2 # Copyright (C) The Arvados Authors. All rights reserved.
4 # SPDX-License-Identifier: AGPL-3.0
9 . /usr/local/lib/arvbox/common.sh
11 openssl verify -CAfile $root_cert $server_cert
13 cat <<EOF >/var/lib/arvados/nginx.conf
14 worker_processes auto;
15 pid /var/lib/arvados/nginx.pid;
22 worker_connections 64;
27 include /etc/nginx/mime.types;
28 default_type application/octet-stream;
29 client_max_body_size 128M;
32 listen ${services[doc]} default_server;
33 listen [::]:${services[doc]} default_server;
34 root /usr/src/arvados/doc/.site;
40 listen 80 default_server;
42 return 301 https://\$host\$request_uri;
46 server localhost:${services[controller]};
49 listen *:${services[controller-ssl]} ssl default_server;
50 server_name controller;
51 ssl_certificate "${server_cert}";
52 ssl_certificate_key "${server_cert_key}";
54 proxy_pass http://controller;
55 proxy_set_header Host \$http_host;
56 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
57 proxy_set_header X-Forwarded-Proto https;
63 server localhost:${services[websockets]};
66 listen *:${services[websockets-ssl]} ssl default_server;
67 server_name websockets;
69 proxy_connect_timeout 90s;
70 proxy_read_timeout 300s;
73 ssl_certificate "${server_cert}";
74 ssl_certificate_key "${server_cert_key}";
77 proxy_pass http://arvados-ws;
78 proxy_set_header Upgrade \$http_upgrade;
79 proxy_set_header Connection "upgrade";
80 proxy_set_header Host \$http_host;
81 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
86 server localhost:${services[workbench2]};
89 listen *:${services[workbench2-ssl]} ssl default_server;
90 server_name workbench2;
91 ssl_certificate "${server_cert}";
92 ssl_certificate_key "${server_cert_key}";
94 proxy_pass http://workbench2;
95 proxy_set_header Host \$http_host;
96 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
97 proxy_set_header X-Forwarded-Proto https;
100 location /sockjs-node {
101 proxy_pass http://workbench2;
102 proxy_set_header Upgrade \$http_upgrade;
103 proxy_set_header Connection "upgrade";
104 proxy_set_header Host \$http_host;
105 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
110 server localhost:${services[keep-web]};
113 listen *:${services[keep-web-ssl]} ssl default_server;
114 server_name keep-web;
115 ssl_certificate "${server_cert}";
116 ssl_certificate_key "${server_cert_key}";
118 proxy_pass http://keep-web;
119 proxy_set_header Host \$http_host;
120 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
121 proxy_set_header X-Forwarded-Proto https;
130 exec nginx -c /var/lib/arvados/nginx.conf