2 # Copyright (C) The Arvados Authors. All rights reserved.
4 # SPDX-License-Identifier: AGPL-3.0
9 . /usr/local/lib/arvbox/common.sh
11 cat <<EOF >/var/lib/arvados/nginx.conf
12 worker_processes auto;
13 pid /var/lib/arvados/nginx.pid;
20 worker_connections 64;
25 include /etc/nginx/mime.types;
26 default_type application/octet-stream;
27 client_max_body_size 128M;
30 listen ${services[doc]} default_server;
31 listen [::]:${services[doc]} default_server;
32 root /usr/src/arvados/doc/.site;
38 listen 80 default_server;
40 return 301 https://\$host\$request_uri;
44 server localhost:${services[controller]};
47 listen *:${services[controller-ssl]} ssl default_server;
48 server_name controller;
49 ssl_certificate "/var/lib/arvados/server-cert-${localip}.pem";
50 ssl_certificate_key "/var/lib/arvados/server-cert-${localip}.key";
52 proxy_pass http://controller;
53 proxy_set_header Host \$http_host;
54 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
55 proxy_set_header X-Forwarded-Proto https;
61 server localhost:${services[websockets]};
64 listen *:${services[websockets-ssl]} ssl default_server;
65 server_name websockets;
67 proxy_connect_timeout 90s;
68 proxy_read_timeout 300s;
71 ssl_certificate "/var/lib/arvados/server-cert-${localip}.pem";
72 ssl_certificate_key "/var/lib/arvados/server-cert-${localip}.key";
75 proxy_pass http://arvados-ws;
76 proxy_set_header Upgrade \$http_upgrade;
77 proxy_set_header Connection "upgrade";
78 proxy_set_header Host \$http_host;
79 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
84 server localhost:${services[workbench2]};
87 listen *:${services[workbench2-ssl]} ssl default_server;
88 server_name workbench2;
89 ssl_certificate "/var/lib/arvados/server-cert-${localip}.pem";
90 ssl_certificate_key "/var/lib/arvados/server-cert-${localip}.key";
92 proxy_pass http://workbench2;
93 proxy_set_header Host \$http_host;
94 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
95 proxy_set_header X-Forwarded-Proto https;
98 location /sockjs-node {
99 proxy_pass http://workbench2;
100 proxy_set_header Upgrade \$http_upgrade;
101 proxy_set_header Connection "upgrade";
102 proxy_set_header Host \$http_host;
103 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
108 server localhost:${services[keep-web]};
111 listen *:${services[keep-web-ssl]} ssl default_server;
112 server_name keep-web;
113 ssl_certificate "/var/lib/arvados/server-cert-${localip}.pem";
114 ssl_certificate_key "/var/lib/arvados/server-cert-${localip}.key";
116 proxy_pass http://keep-web;
117 proxy_set_header Host \$http_host;
118 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
119 proxy_set_header X-Forwarded-Proto https;
128 exec nginx -c /var/lib/arvados/nginx.conf