projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch '13647-load-old-config'
[arvados.git]
/
tools
/
arvbox
/
lib
/
arvbox
/
docker
/
service
/
nginx
/
run
diff --git
a/tools/arvbox/lib/arvbox/docker/service/nginx/run
b/tools/arvbox/lib/arvbox/docker/service/nginx/run
index 2353e949f7090093a02501afa57779f0dce6f649..18c56ce9dd3708e4e7230757f8a8a571ce64bcc1 100755
(executable)
--- a/
tools/arvbox/lib/arvbox/docker/service/nginx/run
+++ b/
tools/arvbox/lib/arvbox/docker/service/nginx/run
@@
-8,6
+8,8
@@
set -ex -o pipefail
. /usr/local/lib/arvbox/common.sh
. /usr/local/lib/arvbox/common.sh
+openssl verify -CAfile $root_cert $server_cert
+
cat <<EOF >/var/lib/arvados/nginx.conf
worker_processes auto;
pid /var/lib/arvados/nginx.pid;
cat <<EOF >/var/lib/arvados/nginx.conf
worker_processes auto;
pid /var/lib/arvados/nginx.pid;
@@
-46,8
+48,8
@@
http {
server {
listen *:${services[controller-ssl]} ssl default_server;
server_name controller;
server {
listen *:${services[controller-ssl]} ssl default_server;
server_name controller;
- ssl_certificate "
/var/lib/arvados/server-cert-${localip}.pem
";
- ssl_certificate_key "
/var/lib/arvados/server-cert-${localip}.key
";
+ ssl_certificate "
${server_cert}
";
+ ssl_certificate_key "
${server_cert_key}
";
location / {
proxy_pass http://controller;
proxy_set_header Host \$http_host;
location / {
proxy_pass http://controller;
proxy_set_header Host \$http_host;
@@
-68,8
+70,8
@@
server {
proxy_read_timeout 300s;
ssl on;
proxy_read_timeout 300s;
ssl on;
- ssl_certificate "
/var/lib/arvados/server-cert-${localip}.pem
";
- ssl_certificate_key "
/var/lib/arvados/server-cert-${localip}.key
";
+ ssl_certificate "
${server_cert}
";
+ ssl_certificate_key "
${server_cert_key}
";
location / {
proxy_pass http://arvados-ws;
location / {
proxy_pass http://arvados-ws;
@@
-86,8
+88,8
@@
server {
server {
listen *:${services[workbench2-ssl]} ssl default_server;
server_name workbench2;
server {
listen *:${services[workbench2-ssl]} ssl default_server;
server_name workbench2;
- ssl_certificate "
/var/lib/arvados/server-cert-${localip}.pem
";
- ssl_certificate_key "
/var/lib/arvados/server-cert-${localip}.key
";
+ ssl_certificate "
${server_cert}
";
+ ssl_certificate_key "
${server_cert_key}
";
location / {
proxy_pass http://workbench2;
proxy_set_header Host \$http_host;
location / {
proxy_pass http://workbench2;
proxy_set_header Host \$http_host;
@@
-110,8
+112,8
@@
server {
server {
listen *:${services[keep-web-ssl]} ssl default_server;
server_name keep-web;
server {
listen *:${services[keep-web-ssl]} ssl default_server;
server_name keep-web;
- ssl_certificate "
/var/lib/arvados/server-cert-${localip}.pem
";
- ssl_certificate_key "
/var/lib/arvados/server-cert-${localip}.key
";
+ ssl_certificate "
${server_cert}
";
+ ssl_certificate_key "
${server_cert_key}
";
location / {
proxy_pass http://keep-web;
proxy_set_header Host \$http_host;
location / {
proxy_pass http://keep-web;
proxy_set_header Host \$http_host;