sdk/python/tests/nginx.conf

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: Apache-2.0
   4
   5 daemon off;
   6 error_log "{{ERRORLOG}}" info;          # Yes, must be specified here _and_ cmdline
   7 events {
   8 }
   9 http {
  10   log_format customlog
  11     '[$time_local] $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
  12     '"$http_referer" "$http_user_agent"';
  13   access_log "{{ACCESSLOG}}" customlog;
  14   client_body_temp_path "{{TMPDIR}}";
  15   upstream arv-git-http {
  16     server localhost:{{GITPORT}};
  17   }
  18   server {
  19     listen *:{{GITSSLPORT}} ssl default_server;
  20     server_name arv-git-http;
  21     ssl_certificate "{{SSLCERT}}";
  22     ssl_certificate_key "{{SSLKEY}}";
  23     location  / {
  24       proxy_pass http://arv-git-http;
  25       proxy_set_header Host $http_host;
  26       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  27       proxy_set_header X-Forwarded-Proto https;
  28       proxy_redirect off;
  29     }
  30   }
  31   upstream keepproxy {
  32     server localhost:{{KEEPPROXYPORT}};
  33   }
  34   server {
  35     listen *:{{KEEPPROXYSSLPORT}} ssl default_server;
  36     server_name keepproxy;
  37     ssl_certificate "{{SSLCERT}}";
  38     ssl_certificate_key "{{SSLKEY}}";
  39     location  / {
  40       proxy_pass http://keepproxy;
  41       proxy_set_header Host $http_host;
  42       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  43       proxy_set_header X-Forwarded-Proto https;
  44       proxy_redirect off;
  45     }
  46   }
  47   upstream keep-web {
  48     server localhost:{{KEEPWEBPORT}};
  49   }
  50   server {
  51     listen *:{{KEEPWEBSSLPORT}} ssl default_server;
  52     server_name keep-web;
  53     ssl_certificate "{{SSLCERT}}";
  54     ssl_certificate_key "{{SSLKEY}}";
  55     location  / {
  56       proxy_pass http://keep-web;
  57       proxy_set_header Host $http_host;
  58       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  59       proxy_set_header X-Forwarded-Proto https;
  60       proxy_redirect off;
  61     }
  62   }
  63   server {
  64     listen *:{{KEEPWEBDLSSLPORT}} ssl default_server;
  65     server_name keep-web-dl ~.*;
  66     ssl_certificate "{{SSLCERT}}";
  67     ssl_certificate_key "{{SSLKEY}}";
  68     location  / {
  69       proxy_pass http://keep-web;
  70       proxy_set_header Host download:{{KEEPWEBPORT}};
  71       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  72       proxy_set_header X-Forwarded-Proto https;
  73       proxy_redirect https://download:{{KEEPWEBPORT}}/ https://$host:{{KEEPWEBDLSSLPORT}}/;
  74     }
  75   }
  76   upstream ws {
  77     server localhost:{{WSPORT}};
  78   }
  79   server {
  80     listen *:{{WSSPORT}} ssl default_server;
  81     server_name websocket;
  82     ssl_certificate "{{SSLCERT}}";
  83     ssl_certificate_key "{{SSLKEY}}";
  84     location  / {
  85       proxy_pass http://ws;
  86       proxy_set_header Upgrade $http_upgrade;
  87       proxy_set_header Connection "upgrade";
  88       proxy_set_header Host $http_host;
  89       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  90       proxy_set_header X-Forwarded-Proto https;
  91       proxy_redirect off;
  92     }
  93   }
  94   upstream controller {
  95     server localhost:{{CONTROLLERPORT}};
  96   }
  97   server {
  98     listen *:{{CONTROLLERSSLPORT}} ssl default_server;
  99     server_name controller;
 100     ssl_certificate "{{SSLCERT}}";
 101     ssl_certificate_key "{{SSLKEY}}";
 102     location  / {
 103       proxy_pass http://controller;
 104       proxy_set_header Host $http_host;
 105       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 106       proxy_set_header X-Forwarded-Proto https;
 107       proxy_redirect off;
 108     }
 109   }
 110 }