2 # Copyright (C) The Arvados Authors. All rights reserved.
4 # SPDX-License-Identifier: AGPL-3.0
13 upstream collections_downloads_upstream:
14 - server: 'localhost:9002 fail_timeout=10s'
19 arvados_collections_download_default:
24 - server_name: '~^((.*--)?collections|download)\.__CLUSTER__\.__DOMAIN__'
27 - include: snippets/letsencrypt_well_known.conf
29 - return: '301 https://$host$request_uri'
32 arvados_collections_ssl:
36 cmd: create-initial-cert-collections.__CLUSTER__.__DOMAIN__-collections.__CLUSTER__.__DOMAIN__
39 - server_name: '~^(.*--)?collections\.__CLUSTER__\.__DOMAIN__'
41 - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
42 - index: index.html index.htm
44 - proxy_pass: 'http://collections_downloads_upstream'
45 - proxy_read_timeout: 90
46 - proxy_connect_timeout: 90
47 - proxy_redirect: 'off'
48 - proxy_set_header: X-Forwarded-Proto https
49 - proxy_set_header: 'Host $http_host'
50 - proxy_set_header: 'X-Real-IP $remote_addr'
51 - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
52 - proxy_buffering: 'off'
53 - client_max_body_size: 0
54 - proxy_http_version: '1.1'
55 - proxy_request_buffering: 'off'
56 - include: snippets/ssl_hardening_default.conf
57 - include: snippets/collections.__CLUSTER__.__DOMAIN___letsencrypt_cert[.]conf
58 - access_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.access.log combined
59 - error_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.error.log
66 cmd: create-initial-cert-download.__CLUSTER__.__DOMAIN__-download.__CLUSTER__.__DOMAIN__
69 - server_name: download.__CLUSTER__.__DOMAIN__
71 - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
72 - index: index.html index.htm
74 - proxy_pass: 'http://collections_downloads_upstream'
75 - proxy_read_timeout: 90
76 - proxy_connect_timeout: 90
77 - proxy_redirect: 'off'
78 - proxy_set_header: X-Forwarded-Proto https
79 - proxy_set_header: 'Host $http_host'
80 - proxy_set_header: 'X-Real-IP $remote_addr'
81 - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
82 - proxy_buffering: 'off'
83 - client_max_body_size: 0
84 - proxy_http_version: '1.1'
85 - proxy_request_buffering: 'off'
86 - include: snippets/ssl_hardening_default.conf
87 - include: snippets/download.__CLUSTER__.__DOMAIN___letsencrypt_cert[.]conf
88 - access_log: /var/log/nginx/download.__CLUSTER__.__DOMAIN__.access.log combined
89 - error_log: /var/log/nginx/download.__CLUSTER__.__DOMAIN__.error.log