16476: Merge branch 'master' into 16476-upgrade-arvados-jobs-to-buster
[arvados.git] / sdk / python / tests / nginx.conf
1 # Copyright (C) The Arvados Authors. All rights reserved.
2 #
3 # SPDX-License-Identifier: Apache-2.0
4
5 daemon off;
6 error_log "{{ERRORLOG}}" info;          # Yes, must be specified here _and_ cmdline
7 events {
8 }
9 http {
10   log_format customlog
11     '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
12     '"$http_referer" "$http_user_agent"';
13   access_log "{{ACCESSLOG}}" customlog;
14   client_body_temp_path "{{TMPDIR}}";
15   proxy_temp_path "{{TMPDIR}}";
16   fastcgi_temp_path "{{TMPDIR}}";
17   uwsgi_temp_path "{{TMPDIR}}";
18   scgi_temp_path "{{TMPDIR}}";
19   upstream arv-git-http {
20     server {{LISTENHOST}}:{{GITPORT}};
21   }
22   server {
23     listen {{LISTENHOST}}:{{GITSSLPORT}} ssl default_server;
24     server_name arv-git-http;
25     ssl_certificate "{{SSLCERT}}";
26     ssl_certificate_key "{{SSLKEY}}";
27     location  / {
28       proxy_pass http://arv-git-http;
29       proxy_set_header Host $http_host;
30       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
31       proxy_set_header X-Forwarded-Proto https;
32       proxy_redirect off;
33     }
34   }
35   upstream keepproxy {
36     server {{LISTENHOST}}:{{KEEPPROXYPORT}};
37   }
38   server {
39     listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl default_server;
40     server_name keepproxy;
41     ssl_certificate "{{SSLCERT}}";
42     ssl_certificate_key "{{SSLKEY}}";
43     location  / {
44       proxy_pass http://keepproxy;
45       proxy_set_header Host $http_host;
46       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
47       proxy_set_header X-Forwarded-Proto https;
48       proxy_redirect off;
49
50       proxy_http_version 1.1;
51       proxy_request_buffering off;
52     }
53   }
54   upstream keep-web {
55     server {{LISTENHOST}}:{{KEEPWEBPORT}};
56   }
57   server {
58     listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl default_server;
59     server_name keep-web;
60     ssl_certificate "{{SSLCERT}}";
61     ssl_certificate_key "{{SSLKEY}}";
62     location  / {
63       proxy_pass http://keep-web;
64       proxy_set_header Host $http_host;
65       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
66       proxy_set_header X-Forwarded-Proto https;
67       proxy_redirect off;
68
69       client_max_body_size 0;
70       proxy_http_version 1.1;
71       proxy_request_buffering off;
72     }
73   }
74   upstream health {
75     server {{LISTENHOST}}:{{HEALTHPORT}};
76   }
77   server {
78     listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl default_server;
79     server_name health;
80     ssl_certificate "{{SSLCERT}}";
81     ssl_certificate_key "{{SSLKEY}}";
82     location  / {
83       proxy_pass http://health;
84       proxy_set_header Host $http_host;
85       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
86       proxy_set_header X-Forwarded-Proto https;
87       proxy_redirect off;
88
89       proxy_http_version 1.1;
90       proxy_request_buffering off;
91     }
92   }
93   server {
94     listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl default_server;
95     server_name keep-web-dl ~.*;
96     ssl_certificate "{{SSLCERT}}";
97     ssl_certificate_key "{{SSLKEY}}";
98     location  / {
99       proxy_pass http://keep-web;
100       proxy_set_header Host $http_host;
101       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
102       proxy_set_header X-Forwarded-Proto https;
103       proxy_redirect off;
104
105       client_max_body_size 0;
106       proxy_http_version 1.1;
107       proxy_request_buffering off;
108     }
109   }
110   upstream ws {
111     server {{LISTENHOST}}:{{WSPORT}};
112   }
113   server {
114     listen {{LISTENHOST}}:{{WSSSLPORT}} ssl default_server;
115     server_name websocket;
116     ssl_certificate "{{SSLCERT}}";
117     ssl_certificate_key "{{SSLKEY}}";
118     location  / {
119       proxy_pass http://ws;
120       proxy_set_header Upgrade $http_upgrade;
121       proxy_set_header Connection "upgrade";
122       proxy_set_header Host $http_host;
123       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
124       proxy_set_header X-Forwarded-Proto https;
125       proxy_redirect off;
126     }
127   }
128   upstream workbench1 {
129     server {{LISTENHOST}}:{{WORKBENCH1PORT}};
130   }
131   server {
132     listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl default_server;
133     server_name workbench1;
134     ssl_certificate "{{SSLCERT}}";
135     ssl_certificate_key "{{SSLKEY}}";
136     location  / {
137       proxy_pass http://workbench1;
138       proxy_set_header Host $http_host;
139       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
140       proxy_set_header X-Forwarded-Proto https;
141       proxy_redirect off;
142     }
143   }
144   upstream controller {
145     server {{LISTENHOST}}:{{CONTROLLERPORT}};
146   }
147   server {
148     listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl default_server;
149     server_name controller;
150     ssl_certificate "{{SSLCERT}}";
151     ssl_certificate_key "{{SSLKEY}}";
152     location  / {
153       proxy_pass http://controller;
154       proxy_set_header Host $http_host;
155       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
156       proxy_set_header X-Forwarded-Proto https;
157       proxy_redirect off;
158     }
159   }
160 }