2 # Copyright (C) The Arvados Authors. All rights reserved.
4 # SPDX-License-Identifier: AGPL-3.0
9 . /usr/local/lib/arvbox/common.sh
11 if [[ $containerip != $localip ]] ; then
12 if ! grep -q $localip /etc/hosts ; then
13 echo $containerip $localip >> /etc/hosts
17 openssl verify -CAfile $root_cert $server_cert
19 cat <<EOF >/var/lib/arvados/nginx.conf
20 worker_processes auto;
21 pid /var/lib/arvados/nginx.pid;
28 worker_connections 64;
33 include /etc/nginx/mime.types;
34 default_type application/octet-stream;
35 client_max_body_size 128M;
37 geo \$external_client {
44 listen ${services[doc]} default_server;
45 listen [::]:${services[doc]} default_server;
46 root /usr/src/arvados/doc/.site;
52 listen 80 default_server;
54 return 301 https://\$host\$request_uri;
58 server localhost:${services[controller]};
61 listen *:${services[controller-ssl]} ssl default_server;
62 server_name controller;
63 ssl_certificate "${server_cert}";
64 ssl_certificate_key "${server_cert_key}";
66 proxy_pass http://controller;
67 proxy_set_header Host \$http_host;
68 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
69 proxy_set_header X-Forwarded-Proto https;
70 proxy_set_header X-External-Client \$external_client;
76 server localhost:${services[websockets]};
79 listen *:${services[websockets-ssl]} ssl default_server;
80 server_name websockets;
82 proxy_connect_timeout 90s;
83 proxy_read_timeout 300s;
86 ssl_certificate "${server_cert}";
87 ssl_certificate_key "${server_cert_key}";
90 proxy_pass http://arvados-ws;
91 proxy_set_header Upgrade \$http_upgrade;
92 proxy_set_header Connection "upgrade";
93 proxy_set_header Host \$http_host;
94 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
99 server localhost:${services[workbench2]};
102 listen *:${services[workbench2-ssl]} ssl default_server;
103 server_name workbench2;
104 ssl_certificate "${server_cert}";
105 ssl_certificate_key "${server_cert_key}";
107 proxy_pass http://workbench2;
108 proxy_set_header Host \$http_host;
109 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
110 proxy_set_header X-Forwarded-Proto https;
113 location /sockjs-node {
114 proxy_pass http://workbench2;
115 proxy_set_header Upgrade \$http_upgrade;
116 proxy_set_header Connection "upgrade";
117 proxy_set_header Host \$http_host;
118 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
123 server localhost:${services[keep-web]};
126 listen *:${services[keep-web-ssl]} ssl default_server;
127 server_name keep-web;
128 ssl_certificate "${server_cert}";
129 ssl_certificate_key "${server_cert_key}";
130 client_max_body_size 0;
132 proxy_pass http://keep-web;
133 proxy_set_header Host \$http_host;
134 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
135 proxy_set_header X-Forwarded-Proto https;
142 server localhost:${services[keepproxy]};
145 listen *:${services[keepproxy-ssl]} ssl default_server;
146 server_name keepproxy;
147 ssl_certificate "${server_cert}";
148 ssl_certificate_key "${server_cert_key}";
149 client_max_body_size 128M;
151 proxy_pass http://keepproxy;
152 proxy_set_header Host \$http_host;
153 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
154 proxy_set_header X-Forwarded-Proto https;
159 upstream arvados-git-httpd {
160 server localhost:${services[arv-git-httpd]};
163 listen *:${services[arv-git-httpd-ssl]} ssl default_server;
164 server_name arvados-git-httpd;
165 proxy_connect_timeout 90s;
166 proxy_read_timeout 300s;
169 ssl_certificate "${server_cert}";
170 ssl_certificate_key "${server_cert_key}";
171 client_max_body_size 50m;
174 proxy_pass http://arvados-git-httpd;
175 proxy_set_header Host \$http_host;
176 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
177 proxy_set_header X-Forwarded-Proto https;
186 exec nginx -c /var/lib/arvados/nginx.conf