X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/44a02057129016d806b32cc5478bdffef1a565f8..032ecb480134f6138346865fba7732a836b809c6:/sdk/python/tests/nginx.conf diff --git a/sdk/python/tests/nginx.conf b/sdk/python/tests/nginx.conf index 85b4f5b37b..1716291fe8 100644 --- a/sdk/python/tests/nginx.conf +++ b/sdk/python/tests/nginx.conf @@ -3,7 +3,6 @@ # SPDX-License-Identifier: Apache-2.0 daemon off; -error_log "{{ERRORLOG}}" info; # Yes, must be specified here _and_ cmdline events { } http { @@ -16,12 +15,43 @@ http { fastcgi_temp_path "{{TMPDIR}}"; uwsgi_temp_path "{{TMPDIR}}"; scgi_temp_path "{{TMPDIR}}"; + geo $external_client { + default 1; + 127.0.0.0/8 0; + ::1 0; + fd00::/8 0; + {{INTERNALSUBNETS}} + } + upstream controller { + server {{UPSTREAMHOST}}:{{CONTROLLERPORT}}; + } + server { + listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl; + server_name controller ~.*; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; + client_max_body_size 0; + location / { + proxy_pass http://controller; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-External-Client $external_client; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; + proxy_max_temp_file_size 0; + proxy_request_buffering off; + proxy_buffering off; + proxy_http_version 1.1; + } + } upstream arv-git-http { - server {{LISTENHOST}}:{{GITPORT}}; + server {{UPSTREAMHOST}}:{{GITPORT}}; } server { - listen {{LISTENHOST}}:{{GITSSLPORT}} ssl default_server; - server_name arv-git-http; + listen {{LISTENHOST}}:{{GITSSLPORT}} ssl; + server_name arv-git-http git.*; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { @@ -33,11 +63,11 @@ http { } } upstream keepproxy { - server {{LISTENHOST}}:{{KEEPPROXYPORT}}; + server {{UPSTREAMHOST}}:{{KEEPPROXYPORT}}; } server { - listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl default_server; - server_name keepproxy; + listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl; + server_name keepproxy keep.*; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { @@ -47,16 +77,17 @@ http { proxy_set_header X-Forwarded-Proto https; proxy_redirect off; + client_max_body_size 67108864; proxy_http_version 1.1; proxy_request_buffering off; } } upstream keep-web { - server {{LISTENHOST}}:{{KEEPWEBPORT}}; + server {{UPSTREAMHOST}}:{{KEEPWEBPORT}}; } server { - listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl default_server; - server_name keep-web; + listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl; + server_name keep-web collections.* ~\.collections\.; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { @@ -72,11 +103,11 @@ http { } } upstream health { - server {{LISTENHOST}}:{{HEALTHPORT}}; + server {{UPSTREAMHOST}}:{{HEALTHPORT}}; } server { - listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl default_server; - server_name health; + listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl; + server_name health health.*; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { @@ -91,8 +122,8 @@ http { } } server { - listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl default_server; - server_name keep-web-dl ~.*; + listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl; + server_name keep-web-dl download.* ~.*; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { @@ -108,11 +139,11 @@ http { } } upstream ws { - server {{LISTENHOST}}:{{WSPORT}}; + server {{UPSTREAMHOST}}:{{WSPORT}}; } server { - listen {{LISTENHOST}}:{{WSSSLPORT}} ssl default_server; - server_name websocket; + listen {{LISTENHOST}}:{{WSSSLPORT}} ssl; + server_name websocket ws.*; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { @@ -123,14 +154,18 @@ http { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_redirect off; + + client_max_body_size 0; + proxy_http_version 1.1; + proxy_request_buffering off; } } upstream workbench1 { - server {{LISTENHOST}}:{{WORKBENCH1PORT}}; + server {{UPSTREAMHOST}}:{{WORKBENCH1PORT}}; } server { - listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl default_server; - server_name workbench1; + listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl; + server_name workbench1 workbench1.* workbench.*; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; location / { @@ -141,16 +176,16 @@ http { proxy_redirect off; } } - upstream controller { - server {{LISTENHOST}}:{{CONTROLLERPORT}}; + upstream workbench2 { + server {{UPSTREAMHOST}}:{{WORKBENCH2PORT}}; } server { - listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl default_server; - server_name controller; + listen {{LISTENHOST}}:{{WORKBENCH2SSLPORT}} ssl; + server_name workbench2 workbench2.*; ssl_certificate "{{SSLCERT}}"; ssl_certificate_key "{{SSLKEY}}"; - location / { - proxy_pass http://controller; + location / { + proxy_pass http://workbench2; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https;