1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: Apache-2.0
10 '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
11 '"$http_referer" "$http_user_agent"';
12 access_log "{{ACCESSLOG}}" customlog;
13 client_body_temp_path "{{TMPDIR}}";
14 proxy_temp_path "{{TMPDIR}}";
15 fastcgi_temp_path "{{TMPDIR}}";
16 uwsgi_temp_path "{{TMPDIR}}";
17 scgi_temp_path "{{TMPDIR}}";
19 server {{LISTENHOST}}:{{CONTROLLERPORT}};
22 listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl;
23 server_name controller ~.*;
24 ssl_certificate "{{SSLCERT}}";
25 ssl_certificate_key "{{SSLKEY}}";
26 client_max_body_size 0;
28 proxy_pass http://controller;
29 proxy_set_header Host $http_host;
30 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
31 proxy_set_header X-Forwarded-Proto https;
33 proxy_request_buffering off;
34 proxy_max_temp_file_size 0;
37 upstream arv-git-http {
38 server {{LISTENHOST}}:{{GITPORT}};
41 listen {{LISTENHOST}}:{{GITSSLPORT}} ssl;
42 server_name arv-git-http git.*;
43 ssl_certificate "{{SSLCERT}}";
44 ssl_certificate_key "{{SSLKEY}}";
46 proxy_pass http://arv-git-http;
47 proxy_set_header Host $http_host;
48 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
49 proxy_set_header X-Forwarded-Proto https;
54 server {{LISTENHOST}}:{{KEEPPROXYPORT}};
57 listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl;
58 server_name keepproxy keep.*;
59 ssl_certificate "{{SSLCERT}}";
60 ssl_certificate_key "{{SSLKEY}}";
62 proxy_pass http://keepproxy;
63 proxy_set_header Host $http_host;
64 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
65 proxy_set_header X-Forwarded-Proto https;
68 client_max_body_size 67108864;
69 proxy_http_version 1.1;
70 proxy_request_buffering off;
74 server {{LISTENHOST}}:{{KEEPWEBPORT}};
77 listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl;
78 server_name keep-web collections.* ~\.collections\.;
79 ssl_certificate "{{SSLCERT}}";
80 ssl_certificate_key "{{SSLKEY}}";
82 proxy_pass http://keep-web;
83 proxy_set_header Host $http_host;
84 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
85 proxy_set_header X-Forwarded-Proto https;
88 client_max_body_size 0;
89 proxy_http_version 1.1;
90 proxy_request_buffering off;
94 server {{LISTENHOST}}:{{HEALTHPORT}};
97 listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl;
98 server_name health health.*;
99 ssl_certificate "{{SSLCERT}}";
100 ssl_certificate_key "{{SSLKEY}}";
102 proxy_pass http://health;
103 proxy_set_header Host $http_host;
104 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
105 proxy_set_header X-Forwarded-Proto https;
108 proxy_http_version 1.1;
109 proxy_request_buffering off;
113 listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl;
114 server_name keep-web-dl download.* ~.*;
115 ssl_certificate "{{SSLCERT}}";
116 ssl_certificate_key "{{SSLKEY}}";
118 proxy_pass http://keep-web;
119 proxy_set_header Host $http_host;
120 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
121 proxy_set_header X-Forwarded-Proto https;
124 client_max_body_size 0;
125 proxy_http_version 1.1;
126 proxy_request_buffering off;
130 server {{LISTENHOST}}:{{WSPORT}};
133 listen {{LISTENHOST}}:{{WSSSLPORT}} ssl;
134 server_name websocket ws.*;
135 ssl_certificate "{{SSLCERT}}";
136 ssl_certificate_key "{{SSLKEY}}";
138 proxy_pass http://ws;
139 proxy_set_header Upgrade $http_upgrade;
140 proxy_set_header Connection "upgrade";
141 proxy_set_header Host $http_host;
142 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
143 proxy_set_header X-Forwarded-Proto https;
147 upstream workbench1 {
148 server {{LISTENHOST}}:{{WORKBENCH1PORT}};
151 listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl;
152 server_name workbench1 workbench1.* workbench.*;
153 ssl_certificate "{{SSLCERT}}";
154 ssl_certificate_key "{{SSLKEY}}";
156 proxy_pass http://workbench1;
157 proxy_set_header Host $http_host;
158 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
159 proxy_set_header X-Forwarded-Proto https;
163 upstream workbench2 {
164 server {{LISTENHOST}}:{{WORKBENCH2PORT}};
167 listen {{LISTENHOST}}:{{WORKBENCH2SSLPORT}} ssl;
168 server_name workbench2 workbench2.*;
169 ssl_certificate "{{SSLCERT}}";
170 ssl_certificate_key "{{SSLKEY}}";
172 proxy_pass http://workbench2;
173 proxy_set_header Host $http_host;
174 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
175 proxy_set_header X-Forwarded-Proto https;