projects / arvados.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch '14669-java-sdk-v2' into 14670-new-java-sdk-docs
[arvados.git] / tools / arvbox / lib / arvbox / docker / service / nginx / run
1 #!/bin/bash
2 # Copyright (C) The Arvados Authors. All rights reserved.
3 #
4 # SPDX-License-Identifier: AGPL-3.0
5
6 exec 2>&1
7 set -ex -o pipefail
8
9 . /usr/local/lib/arvbox/common.sh
10
11 cat <<EOF >/var/lib/arvados/nginx.conf
12 worker_processes auto;
13 pid /var/lib/arvados/nginx.pid;
14
15 error_log stderr;
16 daemon off;
17 user arvbox;
18
19 events {
20         worker_connections 64;
21 }
22
23 http {
24      access_log off;
25      include /etc/nginx/mime.types;
26      default_type application/octet-stream;
27      server {
28             listen ${services[doc]} default_server;
29             listen [::]:${services[doc]} default_server;
30             root /usr/src/arvados/doc/.site;
31             index index.html;
32             server_name _;
33      }
34
35   server {
36     listen 80 default_server;
37     server_name _;
38     return 301 https://\$host\$request_uri;
39   }
40
41   upstream controller {
42     server localhost:${services[controller]};
43   }
44   server {
45     listen *:${services[controller-ssl]} ssl default_server;
46     server_name controller;
47     ssl_certificate "/var/lib/arvados/server-cert-${localip}.pem";
48     ssl_certificate_key "/var/lib/arvados/server-cert-${localip}.key";
49     location  / {
50       proxy_pass http://controller;
51       proxy_set_header Host \$http_host;
52       proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
53       proxy_set_header X-Forwarded-Proto https;
54       proxy_redirect off;
55     }
56   }
57
58 upstream arvados-ws {
59   server localhost:${services[websockets]};
60 }
61 server {
62   listen *:${services[websockets-ssl]} ssl default_server;
63   server_name           websockets;
64
65   proxy_connect_timeout 90s;
66   proxy_read_timeout    300s;
67
68   ssl                   on;
69   ssl_certificate "/var/lib/arvados/server-cert-${localip}.pem";
70   ssl_certificate_key "/var/lib/arvados/server-cert-${localip}.key";
71
72   location / {
73     proxy_pass          http://arvados-ws;
74     proxy_set_header    Upgrade         \$http_upgrade;
75     proxy_set_header    Connection      "upgrade";
76     proxy_set_header Host \$http_host;
77     proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
78   }
79 }
80
81   upstream workbench2 {
82     server localhost:${services[workbench2]};
83   }
84   server {
85     listen *:${services[workbench2-ssl]} ssl default_server;
86     server_name workbench2;
87     ssl_certificate "/var/lib/arvados/server-cert-${localip}.pem";
88     ssl_certificate_key "/var/lib/arvados/server-cert-${localip}.key";
89     location  / {
90       proxy_pass http://workbench2;
91       proxy_set_header Host \$http_host;
92       proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
93       proxy_set_header X-Forwarded-Proto https;
94       proxy_redirect off;
95     }
96     location  /sockjs-node {
97       proxy_pass http://workbench2;
98       proxy_set_header    Upgrade         \$http_upgrade;
99       proxy_set_header    Connection      "upgrade";
100       proxy_set_header Host \$http_host;
101       proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
102     }
103   }
104
105   upstream keep-web {
106     server localhost:${services[keep-web]};
107   }
108   server {
109     listen *:${services[keep-web-ssl]} ssl default_server;
110     server_name keep-web;
111     ssl_certificate "/var/lib/arvados/server-cert-${localip}.pem";
112     ssl_certificate_key "/var/lib/arvados/server-cert-${localip}.key";
113     location  / {
114       proxy_pass http://keep-web;
115       proxy_set_header Host \$http_host;
116       proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
117       proxy_set_header X-Forwarded-Proto https;
118       proxy_redirect off;
119     }
120   }
121
122 }
123
124 EOF
125
126 exec nginx -c /var/lib/arvados/nginx.conf