Merge branch '20937-arv-copy-http' refs #20937

[arvados.git] / tools / salt-install / config_examples / multi_host / aws / pillars / nginx_controller_configuration.sls
diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls

index a48810e833cded5703adfcabe67104c5526e494f..5bd67a6ce4b1b7bbeeef6dd7744f902cec85eff3 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_controller_configuration.sls
@@ -4,6 +4,8 @@
  # SPDX-License-Identifier: AGPL-3.0
  
  {%- import_yaml "ssl_key_encrypted.sls" as ssl_key_encrypted_pillar %}
+{%- set balanced_controller = ("__ENABLE_BALANCER__"|to_bool) %}
+{%- set server_name = grains['fqdn'] if balanced_controller else "__DOMAIN__" %}
  
  ### NGINX
  nginx:
@@ -28,14 +30,36 @@ nginx:
          overwrite: true
          config:
            - server:
-            - server_name: __CLUSTER__.__DOMAIN__
+            - server_name: {{ server_name }}
              - listen:
                - 80 default
              - location /.well-known:
                - root: /var/www
+            {%- if balanced_controller %}
+            {%- set balancer_ip = salt['cmd.run']("getent hosts __BALANCER_NODENAME__ | awk '{print $1 ; exit}'", python_shell=True) %}
+            {%- set prometheus_ip = salt['cmd.run']("getent hosts __PROMETHEUS_NODENAME__ | awk '{print $1 ; exit}'", python_shell=True) %}
+            - index: index.html index.htm
+            - location /:
+              - allow: {{ balancer_ip }}
+              - allow: {{ prometheus_ip }}
+              - deny: all
+              - proxy_pass: 'http://controller_upstream'
+              - proxy_read_timeout: 300
+              - proxy_connect_timeout: 90
+              - proxy_redirect: 'off'
+              - proxy_max_temp_file_size: 0
+              - proxy_request_buffering: 'off'
+              - proxy_buffering: 'off'
+              - proxy_http_version: '1.1'
+            - access_log: /var/log/nginx/{{ server_name }}.access.log combined
+            - error_log: /var/log/nginx/{{ server_name }}.error.log
+            - client_max_body_size: 128m
+            {%- else %}
              - location /:
                - return: '301 https://$host$request_uri'
+            {%- endif %}
  
+      {%- if not balanced_controller %}
        arvados_controller_ssl.conf:
          enabled: true
          overwrite: true
@@ -43,7 +67,7 @@ nginx:
            __CERT_REQUIRES__
          config:
            - server:
-            - server_name: __CLUSTER__.__DOMAIN__
+            - server_name: {{ server_name }}
              - listen:
                - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
              - index: index.html index.htm
@@ -69,6 +93,7 @@ nginx:
              {%- if ssl_key_encrypted_pillar.ssl_key_encrypted.enabled %}
              - ssl_password_file: {{ '/run/arvados/' | path_join(ssl_key_encrypted_pillar.ssl_key_encrypted.privkey_password_filename) }}
              {%- endif %}
-            - access_log: /var/log/nginx/controller.__CLUSTER__.__DOMAIN__.access.log combined
-            - error_log: /var/log/nginx/controller.__CLUSTER__.__DOMAIN__.error.log
+            - access_log: /var/log/nginx/{{ server_name }}.access.log combined
+            - error_log: /var/log/nginx/{{ server_name }}.error.log
              - client_max_body_size: 128m
+      {%- endif %}