tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls

   1 ---
   2 # Copyright (C) The Arvados Authors. All rights reserved.
   3 #
   4 # SPDX-License-Identifier: AGPL-3.0
   5
   6 ### NGINX
   7 nginx:
   8   ### SERVER
   9   server:
  10     config:
  11
  12       ### STREAMS
  13       http:
  14         upstream webshell_upstream:
  15           - server: 'shell.__CLUSTER__.__DOMAIN__:4200 fail_timeout=10s'
  16
  17   ### SITES
  18   servers:
  19     managed:
  20       arvados_webshell_default.conf:
  21         enabled: true
  22         overwrite: true
  23         config:
  24           - server:
  25             - server_name: webshell.__CLUSTER__.__DOMAIN__
  26             - listen:
  27               - 80
  28             - location /:
  29               - return: '301 https://$host$request_uri'
  30
  31       arvados_webshell_ssl.conf:
  32         enabled: true
  33         overwrite: true
  34         requires:
  35           __CERT_REQUIRES__
  36         config:
  37           - server:
  38             - server_name: webshell.__CLUSTER__.__DOMAIN__
  39             - listen:
  40               - __WEBSHELL_EXT_SSL_PORT__ http2 ssl
  41             - index: index.html index.htm
  42             - location /shell.__CLUSTER__.__DOMAIN__:
  43               - proxy_pass: 'http://webshell_upstream'
  44               - proxy_read_timeout: 90
  45               - proxy_connect_timeout: 90
  46               - proxy_set_header: 'Host $http_host'
  47               - proxy_set_header: 'X-Real-IP $remote_addr'
  48               - proxy_set_header: X-Forwarded-Proto https
  49               - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
  50               - proxy_ssl_session_reuse: 'off'
  51
  52               - "if ($request_method = 'OPTIONS')":
  53                 - add_header: "'Access-Control-Allow-Origin' '*'"
  54                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
  55                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
  56                 - add_header: "'Access-Control-Max-Age' 1728000"
  57                 - add_header: "'Content-Type' 'text/plain charset=UTF-8'"
  58                 - add_header: "'Content-Length' 0"
  59                 - return: 204
  60
  61               - "if ($request_method = 'POST')":
  62                 - add_header: "'Access-Control-Allow-Origin' '*'"
  63                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
  64                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
  65
  66               - "if ($request_method = 'GET')":
  67                 - add_header: "'Access-Control-Allow-Origin' '*'"
  68                 - add_header: "'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'"
  69                 - add_header: "'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'"
  70
  71             - include: snippets/ssl_hardening_default.conf
  72             - ssl_certificate: __CERT_PEM__
  73             - ssl_certificate_key: __CERT_KEY__
  74             - access_log: /var/log/nginx/webshell.__CLUSTER__.__DOMAIN__.access.log combined
  75             - error_log: /var/log/nginx/webshell.__CLUSTER__.__DOMAIN__.error.log
  76