssl_certificate_key "{{SSLKEY}}";
 135     location  / {
 136       proxy_pass http://ws;
 137       proxy_set_header Upgrade $http_upgrade;
 138       proxy_set_header Connection "upgrade";
 139       proxy_set_header Host $http_host;
 140       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 141       proxy_set_header X-Forwarded-Proto https;
 142       proxy_redirect off;
 143     }
 144   }
 145   upstream workbench1 {
 146     server {{LISTENHOST}}:{{WORKBENCH1PORT}};
 147   }
 148   server {
 149     listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl;
 150     server_name workbench1 workbench.*;
 151     ssl_certificate "{{SSLCERT}}";
 152     ssl_certificate_key "{{SSLKEY}}";
 153     location  / {
 154       proxy_pass http://workbench1;
 155       proxy_set_header Host $http_host;
 156       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 157       proxy_set_header X-Forwarded-Proto https;
 158       proxy_redirect off;
 159     }
 160   }
 161 }