1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: Apache-2.0
10 '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
11 '"$http_referer" "$http_user_agent"';
12 access_log "{{ACCESSLOG}}" customlog;
13 client_body_temp_path "{{TMPDIR}}";
14 proxy_temp_path "{{TMPDIR}}";
15 fastcgi_temp_path "{{TMPDIR}}";
16 uwsgi_temp_path "{{TMPDIR}}";
17 scgi_temp_path "{{TMPDIR}}";
19 server {{LISTENHOST}}:{{CONTROLLERPORT}};
22 listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl;
23 server_name controller ~.*;
24 ssl_certificate "{{SSLCERT}}";
25 ssl_certificate_key "{{SSLKEY}}";
26 client_max_body_size 0;
28 proxy_pass http://controller;
29 proxy_set_header Host $http_host;
30 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
31 proxy_set_header X-Forwarded-Proto https;
33 proxy_max_temp_file_size 0;
34 proxy_request_buffering off;
36 proxy_http_version 1.1;
39 upstream arv-git-http {
40 server {{LISTENHOST}}:{{GITPORT}};
43 listen {{LISTENHOST}}:{{GITSSLPORT}} ssl;
44 server_name arv-git-http git.*;
45 ssl_certificate "{{SSLCERT}}";
46 ssl_certificate_key "{{SSLKEY}}";
48 proxy_pass http://arv-git-http;
49 proxy_set_header Host $http_host;
50 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
51 proxy_set_header X-Forwarded-Proto https;
56 server {{LISTENHOST}}:{{KEEPPROXYPORT}};
59 listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl;
60 server_name keepproxy keep.*;
61 ssl_certificate "{{SSLCERT}}";
62 ssl_certificate_key "{{SSLKEY}}";
64 proxy_pass http://keepproxy;
65 proxy_set_header Host $http_host;
66 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
67 proxy_set_header X-Forwarded-Proto https;
70 client_max_body_size 67108864;
71 proxy_http_version 1.1;
72 proxy_request_buffering off;
76 server {{LISTENHOST}}:{{KEEPWEBPORT}};
79 listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl;
80 server_name keep-web collections.* ~\.collections\.;
81 ssl_certificate "{{SSLCERT}}";
82 ssl_certificate_key "{{SSLKEY}}";
84 proxy_pass http://keep-web;
85 proxy_set_header Host $http_host;
86 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
87 proxy_set_header X-Forwarded-Proto https;
90 client_max_body_size 0;
91 proxy_http_version 1.1;
92 proxy_request_buffering off;
96 server {{LISTENHOST}}:{{HEALTHPORT}};
99 listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl;
100 server_name health health.*;
101 ssl_certificate "{{SSLCERT}}";
102 ssl_certificate_key "{{SSLKEY}}";
104 proxy_pass http://health;
105 proxy_set_header Host $http_host;
106 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
107 proxy_set_header X-Forwarded-Proto https;
110 proxy_http_version 1.1;
111 proxy_request_buffering off;
115 listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl;
116 server_name keep-web-dl download.* ~.*;
117 ssl_certificate "{{SSLCERT}}";
118 ssl_certificate_key "{{SSLKEY}}";
120 proxy_pass http://keep-web;
121 proxy_set_header Host $http_host;
122 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
123 proxy_set_header X-Forwarded-Proto https;
126 client_max_body_size 0;
127 proxy_http_version 1.1;
128 proxy_request_buffering off;
132 server {{LISTENHOST}}:{{WSPORT}};
135 listen {{LISTENHOST}}:{{WSSSLPORT}} ssl;
136 server_name websocket ws.*;
137 ssl_certificate "{{SSLCERT}}";
138 ssl_certificate_key "{{SSLKEY}}";
140 proxy_pass http://ws;
141 proxy_set_header Upgrade $http_upgrade;
142 proxy_set_header Connection "upgrade";
143 proxy_set_header Host $http_host;
144 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
145 proxy_set_header X-Forwarded-Proto https;
149 upstream workbench1 {
150 server {{LISTENHOST}}:{{WORKBENCH1PORT}};
153 listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl;
154 server_name workbench1 workbench1.* workbench.*;
155 ssl_certificate "{{SSLCERT}}";
156 ssl_certificate_key "{{SSLKEY}}";
158 proxy_pass http://workbench1;
159 proxy_set_header Host $http_host;
160 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
161 proxy_set_header X-Forwarded-Proto https;
165 upstream workbench2 {
166 server {{LISTENHOST}}:{{WORKBENCH2PORT}};
169 listen {{LISTENHOST}}:{{WORKBENCH2SSLPORT}} ssl;
170 server_name workbench2 workbench2.*;
171 ssl_certificate "{{SSLCERT}}";
172 ssl_certificate_key "{{SSLKEY}}";
174 proxy_pass http://workbench2;
175 proxy_set_header Host $http_host;
176 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
177 proxy_set_header X-Forwarded-Proto https;