projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'patch-1' of https://github.com/mr-c/arvados into mr-c-patch-1
[arvados.git] / sdk / python / tests / nginx.conf
diff --git a/sdk/python/tests/nginx.conf b/sdk/python/tests/nginx.conf
index c21ef95f2af3a18ea8f48352a9e2b780ea1b0e1f..85b4f5b37bc619b3da2076c130b2494d9f977956 100644 (file)
--- a/sdk/python/tests/nginx.conf
+++ b/sdk/python/tests/nginx.conf
@@ -8,15 +8,19 @@ events {
 }
 http {
   log_format customlog
-    '[$time_local] $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
+    '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
     '"$http_referer" "$http_user_agent"';
   access_log "{{ACCESSLOG}}" customlog;
   client_body_temp_path "{{TMPDIR}}";
+  proxy_temp_path "{{TMPDIR}}";
+  fastcgi_temp_path "{{TMPDIR}}";
+  uwsgi_temp_path "{{TMPDIR}}";
+  scgi_temp_path "{{TMPDIR}}";
   upstream arv-git-http {
-    server localhost:{{GITPORT}};
+    server {{LISTENHOST}}:{{GITPORT}};
   }
   server {
-    listen *:{{GITSSLPORT}} ssl default_server;
+    listen {{LISTENHOST}}:{{GITSSLPORT}} ssl default_server;
     server_name arv-git-http;
     ssl_certificate "{{SSLCERT}}";
     ssl_certificate_key "{{SSLKEY}}";
@@ -29,10 +33,10 @@ http {
     }
   }
   upstream keepproxy {
-    server localhost:{{KEEPPROXYPORT}};
+    server {{LISTENHOST}}:{{KEEPPROXYPORT}};
   }
   server {
-    listen *:{{KEEPPROXYSSLPORT}} ssl default_server;
+    listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl default_server;
     server_name keepproxy;
     ssl_certificate "{{SSLCERT}}";
     ssl_certificate_key "{{SSLKEY}}";
@@ -42,13 +46,16 @@ http {
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto https;
       proxy_redirect off;
+
+      proxy_http_version 1.1;
+      proxy_request_buffering off;
     }
   }
   upstream keep-web {
-    server localhost:{{KEEPWEBPORT}};
+    server {{LISTENHOST}}:{{KEEPWEBPORT}};
   }
   server {
-    listen *:{{KEEPWEBSSLPORT}} ssl default_server;
+    listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl default_server;
     server_name keep-web;
     ssl_certificate "{{SSLCERT}}";
     ssl_certificate_key "{{SSLKEY}}";
@@ -58,42 +65,53 @@ http {
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto https;
       proxy_redirect off;
+
+      client_max_body_size 0;
+      proxy_http_version 1.1;
+      proxy_request_buffering off;
+    }
+  }
+  upstream health {
+    server {{LISTENHOST}}:{{HEALTHPORT}};
+  }
+  server {
+    listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl default_server;
+    server_name health;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
+    location  / {
+      proxy_pass http://health;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+
+      proxy_http_version 1.1;
+      proxy_request_buffering off;
     }
   }
   server {
-    listen *:{{KEEPWEBDLSSLPORT}} ssl default_server;
+    listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl default_server;
     server_name keep-web-dl ~.*;
     ssl_certificate "{{SSLCERT}}";
     ssl_certificate_key "{{SSLKEY}}";
     location  / {
       proxy_pass http://keep-web;
+      proxy_set_header Host $http_host;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
 
-      # Unlike other proxy sections, here we need to override the
-      # requested Host header and use proxy_redirect because of the
-      # way the test suite orchestrates services. Keep-web's "download
-      # only" behavior relies on the Host header matching a configured
-      # value, but when run_test_servers.py writes keep-web's command
-      # line, the keep-web-dl TLS port (which clients will connect to
-      # and include in their Host header) has not yet been assigned.
-      #
-      # In production, "proxy_set_header Host $http_host;
-      # proxy_redirect off;" works: keep-web's redirect URLs will
-      # match the request URL received by Nginx.
-      #
-      # Here, keep-web will issue redirects to https://download/ and
-      # Nginx will rewrite them.
-      #
-      proxy_set_header Host  download;
-      proxy_redirect https://download/ https://$host:{{KEEPWEBDLSSLPORT}}/;
+      client_max_body_size 0;
+      proxy_http_version 1.1;
+      proxy_request_buffering off;
     }
   }
   upstream ws {
-    server localhost:{{WSPORT}};
+    server {{LISTENHOST}}:{{WSPORT}};
   }
   server {
-    listen *:{{WSSPORT}} ssl default_server;
+    listen {{LISTENHOST}}:{{WSSSLPORT}} ssl default_server;
     server_name websocket;
     ssl_certificate "{{SSLCERT}}";
     ssl_certificate_key "{{SSLKEY}}";
@@ -107,11 +125,27 @@ http {
       proxy_redirect off;
     }
   }
+  upstream workbench1 {
+    server {{LISTENHOST}}:{{WORKBENCH1PORT}};
+  }
+  server {
+    listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl default_server;
+    server_name workbench1;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
+    location  / {
+      proxy_pass http://workbench1;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+    }
+  }
   upstream controller {
-    server localhost:{{CONTROLLERPORT}};
+    server {{LISTENHOST}}:{{CONTROLLERPORT}};
   }
   server {
-    listen *:{{CONTROLLERSSLPORT}} ssl default_server;
+    listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl default_server;
     server_name controller;
     ssl_certificate "{{SSLCERT}}";
     ssl_certificate_key "{{SSLKEY}}";