1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: Apache-2.0
6 error_log "{{ERRORLOG}}" info; # Yes, must be specified here _and_ cmdline
11 '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
12 '"$http_referer" "$http_user_agent"';
13 access_log "{{ACCESSLOG}}" customlog;
14 client_body_temp_path "{{TMPDIR}}";
15 proxy_temp_path "{{TMPDIR}}";
16 fastcgi_temp_path "{{TMPDIR}}";
17 uwsgi_temp_path "{{TMPDIR}}";
18 scgi_temp_path "{{TMPDIR}}";
19 upstream arv-git-http {
20 server {{LISTENHOST}}:{{GITPORT}};
23 listen {{LISTENHOST}}:{{GITSSLPORT}} ssl default_server;
24 server_name arv-git-http;
25 ssl_certificate "{{SSLCERT}}";
26 ssl_certificate_key "{{SSLKEY}}";
28 proxy_pass http://arv-git-http;
29 proxy_set_header Host $http_host;
30 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
31 proxy_set_header X-Forwarded-Proto https;
36 server {{LISTENHOST}}:{{KEEPPROXYPORT}};
39 listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl default_server;
40 server_name keepproxy;
41 ssl_certificate "{{SSLCERT}}";
42 ssl_certificate_key "{{SSLKEY}}";
44 proxy_pass http://keepproxy;
45 proxy_set_header Host $http_host;
46 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
47 proxy_set_header X-Forwarded-Proto https;
50 proxy_http_version 1.1;
51 proxy_request_buffering off;
55 server {{LISTENHOST}}:{{KEEPWEBPORT}};
58 listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl default_server;
60 ssl_certificate "{{SSLCERT}}";
61 ssl_certificate_key "{{SSLKEY}}";
63 proxy_pass http://keep-web;
64 proxy_set_header Host $http_host;
65 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
66 proxy_set_header X-Forwarded-Proto https;
69 client_max_body_size 0;
70 proxy_http_version 1.1;
71 proxy_request_buffering off;
75 server {{LISTENHOST}}:{{HEALTHPORT}};
78 listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl default_server;
80 ssl_certificate "{{SSLCERT}}";
81 ssl_certificate_key "{{SSLKEY}}";
83 proxy_pass http://health;
84 proxy_set_header Host $http_host;
85 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
86 proxy_set_header X-Forwarded-Proto https;
89 proxy_http_version 1.1;
90 proxy_request_buffering off;
94 listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl default_server;
95 server_name keep-web-dl ~.*;
96 ssl_certificate "{{SSLCERT}}";
97 ssl_certificate_key "{{SSLKEY}}";
99 proxy_pass http://keep-web;
100 proxy_set_header Host $http_host;
101 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
102 proxy_set_header X-Forwarded-Proto https;
105 client_max_body_size 0;
106 proxy_http_version 1.1;
107 proxy_request_buffering off;
111 server {{LISTENHOST}}:{{WSPORT}};
114 listen {{LISTENHOST}}:{{WSSSLPORT}} ssl default_server;
115 server_name websocket;
116 ssl_certificate "{{SSLCERT}}";
117 ssl_certificate_key "{{SSLKEY}}";
119 proxy_pass http://ws;
120 proxy_set_header Upgrade $http_upgrade;
121 proxy_set_header Connection "upgrade";
122 proxy_set_header Host $http_host;
123 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
124 proxy_set_header X-Forwarded-Proto https;
128 upstream workbench1 {
129 server {{LISTENHOST}}:{{WORKBENCH1PORT}};
132 listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl default_server;
133 server_name workbench1;
134 ssl_certificate "{{SSLCERT}}";
135 ssl_certificate_key "{{SSLKEY}}";
137 proxy_pass http://workbench1;
138 proxy_set_header Host $http_host;
139 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
140 proxy_set_header X-Forwarded-Proto https;
144 upstream controller {
145 server {{LISTENHOST}}:{{CONTROLLERPORT}};
148 listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl default_server;
149 server_name controller;
150 ssl_certificate "{{SSLCERT}}";
151 ssl_certificate_key "{{SSLKEY}}";
153 proxy_pass http://controller;
154 proxy_set_header Host $http_host;
155 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
156 proxy_set_header X-Forwarded-Proto https;