2 # Copyright (C) The Arvados Authors. All rights reserved.
4 # SPDX-License-Identifier: AGPL-3.0
9 . /usr/local/lib/arvbox/common.sh
11 cat <<EOF >/var/lib/arvados/nginx.conf
12 worker_processes auto;
13 pid /var/lib/arvados/nginx.pid;
20 worker_connections 64;
25 include /etc/nginx/mime.types;
26 default_type application/octet-stream;
28 listen ${services[doc]} default_server;
29 listen [::]:${services[doc]} default_server;
30 root /usr/src/arvados/doc/.site;
36 listen 80 default_server;
38 return 301 https://\$host\$request_uri;
42 server localhost:${services[controller]};
45 listen *:${services[controller-ssl]} ssl default_server;
46 server_name controller;
47 ssl_certificate "/var/lib/arvados/server-cert-${localip}.pem";
48 ssl_certificate_key "/var/lib/arvados/server-cert-${localip}.key";
50 proxy_pass http://controller;
51 proxy_set_header Host \$http_host;
52 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
53 proxy_set_header X-Forwarded-Proto https;
59 server localhost:${services[websockets]};
62 listen *:${services[websockets-ssl]} ssl default_server;
63 server_name websockets;
65 proxy_connect_timeout 90s;
66 proxy_read_timeout 300s;
69 ssl_certificate "/var/lib/arvados/server-cert-${localip}.pem";
70 ssl_certificate_key "/var/lib/arvados/server-cert-${localip}.key";
73 proxy_pass http://arvados-ws;
74 proxy_set_header Upgrade \$http_upgrade;
75 proxy_set_header Connection "upgrade";
76 proxy_set_header Host \$http_host;
77 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
82 server localhost:${services[workbench2]};
85 listen *:${services[workbench2-ssl]} ssl default_server;
86 server_name workbench2;
87 ssl_certificate "/var/lib/arvados/server-cert-${localip}.pem";
88 ssl_certificate_key "/var/lib/arvados/server-cert-${localip}.key";
90 proxy_pass http://workbench2;
91 proxy_set_header Host \$http_host;
92 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
93 proxy_set_header X-Forwarded-Proto https;
96 location /sockjs-node {
97 proxy_pass http://workbench2;
98 proxy_set_header Upgrade \$http_upgrade;
99 proxy_set_header Connection "upgrade";
100 proxy_set_header Host \$http_host;
101 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
106 server localhost:${services[keep-web]};
109 listen *:${services[keep-web-ssl]} ssl default_server;
110 server_name keep-web;
111 ssl_certificate "/var/lib/arvados/server-cert-${localip}.pem";
112 ssl_certificate_key "/var/lib/arvados/server-cert-${localip}.key";
114 proxy_pass http://keep-web;
115 proxy_set_header Host \$http_host;
116 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
117 proxy_set_header X-Forwarded-Proto https;
126 exec nginx -c /var/lib/arvados/nginx.conf