2 # Copyright (C) The Arvados Authors. All rights reserved.
4 # SPDX-License-Identifier: AGPL-3.0
9 . /usr/local/lib/arvbox/common.sh
11 if [[ $containerip != $localip ]] ; then
12 if ! grep -q $localip /etc/hosts ; then
13 echo $containerip $localip >> /etc/hosts
18 if [[ -f /var/run/localip_override ]] ; then
19 geo_dockerip="$dockerip/32 0;"
22 openssl verify -CAfile $root_cert $server_cert
24 cat <<EOF >/var/lib/arvados/nginx.conf
25 worker_processes auto;
26 pid /var/lib/arvados/nginx.pid;
33 worker_connections 64;
38 include /etc/nginx/mime.types;
39 default_type application/octet-stream;
40 client_max_body_size 128M;
42 geo \$external_client {
50 listen ${services[doc]} default_server;
51 listen [::]:${services[doc]} default_server;
52 root /usr/src/arvados/doc/.site;
58 listen 80 default_server;
60 return 301 https://\$host\$request_uri;
64 server localhost:${services[controller]};
67 listen *:${services[controller-ssl]} ssl default_server;
68 server_name controller;
69 ssl_certificate "${server_cert}";
70 ssl_certificate_key "${server_cert_key}";
72 proxy_pass http://controller;
73 proxy_set_header Host \$http_host;
74 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
75 proxy_set_header X-Forwarded-Proto https;
76 proxy_set_header X-External-Client \$external_client;
78 # This turns off response caching
84 server localhost:${services[websockets]};
87 listen *:${services[websockets-ssl]} ssl default_server;
88 server_name websockets;
90 proxy_connect_timeout 90s;
91 proxy_read_timeout 300s;
94 ssl_certificate "${server_cert}";
95 ssl_certificate_key "${server_cert_key}";
98 proxy_pass http://arvados-ws;
99 proxy_set_header Upgrade \$http_upgrade;
100 proxy_set_header Connection "upgrade";
101 proxy_set_header Host \$http_host;
102 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
106 upstream workbench2 {
107 server localhost:${services[workbench2]};
110 listen *:${services[workbench2-ssl]} ssl default_server;
111 server_name workbench2;
112 ssl_certificate "${server_cert}";
113 ssl_certificate_key "${server_cert_key}";
115 proxy_pass http://workbench2;
116 proxy_set_header Host \$http_host;
117 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
118 proxy_set_header X-Forwarded-Proto https;
121 location /sockjs-node {
122 proxy_pass http://workbench2;
123 proxy_set_header Upgrade \$http_upgrade;
124 proxy_set_header Connection "upgrade";
125 proxy_set_header Host \$http_host;
126 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
131 server localhost:${services[keep-web]};
134 listen *:${services[keep-web-ssl]} ssl default_server;
135 server_name keep-web;
136 ssl_certificate "${server_cert}";
137 ssl_certificate_key "${server_cert_key}";
138 client_max_body_size 0;
140 proxy_pass http://keep-web;
141 proxy_set_header Host \$http_host;
142 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
143 proxy_set_header X-Forwarded-Proto https;
149 server localhost:${services[keepproxy]};
152 listen *:${services[keepproxy-ssl]} ssl default_server;
153 server_name keepproxy;
154 ssl_certificate "${server_cert}";
155 ssl_certificate_key "${server_cert_key}";
156 client_max_body_size 128M;
158 proxy_pass http://keepproxy;
159 proxy_set_header Host \$http_host;
160 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
161 proxy_set_header X-Forwarded-Proto https;
166 upstream arvados-git-httpd {
167 server localhost:${services[arv-git-httpd]};
170 listen *:${services[arv-git-httpd-ssl]} ssl default_server;
171 server_name arvados-git-httpd;
172 proxy_connect_timeout 90s;
173 proxy_read_timeout 300s;
176 ssl_certificate "${server_cert}";
177 ssl_certificate_key "${server_cert_key}";
178 client_max_body_size 50m;
181 proxy_pass http://arvados-git-httpd;
182 proxy_set_header Host \$http_host;
183 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
184 proxy_set_header X-Forwarded-Proto https;
193 exec nginx -c /var/lib/arvados/nginx.conf