Merge branch '15529-federated-user-accounts' refs #15529

[arvados.git] / tools / arvbox / lib / arvbox / docker / service / nginx / run

diff --git a/tools/arvbox/lib/arvbox/docker/service/nginx/run b/tools/arvbox/lib/arvbox/docker/service/nginx/run
index 18c56ce9dd3708e4e7230757f8a8a571ce64bcc1..0d60e74128365605a49194b27cb2cf9c09af9618 100755 (executable)
--- a/tools/arvbox/lib/arvbox/docker/service/nginx/run
+++ b/tools/arvbox/lib/arvbox/docker/service/nginx/run
@@ -114,6 +114,7 @@ server {
     server_name keep-web;
     ssl_certificate "${server_cert}";
     ssl_certificate_key "${server_cert_key}";
+    client_max_body_size 0;
     location  / {
       proxy_pass http://keep-web;
       proxy_set_header Host \$http_host;
@@ -123,6 +124,48 @@ server {
     }
   }
 
+
+  upstream keepproxy {
+    server localhost:${services[keepproxy]};
+  }
+  server {
+    listen *:${services[keepproxy-ssl]} ssl default_server;
+    server_name keepproxy;
+    ssl_certificate "${server_cert}";
+    ssl_certificate_key "${server_cert_key}";
+    client_max_body_size 128M;
+    location  / {
+      proxy_pass http://keepproxy;
+      proxy_set_header Host \$http_host;
+      proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+    }
+  }
+
+  upstream arvados-git-httpd {
+    server localhost:${services[arv-git-httpd]};
+  }
+  server {
+    listen *:${services[arv-git-httpd-ssl]} ssl default_server;
+    server_name arvados-git-httpd;
+    proxy_connect_timeout 90s;
+    proxy_read_timeout 300s;
+
+    ssl on;
+    ssl_certificate "${server_cert}";
+    ssl_certificate_key "${server_cert_key}";
+    client_max_body_size 50m;
+
+    location  / {
+      proxy_pass http://arvados-git-httpd;
+      proxy_set_header Host \$http_host;
+      proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+    }
+  }
+
 }
 
 EOF