tools/salt-install/config_examples/multi_host/aws/pillars/nginx_keepweb_configuration.sls

   1 ---
   2 # Copyright (C) The Arvados Authors. All rights reserved.
   3 #
   4 # SPDX-License-Identifier: AGPL-3.0
   5
   6 ### NGINX
   7 nginx:
   8   ### SERVER
   9   server:
  10     config:
  11       ### STREAMS
  12       http:
  13         upstream collections_downloads_upstream:
  14           - server: 'localhost:9002 fail_timeout=10s'
  15
  16   servers:
  17     managed:
  18       ### DEFAULT
  19       arvados_collections_download_default:
  20         enabled: true
  21         overwrite: true
  22         config:
  23           - server:
  24             - server_name: '~^((.*--)?collections|download)\.__CLUSTER__\.__DOMAIN__'
  25             - listen:
  26               - 80
  27             - include: snippets/letsencrypt_well_known.conf
  28             - location /:
  29               - return: '301 https://$host$request_uri'
  30
  31       ### COLLECTIONS
  32       arvados_collections_ssl:
  33         enabled: true
  34         overwrite: true
  35         requires:
  36           cmd: create-initial-cert-collections.__CLUSTER__.__DOMAIN__-collections.__CLUSTER__.__DOMAIN__
  37         config:
  38           - server:
  39             - server_name: '~^(.*--)?collections\.__CLUSTER__\.__DOMAIN__'
  40             - listen:
  41               - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
  42             - index: index.html index.htm
  43             - location /:
  44               - proxy_pass: 'http://collections_downloads_upstream'
  45               - proxy_read_timeout: 90
  46               - proxy_connect_timeout: 90
  47               - proxy_redirect: 'off'
  48               - proxy_set_header: X-Forwarded-Proto https
  49               - proxy_set_header: 'Host $http_host'
  50               - proxy_set_header: 'X-Real-IP $remote_addr'
  51               - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
  52               - proxy_buffering: 'off'
  53             - client_max_body_size: 0
  54             - proxy_http_version: '1.1'
  55             - proxy_request_buffering: 'off'
  56             - include: snippets/ssl_hardening_default.conf
  57             - include: snippets/collections.__CLUSTER__.__DOMAIN___letsencrypt_cert[.]conf
  58             - access_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.access.log combined
  59             - error_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.error.log
  60
  61       ### DOWNLOAD
  62       arvados_download_ssl:
  63         enabled: true
  64         overwrite: true
  65         requires:
  66           cmd: create-initial-cert-download.__CLUSTER__.__DOMAIN__-download.__CLUSTER__.__DOMAIN__
  67         config:
  68           - server:
  69             - server_name: download.__CLUSTER__.__DOMAIN__
  70             - listen:
  71               - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
  72             - index: index.html index.htm
  73             - location /:
  74               - proxy_pass: 'http://collections_downloads_upstream'
  75               - proxy_read_timeout: 90
  76               - proxy_connect_timeout: 90
  77               - proxy_redirect: 'off'
  78               - proxy_set_header: X-Forwarded-Proto https
  79               - proxy_set_header: 'Host $http_host'
  80               - proxy_set_header: 'X-Real-IP $remote_addr'
  81               - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
  82               - proxy_buffering: 'off'
  83             - client_max_body_size: 0
  84             - proxy_http_version: '1.1'
  85             - proxy_request_buffering: 'off'
  86             - include: snippets/ssl_hardening_default.conf
  87             - include: snippets/download.__CLUSTER__.__DOMAIN___letsencrypt_cert[.]conf
  88             - access_log: /var/log/nginx/download.__CLUSTER__.__DOMAIN__.access.log combined
  89             - error_log: /var/log/nginx/download.__CLUSTER__.__DOMAIN__.error.log