1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: Apache-2.0
10 '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
11 '"$http_referer" "$http_user_agent"';
12 access_log "{{ACCESSLOG}}" customlog;
13 client_body_temp_path "{{TMPDIR}}";
14 proxy_temp_path "{{TMPDIR}}";
15 fastcgi_temp_path "{{TMPDIR}}";
16 uwsgi_temp_path "{{TMPDIR}}";
17 scgi_temp_path "{{TMPDIR}}";
19 server {{LISTENHOST}}:{{CONTROLLERPORT}};
22 listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl;
23 server_name controller ~.*;
24 ssl_certificate "{{SSLCERT}}";
25 ssl_certificate_key "{{SSLKEY}}";
26 client_max_body_size 0;
28 proxy_pass http://controller;
29 proxy_set_header Host $http_host;
30 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
31 proxy_set_header X-Forwarded-Proto https;
35 upstream arv-git-http {
36 server {{LISTENHOST}}:{{GITPORT}};
39 listen {{LISTENHOST}}:{{GITSSLPORT}} ssl;
40 server_name arv-git-http git.*;
41 ssl_certificate "{{SSLCERT}}";
42 ssl_certificate_key "{{SSLKEY}}";
44 proxy_pass http://arv-git-http;
45 proxy_set_header Host $http_host;
46 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
47 proxy_set_header X-Forwarded-Proto https;
52 server {{LISTENHOST}}:{{KEEPPROXYPORT}};
55 listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl;
56 server_name keepproxy keep.*;
57 ssl_certificate "{{SSLCERT}}";
58 ssl_certificate_key "{{SSLKEY}}";
60 proxy_pass http://keepproxy;
61 proxy_set_header Host $http_host;
62 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
63 proxy_set_header X-Forwarded-Proto https;
66 proxy_http_version 1.1;
67 proxy_request_buffering off;
71 server {{LISTENHOST}}:{{KEEPWEBPORT}};
74 listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl;
75 server_name keep-web collections.* ~\.collections\.;
76 ssl_certificate "{{SSLCERT}}";
77 ssl_certificate_key "{{SSLKEY}}";
79 proxy_pass http://keep-web;
80 proxy_set_header Host $http_host;
81 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
82 proxy_set_header X-Forwarded-Proto https;
85 client_max_body_size 0;
86 proxy_http_version 1.1;
87 proxy_request_buffering off;
91 server {{LISTENHOST}}:{{HEALTHPORT}};
94 listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl;
95 server_name health health.*;
96 ssl_certificate "{{SSLCERT}}";
97 ssl_certificate_key "{{SSLKEY}}";
99 proxy_pass http://health;
100 proxy_set_header Host $http_host;
101 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
102 proxy_set_header X-Forwarded-Proto https;
105 proxy_http_version 1.1;
106 proxy_request_buffering off;
110 listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl;
111 server_name keep-web-dl download.* ~.*;
112 ssl_certificate "{{SSLCERT}}";
113 ssl_certificate_key "{{SSLKEY}}";
115 proxy_pass http://keep-web;
116 proxy_set_header Host $http_host;
117 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
118 proxy_set_header X-Forwarded-Proto https;
121 client_max_body_size 0;
122 proxy_http_version 1.1;
123 proxy_request_buffering off;
127 server {{LISTENHOST}}:{{WSPORT}};
130 listen {{LISTENHOST}}:{{WSSSLPORT}} ssl;
131 server_name websocket ws.*;
132 ssl_certificate "{{SSLCERT}}";
133 ssl_certificate_key "{{SSLKEY}}";
135 proxy_pass http://ws;
136 proxy_set_header Upgrade $http_upgrade;
137 proxy_set_header Connection "upgrade";
138 proxy_set_header Host $http_host;
139 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
140 proxy_set_header X-Forwarded-Proto https;
144 upstream workbench1 {
145 server {{LISTENHOST}}:{{WORKBENCH1PORT}};
148 listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl;
149 server_name workbench1 workbench1.* workbench.*;
150 ssl_certificate "{{SSLCERT}}";
151 ssl_certificate_key "{{SSLKEY}}";
153 proxy_pass http://workbench1;
154 proxy_set_header Host $http_host;
155 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
156 proxy_set_header X-Forwarded-Proto https;
161 listen {{LISTENHOST}}:{{WORKBENCH2SSLPORT}} ssl;
162 server_name workbench2 workbench2.*;
163 ssl_certificate "{{SSLCERT}}";
164 ssl_certificate_key "{{SSLKEY}}";
165 location /config.json {
166 return 200 '{ "API_HOST": "{{ARVADOS_API_HOST}}" }';
169 root /var/lib/arvados/workbench2;
171 try_files $uri $uri/ /index.html;