projects / arvados.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
18791: allow single-host-single-hostname to manage LE certs
[arvados.git] / tools / salt-install / config_examples / single_host / single_hostname / pillars / nginx_workbench2_configuration.sls
1 ---
2 # Copyright (C) The Arvados Authors. All rights reserved.
3 #
4 # SPDX-License-Identifier: AGPL-3.0
5
6 ### ARVADOS
7 arvados:
8   config:
9     group: www-data
10
11 ### NGINX
12 nginx:
13   ### SITES
14   servers:
15     managed:
16       arvados_workbench2_ssl.conf:
17         enabled: true
18         overwrite: true
19         requires:
20           __CERT_REQUIRES__
21         config:
22           - server:
23             - server_name: __HOSTNAME_EXT__
24             - listen:
25               - __WORKBENCH2_EXT_SSL_PORT__ http2 ssl
26             - index: index.html index.htm
27             - location /:
28               - root: /var/www/arvados-workbench2/workbench2
29               - try_files: '$uri $uri/ /index.html'
30               - 'if (-f $document_root/maintenance.html)':
31                 - return: 503
32             - location /config.json:
33               - return: {{ "200 '" ~ '{"API_HOST":"__HOSTNAME_EXT__:__CONTROLLER_EXT_SSL_PORT__"}' ~ "'" }}
34             - include: snippets/ssl_hardening_default.conf
35             - ssl_certificate: __CERT_PEM__
36             - ssl_certificate_key: __CERT_KEY__
37             - access_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.access.log combined
38             - error_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.error.log