X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/45f10d80d1b584808a6e375214b5be6bc7d2a730..35db495717a628e0a6ef52a453b8d8ced793c41b:/sdk/python/tests/nginx.conf

diff --git a/sdk/python/tests/nginx.conf b/sdk/python/tests/nginx.conf
index 61966054a0..1716291fe8 100644
--- a/sdk/python/tests/nginx.conf
+++ b/sdk/python/tests/nginx.conf
@@ -1,31 +1,195 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
 daemon off;
-error_log stderr info;          # Yes, must be specified here _and_ cmdline
 events {
 }
 http {
-  access_log /dev/stderr combined;
+  log_format customlog
+    '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
+    '"$http_referer" "$http_user_agent"';
+  access_log "{{ACCESSLOG}}" customlog;
+  client_body_temp_path "{{TMPDIR}}";
+  proxy_temp_path "{{TMPDIR}}";
+  fastcgi_temp_path "{{TMPDIR}}";
+  uwsgi_temp_path "{{TMPDIR}}";
+  scgi_temp_path "{{TMPDIR}}";
+  geo $external_client {
+    default 1;
+    127.0.0.0/8 0;
+    ::1 0;
+    fd00::/8 0;
+    {{INTERNALSUBNETS}}
+  }
+  upstream controller {
+    server {{UPSTREAMHOST}}:{{CONTROLLERPORT}};
+  }
+  server {
+    listen {{LISTENHOST}}:{{CONTROLLERSSLPORT}} ssl;
+    server_name controller ~.*;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
+    client_max_body_size 0;
+    location  / {
+      proxy_pass http://controller;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header Host $http_host;
+      proxy_set_header X-External-Client $external_client;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+      proxy_max_temp_file_size 0;
+      proxy_request_buffering off;
+      proxy_buffering off;
+      proxy_http_version 1.1;
+    }
+  }
   upstream arv-git-http {
-    server localhost:{{GITPORT}};
+    server {{UPSTREAMHOST}}:{{GITPORT}};
   }
   server {
-    listen *:{{GITSSLPORT}} ssl default_server;
-    server_name _;
-    ssl_certificate {{SSLCERT}};
-    ssl_certificate_key {{SSLKEY}};
+    listen {{LISTENHOST}}:{{GITSSLPORT}} ssl;
+    server_name arv-git-http git.*;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
     location  / {
       proxy_pass http://arv-git-http;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
     }
   }
   upstream keepproxy {
-    server localhost:{{KEEPPROXYPORT}};
+    server {{UPSTREAMHOST}}:{{KEEPPROXYPORT}};
   }
   server {
-    listen *:{{KEEPPROXYSSLPORT}} ssl default_server;
-    server_name _;
-    ssl_certificate {{SSLCERT}};
-    ssl_certificate_key {{SSLKEY}};
+    listen {{LISTENHOST}}:{{KEEPPROXYSSLPORT}} ssl;
+    server_name keepproxy keep.*;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
     location  / {
       proxy_pass http://keepproxy;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+
+      client_max_body_size 67108864;
+      proxy_http_version 1.1;
+      proxy_request_buffering off;
+    }
+  }
+  upstream keep-web {
+    server {{UPSTREAMHOST}}:{{KEEPWEBPORT}};
+  }
+  server {
+    listen {{LISTENHOST}}:{{KEEPWEBSSLPORT}} ssl;
+    server_name keep-web collections.* ~\.collections\.;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
+    location  / {
+      proxy_pass http://keep-web;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+
+      client_max_body_size 0;
+      proxy_http_version 1.1;
+      proxy_request_buffering off;
+    }
+  }
+  upstream health {
+    server {{UPSTREAMHOST}}:{{HEALTHPORT}};
+  }
+  server {
+    listen {{LISTENHOST}}:{{HEALTHSSLPORT}} ssl;
+    server_name health health.*;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
+    location  / {
+      proxy_pass http://health;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+
+      proxy_http_version 1.1;
+      proxy_request_buffering off;
+    }
+  }
+  server {
+    listen {{LISTENHOST}}:{{KEEPWEBDLSSLPORT}} ssl;
+    server_name keep-web-dl download.* ~.*;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
+    location  / {
+      proxy_pass http://keep-web;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+
+      client_max_body_size 0;
+      proxy_http_version 1.1;
+      proxy_request_buffering off;
+    }
+  }
+  upstream ws {
+    server {{UPSTREAMHOST}}:{{WSPORT}};
+  }
+  server {
+    listen {{LISTENHOST}}:{{WSSSLPORT}} ssl;
+    server_name websocket ws.*;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
+    location  / {
+      proxy_pass http://ws;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "upgrade";
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+
+      client_max_body_size 0;
+      proxy_http_version 1.1;
+      proxy_request_buffering off;
+    }
+  }
+  upstream workbench1 {
+    server {{UPSTREAMHOST}}:{{WORKBENCH1PORT}};
+  }
+  server {
+    listen {{LISTENHOST}}:{{WORKBENCH1SSLPORT}} ssl;
+    server_name workbench1 workbench1.* workbench.*;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
+    location  / {
+      proxy_pass http://workbench1;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+    }
+  }
+  upstream workbench2 {
+    server {{UPSTREAMHOST}}:{{WORKBENCH2PORT}};
+  }
+  server {
+    listen {{LISTENHOST}}:{{WORKBENCH2SSLPORT}} ssl;
+    server_name workbench2 workbench2.*;
+    ssl_certificate "{{SSLCERT}}";
+    ssl_certificate_key "{{SSLKEY}}";
+    location / {
+      proxy_pass http://workbench2;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
     }
   }
 }