X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/5f93585b16f2b5ac9c2e86f8dea876b310cbcf57..1d9e4de7a4ff994cfc7a9319dcae56bb26c272b3:/sdk/python/tests/nginx.conf diff --git a/sdk/python/tests/nginx.conf b/sdk/python/tests/nginx.conf index d8a207f2cf..6010ee4bf7 100644 --- a/sdk/python/tests/nginx.conf +++ b/sdk/python/tests/nginx.conf @@ -1,19 +1,35 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: Apache-2.0 + daemon off; -error_log stderr info; # Yes, must be specified here _and_ cmdline +error_log "{{ERRORLOG}}" info; # Yes, must be specified here _and_ cmdline events { } http { - access_log {{ACCESSLOG}} combined; + log_format customlog + '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port ' + '"$http_referer" "$http_user_agent"'; + access_log "{{ACCESSLOG}}" customlog; + client_body_temp_path "{{TMPDIR}}"; + proxy_temp_path "{{TMPDIR}}"; + fastcgi_temp_path "{{TMPDIR}}"; + uwsgi_temp_path "{{TMPDIR}}"; + scgi_temp_path "{{TMPDIR}}"; upstream arv-git-http { server localhost:{{GITPORT}}; } server { listen *:{{GITSSLPORT}} ssl default_server; - server_name _; - ssl_certificate {{SSLCERT}}; - ssl_certificate_key {{SSLKEY}}; + server_name arv-git-http; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; location / { proxy_pass http://arv-git-http; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; } } upstream keepproxy { @@ -21,11 +37,89 @@ http { } server { listen *:{{KEEPPROXYSSLPORT}} ssl default_server; - server_name _; - ssl_certificate {{SSLCERT}}; - ssl_certificate_key {{SSLKEY}}; + server_name keepproxy; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; location / { proxy_pass http://keepproxy; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; + + proxy_http_version 1.1; + proxy_request_buffering off; + } + } + upstream keep-web { + server localhost:{{KEEPWEBPORT}}; + } + server { + listen *:{{KEEPWEBSSLPORT}} ssl default_server; + server_name keep-web; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; + location / { + proxy_pass http://keep-web; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; + + client_max_body_size 0; + proxy_http_version 1.1; + proxy_request_buffering off; + } + } + server { + listen *:{{KEEPWEBDLSSLPORT}} ssl default_server; + server_name keep-web-dl ~.*; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; + location / { + proxy_pass http://keep-web; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; + + client_max_body_size 0; + proxy_http_version 1.1; + proxy_request_buffering off; + } + } + upstream ws { + server localhost:{{WSPORT}}; + } + server { + listen *:{{WSSPORT}} ssl default_server; + server_name websocket; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; + location / { + proxy_pass http://ws; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; + } + } + upstream controller { + server localhost:{{CONTROLLERPORT}}; + } + server { + listen *:{{CONTROLLERSSLPORT}} ssl default_server; + server_name controller; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; + location / { + proxy_pass http://controller; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; } } }