2 # Copyright (C) The Arvados Authors. All rights reserved.
4 # SPDX-License-Identifier: AGPL-3.0
9 . /usr/local/lib/arvbox/common.sh
11 if [[ $containerip != $localip ]] ; then
12 if ! grep -q $localip /etc/hosts ; then
13 echo $containerip $localip >> /etc/hosts
17 openssl verify -CAfile $root_cert $server_cert
19 cat <<EOF >/var/lib/arvados/nginx.conf
20 worker_processes auto;
21 pid /var/lib/arvados/nginx.pid;
28 worker_connections 64;
33 include /etc/nginx/mime.types;
34 default_type application/octet-stream;
35 client_max_body_size 128M;
37 geo \$external_client {
45 listen ${services[doc]} default_server;
46 listen [::]:${services[doc]} default_server;
47 root /usr/src/arvados/doc/.site;
53 listen 80 default_server;
55 return 301 https://\$host\$request_uri;
59 server localhost:${services[controller]};
62 listen *:${services[controller-ssl]} ssl default_server;
63 server_name controller;
64 ssl_certificate "${server_cert}";
65 ssl_certificate_key "${server_cert_key}";
67 proxy_pass http://controller;
68 proxy_set_header Host \$http_host;
69 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
70 proxy_set_header X-Forwarded-Proto https;
71 proxy_set_header X-External-Client \$external_client;
73 # This turns off response caching
79 server localhost:${services[websockets]};
82 listen *:${services[websockets-ssl]} ssl default_server;
83 server_name websockets;
85 proxy_connect_timeout 90s;
86 proxy_read_timeout 300s;
89 ssl_certificate "${server_cert}";
90 ssl_certificate_key "${server_cert_key}";
93 proxy_pass http://arvados-ws;
94 proxy_set_header Upgrade \$http_upgrade;
95 proxy_set_header Connection "upgrade";
96 proxy_set_header Host \$http_host;
97 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
101 upstream workbench2 {
102 server localhost:${services[workbench2]};
105 listen *:${services[workbench2-ssl]} ssl default_server;
106 server_name workbench2;
107 ssl_certificate "${server_cert}";
108 ssl_certificate_key "${server_cert_key}";
110 proxy_pass http://workbench2;
111 proxy_set_header Host \$http_host;
112 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
113 proxy_set_header X-Forwarded-Proto https;
116 location /sockjs-node {
117 proxy_pass http://workbench2;
118 proxy_set_header Upgrade \$http_upgrade;
119 proxy_set_header Connection "upgrade";
120 proxy_set_header Host \$http_host;
121 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
126 server localhost:${services[keep-web]};
129 listen *:${services[keep-web-ssl]} ssl default_server;
130 server_name keep-web;
131 ssl_certificate "${server_cert}";
132 ssl_certificate_key "${server_cert_key}";
133 client_max_body_size 0;
135 proxy_pass http://keep-web;
136 proxy_set_header Host \$http_host;
137 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
138 proxy_set_header X-Forwarded-Proto https;
144 server localhost:${services[keepproxy]};
147 listen *:${services[keepproxy-ssl]} ssl default_server;
148 server_name keepproxy;
149 ssl_certificate "${server_cert}";
150 ssl_certificate_key "${server_cert_key}";
151 client_max_body_size 128M;
153 proxy_pass http://keepproxy;
154 proxy_set_header Host \$http_host;
155 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
156 proxy_set_header X-Forwarded-Proto https;
161 upstream arvados-git-httpd {
162 server localhost:${services[arv-git-httpd]};
165 listen *:${services[arv-git-httpd-ssl]} ssl default_server;
166 server_name arvados-git-httpd;
167 proxy_connect_timeout 90s;
168 proxy_read_timeout 300s;
171 ssl_certificate "${server_cert}";
172 ssl_certificate_key "${server_cert_key}";
173 client_max_body_size 50m;
176 proxy_pass http://arvados-git-httpd;
177 proxy_set_header Host \$http_host;
178 proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
179 proxy_set_header X-Forwarded-Proto https;
188 exec nginx -c /var/lib/arvados/nginx.conf