tools/arvbox/lib/arvbox/docker/service/nginx/run

   1 #!/bin/bash
   2 # Copyright (C) The Arvados Authors. All rights reserved.
   3 #
   4 # SPDX-License-Identifier: AGPL-3.0
   5
   6 exec 2>&1
   7 set -ex -o pipefail
   8
   9 . /usr/local/lib/arvbox/common.sh
  10
  11 openssl verify -CAfile $root_cert $server_cert
  12
  13 cat <<EOF >/var/lib/arvados/nginx.conf
  14 worker_processes auto;
  15 pid /var/lib/arvados/nginx.pid;
  16
  17 error_log stderr;
  18 daemon off;
  19 user arvbox;
  20
  21 events {
  22         worker_connections 64;
  23 }
  24
  25 http {
  26      access_log off;
  27      include /etc/nginx/mime.types;
  28      default_type application/octet-stream;
  29      client_max_body_size 128M;
  30
  31      server {
  32             listen ${services[doc]} default_server;
  33             listen [::]:${services[doc]} default_server;
  34             root /usr/src/arvados/doc/.site;
  35             index index.html;
  36             server_name _;
  37      }
  38
  39   server {
  40     listen 80 default_server;
  41     server_name _;
  42     return 301 https://\$host\$request_uri;
  43   }
  44
  45   upstream controller {
  46     server localhost:${services[controller]};
  47   }
  48   server {
  49     listen *:${services[controller-ssl]} ssl default_server;
  50     server_name controller;
  51     ssl_certificate "${server_cert}";
  52     ssl_certificate_key "${server_cert_key}";
  53     location  / {
  54       proxy_pass http://controller;
  55       proxy_set_header Host \$http_host;
  56       proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
  57       proxy_set_header X-Forwarded-Proto https;
  58       proxy_redirect off;
  59     }
  60   }
  61
  62 upstream arvados-ws {
  63   server localhost:${services[websockets]};
  64 }
  65 server {
  66   listen *:${services[websockets-ssl]} ssl default_server;
  67   server_name           websockets;
  68
  69   proxy_connect_timeout 90s;
  70   proxy_read_timeout    300s;
  71
  72   ssl                   on;
  73   ssl_certificate "${server_cert}";
  74   ssl_certificate_key "${server_cert_key}";
  75
  76   location / {
  77     proxy_pass          http://arvados-ws;
  78     proxy_set_header    Upgrade         \$http_upgrade;
  79     proxy_set_header    Connection      "upgrade";
  80     proxy_set_header Host \$http_host;
  81     proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
  82   }
  83 }
  84
  85   upstream workbench2 {
  86     server localhost:${services[workbench2]};
  87   }
  88   server {
  89     listen *:${services[workbench2-ssl]} ssl default_server;
  90     server_name workbench2;
  91     ssl_certificate "${server_cert}";
  92     ssl_certificate_key "${server_cert_key}";
  93     location  / {
  94       proxy_pass http://workbench2;
  95       proxy_set_header Host \$http_host;
  96       proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
  97       proxy_set_header X-Forwarded-Proto https;
  98       proxy_redirect off;
  99     }
 100     location  /sockjs-node {
 101       proxy_pass http://workbench2;
 102       proxy_set_header    Upgrade         \$http_upgrade;
 103       proxy_set_header    Connection      "upgrade";
 104       proxy_set_header Host \$http_host;
 105       proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
 106     }
 107   }
 108
 109   upstream keep-web {
 110     server localhost:${services[keep-web]};
 111   }
 112   server {
 113     listen *:${services[keep-web-ssl]} ssl default_server;
 114     server_name keep-web;
 115     ssl_certificate "${server_cert}";
 116     ssl_certificate_key "${server_cert_key}";
 117     location  / {
 118       proxy_pass http://keep-web;
 119       proxy_set_header Host \$http_host;
 120       proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
 121       proxy_set_header X-Forwarded-Proto https;
 122       proxy_redirect off;
 123     }
 124   }
 125
 126 }
 127
 128 EOF
 129
 130 exec nginx -c /var/lib/arvados/nginx.conf