2 # Copyright (C) The Arvados Authors. All rights reserved.
4 # SPDX-License-Identifier: AGPL-3.0
6 {%- import_yaml "ssl_key_encrypted.sls" as ssl_key_encrypted_pillar %}
19 arvados_workbench_default.conf:
24 - server_name: workbench.__DOMAIN__
28 - return: '301 https://$host$request_uri'
30 arvados_workbench_ssl.conf:
36 # Maps WB1 '/actions?uuid=X' URLs to their equivalent on WB2
37 - 'map $request_uri $actions_redirect':
38 - '~^/actions\?uuid=(.*-4zz18-.*)': '/collections/$1'
39 - '~^/actions\?uuid=(.*-j7d0g-.*)': '/projects/$1'
40 - '~^/actions\?uuid=(.*-tpzed-.*)': '/projects/$1'
41 - '~^/actions\?uuid=(.*-7fd4e-.*)': '/workflows/$1'
42 - '~^/actions\?uuid=(.*-xvhdp-.*)': '/processes/$1'
43 - '~^/actions\?uuid=(.*)': '/'
47 - server_name: workbench.__DOMAIN__
49 - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
50 - index: index.html index.htm
52 # REDIRECTS FROM WORKBENCH 1 TO WORKBENCH 2
54 # Paths that are not redirected because wb1 and wb2 have similar enough paths
55 # that a redirect is pointless and would create a redirect loop.
56 # rewrite ^/api_client_authorizations.* /api_client_authorizations redirect;
57 # rewrite ^/repositories.* /repositories redirect;
58 # rewrite ^/links.* /links redirect;
59 # rewrite ^/projects.* /projects redirect;
60 # rewrite ^/trash /trash redirect;
62 # WB1 '/actions?uuid=X' URL Redirects
63 - 'if ($actions_redirect)':
64 - return: '301 $actions_redirect'
66 # Redirects that include a uuid
67 - rewrite: '^/work_units/(.*) /processes/$1 redirect'
68 - rewrite: '^/container_requests/(.*) /processes/$1 redirect'
69 - rewrite: '^/users/(.*) /user/$1 redirect'
70 - rewrite: '^/groups/(.*) /group/$1 redirect'
72 # Special file download redirects
73 - 'if ($arg_disposition = attachment)':
74 - rewrite: '^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect'
76 - 'if ($arg_disposition = inline)':
77 - rewrite: '^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect'
79 # Redirects that go to a roughly equivalent page
80 - rewrite: '^/virtual_machines.* /virtual-machines-admin redirect'
81 - rewrite: '^/users/.*/virtual_machines /virtual-machines-user redirect'
82 - rewrite: '^/authorized_keys.* /ssh-keys-admin redirect'
83 - rewrite: '^/users/.*/ssh_keys /ssh-keys-user redirect'
84 - rewrite: '^/containers.* /all_processes redirect'
85 - rewrite: '^/container_requests /all_processes redirect'
86 - rewrite: '^/job.* /all_processes redirect'
87 - rewrite: '^/users/link_account /link_account redirect'
88 - rewrite: '^/search.* /search-results redirect'
89 - rewrite: '^/keep_services.* /keep-services redirect'
90 - rewrite: '^/trash_items.* /trash redirect'
92 # Redirects that don't have a good mapping and
94 - rewrite: '^/themes.* / redirect'
95 - rewrite: '^/keep_disks.* / redirect'
96 - rewrite: '^/user_agreements.* / redirect'
97 - rewrite: '^/nodes.* / redirect'
98 - rewrite: '^/humans.* / redirect'
99 - rewrite: '^/traits.* / redirect'
100 - rewrite: '^/sessions.* / redirect'
101 - rewrite: '^/logout.* / redirect'
102 - rewrite: '^/logged_out.* / redirect'
103 - rewrite: '^/current_token / redirect'
104 - rewrite: '^/logs.* / redirect'
105 - rewrite: '^/factory_jobs.* / redirect'
106 - rewrite: '^/uploaded_datasets.* / redirect'
107 - rewrite: '^/specimens.* / redirect'
108 - rewrite: '^/pipeline_templates.* / redirect'
109 - rewrite: '^/pipeline_instances.* / redirect'
112 - root: /var/www/arvados-workbench2/workbench2
113 - try_files: '$uri $uri/ /index.html'
114 - 'if (-f $document_root/maintenance.html)':
116 - location /config.json:
117 - return: {{ "200 '" ~ '{"API_HOST":"__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__"}' ~ "'" }}
118 - include: snippets/ssl_hardening_default.conf
119 - ssl_certificate: __CERT_PEM__
120 - ssl_certificate_key: __CERT_KEY__
121 {%- if ssl_key_encrypted_pillar.ssl_key_encrypted.enabled %}
122 - ssl_password_file: {{ '/run/arvados/' | path_join(ssl_key_encrypted_pillar.ssl_key_encrypted.privkey_password_filename) }}
124 - access_log: /var/log/nginx/workbench2.__DOMAIN__.access.log combined
125 - error_log: /var/log/nginx/workbench2.__DOMAIN__.error.log