1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: Apache-2.0
10 '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
11 '"$http_referer" "$http_user_agent"';
12 access_log "{{ACCESSLOG}}" customlog;
13 client_body_temp_path "{{TMPDIR}}";
14 proxy_temp_path "{{TMPDIR}}";
15 fastcgi_temp_path "{{TMPDIR}}";
16 uwsgi_temp_path "{{TMPDIR}}";
17 scgi_temp_path "{{TMPDIR}}";
18 geo $external_client {
24 server {{UPSTREAMHOST}}:{{CONTROLLERPORT}};
27 listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl;
28 server_name controller ~.*;
29 ssl_certificate "{{SSLCERT}}";
30 ssl_certificate_key "{{SSLKEY}}";
31 client_max_body_size 0;
33 proxy_pass http://controller;
34 proxy_set_header Upgrade $http_upgrade;
35 proxy_set_header Connection "upgrade";
36 proxy_set_header Host $http_host;
37 proxy_set_header X-External-Client $external_client;
38 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
39 proxy_set_header X-Forwarded-Proto https;
41 proxy_max_temp_file_size 0;
42 proxy_request_buffering off;
44 proxy_http_version 1.1;
47 upstream arv-git-http {
48 server {{UPSTREAMHOST}}:{{GITPORT}};
51 listen {{LISTENHOST}}:{{GITSSLPORT}} ssl;
52 server_name arv-git-http git.*;
53 ssl_certificate "{{SSLCERT}}";
54 ssl_certificate_key "{{SSLKEY}}";
56 proxy_pass http://arv-git-http;
57 proxy_set_header Host $http_host;
58 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
59 proxy_set_header X-Forwarded-Proto https;
64 server {{UPSTREAMHOST}}:{{KEEPPROXYPORT}};
67 listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl;
68 server_name keepproxy keep.*;
69 ssl_certificate "{{SSLCERT}}";
70 ssl_certificate_key "{{SSLKEY}}";
72 proxy_pass http://keepproxy;
73 proxy_set_header Host $http_host;
74 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
75 proxy_set_header X-Forwarded-Proto https;
78 client_max_body_size 67108864;
79 proxy_http_version 1.1;
80 proxy_request_buffering off;
84 server {{UPSTREAMHOST}}:{{KEEPWEBPORT}};
87 listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl;
88 server_name keep-web collections.* ~\.collections\.;
89 ssl_certificate "{{SSLCERT}}";
90 ssl_certificate_key "{{SSLKEY}}";
92 proxy_pass http://keep-web;
93 proxy_set_header Host $http_host;
94 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
95 proxy_set_header X-Forwarded-Proto https;
98 client_max_body_size 0;
99 proxy_http_version 1.1;
100 proxy_request_buffering off;
104 server {{UPSTREAMHOST}}:{{HEALTHPORT}};
107 listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl;
108 server_name health health.*;
109 ssl_certificate "{{SSLCERT}}";
110 ssl_certificate_key "{{SSLKEY}}";
112 proxy_pass http://health;
113 proxy_set_header Host $http_host;
114 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
115 proxy_set_header X-Forwarded-Proto https;
118 proxy_http_version 1.1;
119 proxy_request_buffering off;
123 listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl;
124 server_name keep-web-dl download.* ~.*;
125 ssl_certificate "{{SSLCERT}}";
126 ssl_certificate_key "{{SSLKEY}}";
128 proxy_pass http://keep-web;
129 proxy_set_header Host $http_host;
130 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
131 proxy_set_header X-Forwarded-Proto https;
134 client_max_body_size 0;
135 proxy_http_version 1.1;
136 proxy_request_buffering off;
140 server {{UPSTREAMHOST}}:{{WSPORT}};
143 listen {{LISTENHOST}}:{{WSSSLPORT}} ssl;
144 server_name websocket ws.*;
145 ssl_certificate "{{SSLCERT}}";
146 ssl_certificate_key "{{SSLKEY}}";
148 proxy_pass http://ws;
149 proxy_set_header Upgrade $http_upgrade;
150 proxy_set_header Connection "upgrade";
151 proxy_set_header Host $http_host;
152 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
153 proxy_set_header X-Forwarded-Proto https;
156 client_max_body_size 0;
157 proxy_http_version 1.1;
158 proxy_request_buffering off;
161 upstream workbench1 {
162 server {{UPSTREAMHOST}}:{{WORKBENCH1PORT}};
165 listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl;
166 server_name workbench1 workbench1.* workbench.*;
167 ssl_certificate "{{SSLCERT}}";
168 ssl_certificate_key "{{SSLKEY}}";
170 proxy_pass http://workbench1;
171 proxy_set_header Host $http_host;
172 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
173 proxy_set_header X-Forwarded-Proto https;
177 upstream workbench2 {
178 server {{UPSTREAMHOST}}:{{WORKBENCH2PORT}};
181 listen {{LISTENHOST}}:{{WORKBENCH2SSLPORT}} ssl;
182 server_name workbench2 workbench2.*;
183 ssl_certificate "{{SSLCERT}}";
184 ssl_certificate_key "{{SSLKEY}}";
186 proxy_pass http://workbench2;
187 proxy_set_header Host $http_host;
188 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
189 proxy_set_header X-Forwarded-Proto https;