tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_webshell_configuration.sls

   1 ---
   2 # Copyright (C) The Arvados Authors. All rights reserved.
   3 #
   4 # SPDX-License-Identifier: AGPL-3.0
   5
   6 ### NGINX
   7 nginx:
   8   ### SERVER
   9   server:
  10     config:
  11
  12       ### STREAMS
  13       http:
  14         upstream webshell_upstream:
  15           - server: '__IP_INT__:4200 fail_timeout=10s'
  16
  17   ### SITES
  18   servers:
  19     managed:
  20       arvados_webshell_ssl.conf:
  21         enabled: true
  22         overwrite: true
  23         requires:
  24           __CERT_REQUIRES__
  25         config:
  26           - server:
  27             - server_name: __HOSTNAME_EXT__
  28             - listen:
  29               - __WEBSHELL_EXT_SSL_PORT__ http2 ssl
  30             - index: index.html index.htm
  31             - location /__HOSTNAME_EXT__:
  32               - proxy_pass: 'http://webshell_upstream'
  33               - proxy_read_timeout: 90
  34               - proxy_connect_timeout: 90
  35               - proxy_set_header: 'Host $http_host'
  36               - proxy_set_header: 'X-Real-IP $remote_addr'
  37               - proxy_set_header: X-Forwarded-Proto https
  38               - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
  39               - proxy_ssl_session_reuse: 'off'
  40
  41               - "if ($request_method = 'OPTIONS')":
  42                 - add_header: "'Access-Control-Allow-Origin' '*'"
  43                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
  44                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
  45                 - add_header: "'Access-Control-Max-Age' 1728000"
  46                 - add_header: "'Content-Type' 'text/plain charset=UTF-8'"
  47                 - add_header: "'Content-Length' 0"
  48                 - return: 204
  49
  50               - "if ($request_method = 'POST')":
  51                 - add_header: "'Access-Control-Allow-Origin' '*'"
  52                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
  53                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
  54
  55               - "if ($request_method = 'GET')":
  56                 - add_header: "'Access-Control-Allow-Origin' '*'"
  57                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
  58                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
  59
  60             - include: snippets/ssl_hardening_default.conf
  61             - ssl_certificate: __CERT_PEM__
  62             - ssl_certificate_key: __CERT_KEY__
  63             - access_log: /var/log/nginx/webshell.__CLUSTER__.__DOMAIN__.access.log combined
  64             - error_log: /var/log/nginx/webshell.__CLUSTER__.__DOMAIN__.error.log
  65