sdk/python/tests/nginx.conf

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: Apache-2.0
   4
   5 daemon off;
   6 error_log "{{ERRORLOG}}" info;          # Yes, must be specified here _and_ cmdline
   7 events {
   8 }
   9 http {
  10   log_format customlog
  11     '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
  12     '"$http_referer" "$http_user_agent"';
  13   access_log "{{ACCESSLOG}}" customlog;
  14   client_body_temp_path "{{TMPDIR}}/nginx";
  15   proxy_temp_path "{{TMPDIR}}/nginx";
  16   fastcgi_temp_path "{{TMPDIR}}/nginx";
  17   uwsgi_temp_path "{{TMPDIR}}/nginx";
  18   scgi_temp_path "{{TMPDIR}}/nginx";
  19   upstream controller {
  20     server {{LISTENHOST}}:{{CONTROLLERPORT}};
  21   }
  22   server {
  23     listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl;
  24     server_name controller ~.*;
  25     ssl_certificate "{{SSLCERT}}";
  26     ssl_certificate_key "{{SSLKEY}}";
  27     location  / {
  28       proxy_pass http://controller;
  29       proxy_set_header Host $http_host;
  30       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  31       proxy_set_header X-Forwarded-Proto https;
  32       proxy_redirect off;
  33     }
  34   }
  35   upstream arv-git-http {
  36     server {{LISTENHOST}}:{{GITPORT}};
  37   }
  38   server {
  39     listen {{LISTENHOST}}:{{GITSSLPORT}} ssl;
  40     server_name arv-git-http git.*;
  41     ssl_certificate "{{SSLCERT}}";
  42     ssl_certificate_key "{{SSLKEY}}";
  43     location  / {
  44       proxy_pass http://arv-git-http;
  45       proxy_set_header Host $http_host;
  46       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  47       proxy_set_header X-Forwarded-Proto https;
  48       proxy_redirect off;
  49     }
  50   }
  51   upstream keepproxy {
  52     server {{LISTENHOST}}:{{KEEPPROXYPORT}};
  53   }
  54   server {
  55     listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl;
  56     server_name keepproxy keep.*;
  57     ssl_certificate "{{SSLCERT}}";
  58     ssl_certificate_key "{{SSLKEY}}";
  59     location  / {
  60       proxy_pass http://keepproxy;
  61       proxy_set_header Host $http_host;
  62       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  63       proxy_set_header X-Forwarded-Proto https;
  64       proxy_redirect off;
  65
  66       proxy_http_version 1.1;
  67       proxy_request_buffering off;
  68     }
  69   }
  70   upstream keep-web {
  71     server {{LISTENHOST}}:{{KEEPWEBPORT}};
  72   }
  73   server {
  74     listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl;
  75     server_name keep-web collections.* ~\.collections\.;
  76     ssl_certificate "{{SSLCERT}}";
  77     ssl_certificate_key "{{SSLKEY}}";
  78     location  / {
  79       proxy_pass http://keep-web;
  80       proxy_set_header Host $http_host;
  81       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  82       proxy_set_header X-Forwarded-Proto https;
  83       proxy_redirect off;
  84
  85       client_max_body_size 0;
  86       proxy_http_version 1.1;
  87       proxy_request_buffering off;
  88     }
  89   }
  90   upstream health {
  91     server {{LISTENHOST}}:{{HEALTHPORT}};
  92   }
  93   server {
  94     listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl;
  95     server_name health health.*;
  96     ssl_certificate "{{SSLCERT}}";
  97     ssl_certificate_key "{{SSLKEY}}";
  98     location  / {
  99       proxy_pass http://health;
 100       proxy_set_header Host $http_host;
 101       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 102       proxy_set_header X-Forwarded-Proto https;
 103       proxy_redirect off;
 104
 105       proxy_http_version 1.1;
 106       proxy_request_buffering off;
 107     }
 108   }
 109   server {
 110     listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl;
 111     server_name keep-web-dl download.* ~.*;
 112     ssl_certificate "{{SSLCERT}}";
 113     ssl_certificate_key "{{SSLKEY}}";
 114     location  / {
 115       proxy_pass http://keep-web;
 116       proxy_set_header Host $http_host;
 117       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 118       proxy_set_header X-Forwarded-Proto https;
 119       proxy_redirect off;
 120
 121       client_max_body_size 0;
 122       proxy_http_version 1.1;
 123       proxy_request_buffering off;
 124     }
 125   }
 126   upstream ws {
 127     server {{LISTENHOST}}:{{WSPORT}};
 128   }
 129   server {
 130     listen {{LISTENHOST}}:{{WSSSLPORT}} ssl;
 131     server_name websocket ws.*;
 132     ssl_certificate "{{SSLCERT}}";
 133     ssl_certificate_key "{{SSLKEY}}";
 134     location  / {
 135       proxy_pass http://ws;
 136       proxy_set_header Upgrade $http_upgrade;
 137       proxy_set_header Connection "upgrade";
 138       proxy_set_header Host $http_host;
 139       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 140       proxy_set_header X-Forwarded-Proto https;
 141       proxy_redirect off;
 142     }
 143   }
 144   upstream workbench1 {
 145     server {{LISTENHOST}}:{{WORKBENCH1PORT}};
 146   }
 147   server {
 148     listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl;
 149     server_name workbench1 workbench.*;
 150     ssl_certificate "{{SSLCERT}}";
 151     ssl_certificate_key "{{SSLKEY}}";
 152     location  / {
 153       proxy_pass http://workbench1;
 154       proxy_set_header Host $http_host;
 155       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 156       proxy_set_header X-Forwarded-Proto https;
 157       proxy_redirect off;
 158     }
 159   }
 160 }