# Copyright (C) The Arvados Authors. All rights reserved. # # SPDX-License-Identifier: Apache-2.0 daemon off; error_log "{{ERRORLOG}}" info; # Yes, must be specified here _and_ cmdline events { } http { access_log "{{ACCESSLOG}}" combined; client_body_temp_path "{{TMPDIR}}"; upstream arv-git-http { server localhost:{{GITPORT}}; } server { listen *:{{GITSSLPORT}} ssl default_server; server_name _; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { proxy_pass http://arv-git-http; } } upstream keepproxy { server localhost:{{KEEPPROXYPORT}}; } server { listen *:{{KEEPPROXYSSLPORT}} ssl default_server; server_name _; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { proxy_pass http://keepproxy; } } upstream keep-web { server localhost:{{KEEPWEBPORT}}; } server { listen *:{{KEEPWEBSSLPORT}} ssl default_server; server_name ~^(?.*)$; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { proxy_pass http://keep-web; proxy_set_header Host $request_host:{{KEEPWEBPORT}}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen *:{{KEEPWEBDLSSLPORT}} ssl default_server; server_name ~.*; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { proxy_pass http://keep-web; proxy_set_header Host download:{{KEEPWEBPORT}}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect //download:{{KEEPWEBPORT}}/ https://$host:{{KEEPWEBDLSSLPORT}}/; } } upstream ws { server localhost:{{WSPORT}}; } server { listen *:{{WSSPORT}} ssl default_server; server_name ~^(?.*)$; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { proxy_pass http://ws; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $request_host:{{WSPORT}}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } upstream controller { server localhost:{{CONTROLLERPORT}}; } server { listen *:{{CONTROLLERSSLPORT}} ssl default_server; server_name _; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { proxy_pass http://controller; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } }