1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: Apache-2.0
6 error_log "{{ERRORLOG}}" info; # Yes, must be specified here _and_ cmdline
11 '[$time_local] $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
12 '"$http_referer" "$http_user_agent"';
13 access_log "{{ACCESSLOG}}" customlog;
14 client_body_temp_path "{{TMPDIR}}";
15 upstream arv-git-http {
16 server localhost:{{GITPORT}};
19 listen *:{{GITSSLPORT}} ssl default_server;
20 server_name arv-git-http;
21 ssl_certificate "{{SSLCERT}}";
22 ssl_certificate_key "{{SSLKEY}}";
24 proxy_pass http://arv-git-http;
25 proxy_set_header Host $http_host;
26 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
27 proxy_set_header X-Forwarded-Proto https;
32 server localhost:{{KEEPPROXYPORT}};
35 listen *:{{KEEPPROXYSSLPORT}} ssl default_server;
36 server_name keepproxy;
37 ssl_certificate "{{SSLCERT}}";
38 ssl_certificate_key "{{SSLKEY}}";
40 proxy_pass http://keepproxy;
41 proxy_set_header Host $http_host;
42 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
43 proxy_set_header X-Forwarded-Proto https;
48 server localhost:{{KEEPWEBPORT}};
51 listen *:{{KEEPWEBSSLPORT}} ssl default_server;
53 ssl_certificate "{{SSLCERT}}";
54 ssl_certificate_key "{{SSLKEY}}";
56 proxy_pass http://keep-web;
57 proxy_set_header Host $http_host;
58 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
59 proxy_set_header X-Forwarded-Proto https;
64 listen *:{{KEEPWEBDLSSLPORT}} ssl default_server;
65 server_name keep-web-dl ~.*;
66 ssl_certificate "{{SSLCERT}}";
67 ssl_certificate_key "{{SSLKEY}}";
69 proxy_pass http://keep-web;
70 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
71 proxy_set_header X-Forwarded-Proto https;
73 # Unlike other proxy sections, here we need to override the
74 # requested Host header and use proxy_redirect because of the
75 # way the test suite orchestrates services. Keep-web's "download
76 # only" behavior relies on the Host header matching a configured
77 # value, but when run_test_servers.py writes keep-web's command
78 # line, the keep-web-dl TLS port (which clients will connect to
79 # and include in their Host header) has not yet been assigned.
81 # In production, "proxy_set_header Host $http_host;
82 # proxy_redirect off;" works: keep-web's redirect URLs will
83 # match the request URL received by Nginx.
85 # Here, keep-web will issue redirects to https://download/ and
86 # Nginx will rewrite them.
88 proxy_set_header Host download;
89 proxy_redirect https://download/ https://$host:{{KEEPWEBDLSSLPORT}}/;
93 server localhost:{{WSPORT}};
96 listen *:{{WSSPORT}} ssl default_server;
97 server_name websocket;
98 ssl_certificate "{{SSLCERT}}";
99 ssl_certificate_key "{{SSLKEY}}";
101 proxy_pass http://ws;
102 proxy_set_header Upgrade $http_upgrade;
103 proxy_set_header Connection "upgrade";
104 proxy_set_header Host $http_host;
105 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
106 proxy_set_header X-Forwarded-Proto https;
110 upstream controller {
111 server localhost:{{CONTROLLERPORT}};
114 listen *:{{CONTROLLERSSLPORT}} ssl default_server;
115 server_name controller;
116 ssl_certificate "{{SSLCERT}}";
117 ssl_certificate_key "{{SSLKEY}}";
119 proxy_pass http://controller;
120 proxy_set_header Host $http_host;
121 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
122 proxy_set_header X-Forwarded-Proto https;
projects / arvados.git / blob