1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: Apache-2.0
10 '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
11 '"$http_referer" "$http_user_agent"';
12 access_log "{{ACCESSLOG}}" customlog;
13 client_body_temp_path "{{TMPDIR}}";
14 proxy_temp_path "{{TMPDIR}}";
15 fastcgi_temp_path "{{TMPDIR}}";
16 uwsgi_temp_path "{{TMPDIR}}";
17 scgi_temp_path "{{TMPDIR}}";
18 geo $external_client {
26 server {{UPSTREAMHOST}}:{{CONTROLLERPORT}};
29 listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl;
30 server_name controller ~.*;
31 ssl_certificate "{{SSLCERT}}";
32 ssl_certificate_key "{{SSLKEY}}";
33 client_max_body_size 0;
35 proxy_pass http://controller;
36 proxy_set_header Upgrade $http_upgrade;
37 proxy_set_header Connection "upgrade";
38 proxy_set_header Host $http_host;
39 proxy_set_header X-External-Client $external_client;
40 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
41 proxy_set_header X-Forwarded-Proto https;
43 proxy_max_temp_file_size 0;
44 proxy_request_buffering off;
46 proxy_http_version 1.1;
49 upstream arv-git-http {
50 server {{UPSTREAMHOST}}:{{GITPORT}};
53 listen {{LISTENHOST}}:{{GITSSLPORT}} ssl;
54 server_name arv-git-http git.*;
55 ssl_certificate "{{SSLCERT}}";
56 ssl_certificate_key "{{SSLKEY}}";
58 proxy_pass http://arv-git-http;
59 proxy_set_header Host $http_host;
60 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
61 proxy_set_header X-Forwarded-Proto https;
66 server {{UPSTREAMHOST}}:{{KEEPPROXYPORT}};
69 listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl;
70 server_name keepproxy keep.*;
71 ssl_certificate "{{SSLCERT}}";
72 ssl_certificate_key "{{SSLKEY}}";
74 proxy_pass http://keepproxy;
75 proxy_set_header Host $http_host;
76 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
77 proxy_set_header X-Forwarded-Proto https;
80 client_max_body_size 67108864;
81 proxy_http_version 1.1;
82 proxy_request_buffering off;
86 server {{UPSTREAMHOST}}:{{KEEPWEBPORT}};
89 listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl;
90 server_name keep-web collections.* ~\.collections\.;
91 ssl_certificate "{{SSLCERT}}";
92 ssl_certificate_key "{{SSLKEY}}";
94 proxy_pass http://keep-web;
95 proxy_set_header Host $http_host;
96 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
97 proxy_set_header X-Forwarded-Proto https;
100 client_max_body_size 0;
101 proxy_http_version 1.1;
102 proxy_request_buffering off;
106 server {{UPSTREAMHOST}}:{{HEALTHPORT}};
109 listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl;
110 server_name health health.*;
111 ssl_certificate "{{SSLCERT}}";
112 ssl_certificate_key "{{SSLKEY}}";
114 proxy_pass http://health;
115 proxy_set_header Host $http_host;
116 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
117 proxy_set_header X-Forwarded-Proto https;
120 proxy_http_version 1.1;
121 proxy_request_buffering off;
125 listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl;
126 server_name keep-web-dl download.* ~.*;
127 ssl_certificate "{{SSLCERT}}";
128 ssl_certificate_key "{{SSLKEY}}";
130 proxy_pass http://keep-web;
131 proxy_set_header Host $http_host;
132 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
133 proxy_set_header X-Forwarded-Proto https;
136 client_max_body_size 0;
137 proxy_http_version 1.1;
138 proxy_request_buffering off;
142 server {{UPSTREAMHOST}}:{{WSPORT}};
145 listen {{LISTENHOST}}:{{WSSSLPORT}} ssl;
146 server_name websocket ws.*;
147 ssl_certificate "{{SSLCERT}}";
148 ssl_certificate_key "{{SSLKEY}}";
150 proxy_pass http://ws;
151 proxy_set_header Upgrade $http_upgrade;
152 proxy_set_header Connection "upgrade";
153 proxy_set_header Host $http_host;
154 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
155 proxy_set_header X-Forwarded-Proto https;
158 client_max_body_size 0;
159 proxy_http_version 1.1;
160 proxy_request_buffering off;
163 # wb1->wb2 redirects copied from
164 # /tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench_configuration.sls
165 map $request_uri $wb1_redirect {
168 ~^/actions\?uuid=(.*-4zz18-.*) /collections/$1;
169 ~^/actions\?uuid=(.*-j7d0g-.*) /projects/$1;
170 ~^/actions\?uuid=(.*-tpzed-.*) /projects/$1;
171 ~^/actions\?uuid=(.*-7fd4e-.*) /workflows/$1;
172 ~^/actions\?uuid=(.*-xvhdp-.*) /processes/$1;
173 ~^/actions\?uuid=(.*) /;
175 ^/work_units/(.*) /processes/$1;
176 ^/container_requests/(.*) /processes/$1;
177 ^/users/(.*) /user/$1;
178 ^/groups/(.*) /group/$1;
180 ^/virtual_machines.* /virtual-machines-admin;
181 ^/users/.*/virtual_machines /virtual-machines-user;
182 ^/authorized_keys.* /ssh-keys-admin;
183 ^/users/.*/ssh_keys /ssh-keys-user;
184 ^/containers.* /all_processes;
185 ^/container_requests /all_processes;
186 ^/job.* /all_processes;
187 ^/users/link_account /link_account;
188 ^/keep_services.* /keep-services;
189 ^/trash_items.* /trash;
193 ^/user_agreements.* /;
203 ^/uploaded_datasets.* /;
205 ^/pipeline_templates.* /;
206 ^/pipeline_instances.* /;
208 upstream workbench2 {
209 server {{UPSTREAMHOST}}:{{WORKBENCH2PORT}};
212 listen {{LISTENHOST}}:{{WORKBENCH2SSLPORT}} ssl;
213 listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl;
214 server_name workbench2 workbench2.* workbench1 workbench1.* workbench workbench.*;
215 ssl_certificate "{{SSLCERT}}";
216 ssl_certificate_key "{{SSLKEY}}";
219 return 301 $wb1_redirect;
222 # file download redirects
223 if ($arg_disposition = attachment) {
224 rewrite ^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect;
226 if ($arg_disposition = inline) {
227 rewrite ^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect;
231 proxy_pass http://workbench2;
232 proxy_set_header Host $http_host;
233 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
234 proxy_set_header X-Forwarded-Proto https;
projects / arvados.git / blob