Merge branch '16265-security-updates' into dependabot/bundler/apps/workbench/loofah...
[arvados.git] / sdk / python / tests / nginx.conf
1 # Copyright (C) The Arvados Authors. All rights reserved.
2 #
3 # SPDX-License-Identifier: Apache-2.0
4
5 daemon off;
6 error_log "{{ERRORLOG}}" info;          # Yes, must be specified here _and_ cmdline
7 events {
8 }
9 http {
10   log_format customlog
11     '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
12     '"$http_referer" "$http_user_agent"';
13   access_log "{{ACCESSLOG}}" customlog;
14   client_body_temp_path "{{TMPDIR}}";
15   proxy_temp_path "{{TMPDIR}}";
16   fastcgi_temp_path "{{TMPDIR}}";
17   uwsgi_temp_path "{{TMPDIR}}";
18   scgi_temp_path "{{TMPDIR}}";
19   upstream arv-git-http {
20     server {{LISTENHOST}}:{{GITPORT}};
21   }
22   server {
23     listen {{LISTENHOST}}:{{GITSSLPORT}} ssl default_server;
24     server_name arv-git-http;
25     ssl_certificate "{{SSLCERT}}";
26     ssl_certificate_key "{{SSLKEY}}";
27     location  / {
28       proxy_pass http://arv-git-http;
29       proxy_set_header Host $http_host;
30       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
31       proxy_set_header X-Forwarded-Proto https;
32       proxy_redirect off;
33     }
34   }
35   upstream keepproxy {
36     server {{LISTENHOST}}:{{KEEPPROXYPORT}};
37   }
38   server {
39     listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl default_server;
40     server_name keepproxy;
41     ssl_certificate "{{SSLCERT}}";
42     ssl_certificate_key "{{SSLKEY}}";
43     location  / {
44       proxy_pass http://keepproxy;
45       proxy_set_header Host $http_host;
46       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
47       proxy_set_header X-Forwarded-Proto https;
48       proxy_redirect off;
49
50       proxy_http_version 1.1;
51       proxy_request_buffering off;
52     }
53   }
54   upstream keep-web {
55     server {{LISTENHOST}}:{{KEEPWEBPORT}};
56   }
57   server {
58     listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl default_server;
59     server_name keep-web;
60     ssl_certificate "{{SSLCERT}}";
61     ssl_certificate_key "{{SSLKEY}}";
62     location  / {
63       proxy_pass http://keep-web;
64       proxy_set_header Host $http_host;
65       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
66       proxy_set_header X-Forwarded-Proto https;
67       proxy_redirect off;
68
69       client_max_body_size 0;
70       proxy_http_version 1.1;
71       proxy_request_buffering off;
72     }
73   }
74   server {
75     listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl default_server;
76     server_name keep-web-dl ~.*;
77     ssl_certificate "{{SSLCERT}}";
78     ssl_certificate_key "{{SSLKEY}}";
79     location  / {
80       proxy_pass http://keep-web;
81       proxy_set_header Host $http_host;
82       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
83       proxy_set_header X-Forwarded-Proto https;
84       proxy_redirect off;
85
86       client_max_body_size 0;
87       proxy_http_version 1.1;
88       proxy_request_buffering off;
89     }
90   }
91   upstream ws {
92     server {{LISTENHOST}}:{{WSPORT}};
93   }
94   server {
95     listen {{LISTENHOST}}:{{WSSSLPORT}} ssl default_server;
96     server_name websocket;
97     ssl_certificate "{{SSLCERT}}";
98     ssl_certificate_key "{{SSLKEY}}";
99     location  / {
100       proxy_pass http://ws;
101       proxy_set_header Upgrade $http_upgrade;
102       proxy_set_header Connection "upgrade";
103       proxy_set_header Host $http_host;
104       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
105       proxy_set_header X-Forwarded-Proto https;
106       proxy_redirect off;
107     }
108   }
109   upstream workbench1 {
110     server {{LISTENHOST}}:{{WORKBENCH1PORT}};
111   }
112   server {
113     listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl default_server;
114     server_name workbench1;
115     ssl_certificate "{{SSLCERT}}";
116     ssl_certificate_key "{{SSLKEY}}";
117     location  / {
118       proxy_pass http://workbench1;
119       proxy_set_header Host $http_host;
120       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
121       proxy_set_header X-Forwarded-Proto https;
122       proxy_redirect off;
123     }
124   }
125   upstream controller {
126     server {{LISTENHOST}}:{{CONTROLLERPORT}};
127   }
128   server {
129     listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl default_server;
130     server_name controller;
131     ssl_certificate "{{SSLCERT}}";
132     ssl_certificate_key "{{SSLKEY}}";
133     location  / {
134       proxy_pass http://controller;
135       proxy_set_header Host $http_host;
136       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
137       proxy_set_header X-Forwarded-Proto https;
138       proxy_redirect off;
139     }
140   }
141 }