2 # Copyright (C) The Arvados Authors. All rights reserved.
4 # SPDX-License-Identifier: AGPL-3.0
13 upstream collections_downloads_upstream:
14 - server: 'localhost:9002 fail_timeout=10s'
19 arvados_collections_download_default:
24 - server_name: '~^((.*\.)?collections|download)\.__CLUSTER__\.__DOMAIN__'
28 - return: '301 https://$host$request_uri'
31 arvados_collections_ssl:
35 cmd: 'create-initial-cert-collections.__CLUSTER__.__DOMAIN__-collections.__CLUSTER__.__DOMAIN__+*.__CLUSTER__.__DOMAIN__'
38 - server_name: '*.collections.__CLUSTER__.__DOMAIN__'
40 - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
41 - index: index.html index.htm
43 - proxy_pass: 'http://collections_downloads_upstream'
44 - proxy_read_timeout: 90
45 - proxy_connect_timeout: 90
46 - proxy_redirect: 'off'
47 - proxy_set_header: X-Forwarded-Proto https
48 - proxy_set_header: 'Host $http_host'
49 - proxy_set_header: 'X-Real-IP $remote_addr'
50 - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
51 - proxy_buffering: 'off'
52 - client_max_body_size: 0
53 - proxy_http_version: '1.1'
54 - proxy_request_buffering: 'off'
55 - include: snippets/ssl_hardening_default.conf
56 - include: snippets/collections.__CLUSTER__.__DOMAIN___letsencrypt_cert[.]conf
57 - access_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.access.log combined
58 - error_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.error.log
65 cmd: create-initial-cert-download.__CLUSTER__.__DOMAIN__-download.__CLUSTER__.__DOMAIN__
68 - server_name: download.__CLUSTER__.__DOMAIN__
70 - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
71 - index: index.html index.htm
73 - proxy_pass: 'http://collections_downloads_upstream'
74 - proxy_read_timeout: 90
75 - proxy_connect_timeout: 90
76 - proxy_redirect: 'off'
77 - proxy_set_header: X-Forwarded-Proto https
78 - proxy_set_header: 'Host $http_host'
79 - proxy_set_header: 'X-Real-IP $remote_addr'
80 - proxy_set_header: 'X-Forwarded-For $proxy_add_x_forwarded_for'
81 - proxy_buffering: 'off'
82 - client_max_body_size: 0
83 - proxy_http_version: '1.1'
84 - proxy_request_buffering: 'off'
85 - include: snippets/ssl_hardening_default.conf
86 - include: snippets/download.__CLUSTER__.__DOMAIN___letsencrypt_cert[.]conf
87 - access_log: /var/log/nginx/download.__CLUSTER__.__DOMAIN__.access.log combined
88 - error_log: /var/log/nginx/download.__CLUSTER__.__DOMAIN__.error.log