2 # Copyright (C) The Arvados Authors. All rights reserved.
4 # SPDX-License-Identifier: AGPL-3.0
6 {%- if grains.os_family in ('RedHat',) %}
7 {%- set group = 'nginx' %}
9 {%- set group = 'www-data' %}
25 upstream workbench_upstream:
26 - server: 'workbench.internal:9000 fail_timeout=10s'
32 arvados_workbench_default.conf:
37 - server_name: workbench.__CLUSTER__.__DOMAIN__
40 - location /.well-known:
43 - return: '301 https://$host$request_uri'
45 arvados_workbench_ssl.conf:
49 file: extra_custom_certs_file_copy_arvados-workbench.pem
52 - server_name: workbench.__CLUSTER__.__DOMAIN__
54 - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
55 - index: index.html index.htm
57 - proxy_pass: 'http://workbench_upstream'
58 - proxy_read_timeout: 300
59 - proxy_connect_timeout: 90
60 - proxy_redirect: 'off'
61 - proxy_set_header: X-Forwarded-Proto https
62 - proxy_set_header: 'Host $http_host'
63 - proxy_set_header: 'X-Real-IP $remote_addr'
64 - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
65 - include: snippets/ssl_hardening_default.conf
66 - ssl_certificate: /etc/nginx/ssl/arvados-workbench.pem
67 - ssl_certificate_key: /etc/nginx/ssl/arvados-workbench.key
68 - access_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__.access.log combined
69 - error_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__.error.log
71 arvados_workbench_upstream.conf:
76 - listen: 'workbench.internal:9000'
77 - server_name: workbench
78 - root: /var/www/arvados-workbench/current/public
79 - index: index.html index.htm
80 - passenger_enabled: 'on'
81 # yamllint disable-line rule:line-length
82 - access_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__-upstream.access.log combined
83 - error_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__-upstream.error.log