X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/6ab314a9968a1e3b9d896be006f0d5964cb72522..095e176632bbf81d28a239742a1ecce12404bd2d:/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls index 72cdf0484b..081be151ef 100644 --- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls +++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_workbench2_configuration.sls @@ -37,70 +37,10 @@ nginx: - server_name: workbench2.__DOMAIN__ - listen: - __CONTROLLER_EXT_SSL_PORT__ http2 ssl - - index: index.html index.htm - - # REDIRECTS FROM WORKBENCH 1 TO WORKBENCH 2 - - # Paths that are not redirected because wb1 and wb2 have similar enough paths - # that a redirect is pointless and would create a redirect loop. - # rewrite ^/api_client_authorizations.* /api_client_authorizations redirect; - # rewrite ^/repositories.* /repositories redirect; - # rewrite ^/links.* /links redirect; - # rewrite ^/projects.* /projects redirect; - # rewrite ^/trash /trash redirect; - - # Redirects that include a uuid - - rewrite: '^/work_units/(.*) /processes/$1 redirect' - - rewrite: '^/container_requests/(.*) /processes/$1 redirect' - - rewrite: '^/users/(.*) /user/$1 redirect' - - rewrite: '^/groups/(.*) /group/$1 redirect' - - # Special file download redirects - - 'if ($arg_disposition = attachment)': - - rewrite: '^/collections/([^/]*)/(.*) /?redirectToDownload=/c=$1/$2? redirect' - - - 'if ($arg_disposition = inline)': - - rewrite: '^/collections/([^/]*)/(.*) /?redirectToPreview=/c=$1/$2? redirect' - - # Redirects that go to a roughly equivalent page - - rewrite: '^/virtual_machines.* /virtual-machines-admin redirect' - - rewrite: '^/users/.*/virtual_machines /virtual-machines-user redirect' - - rewrite: '^/authorized_keys.* /ssh-keys-admin redirect' - - rewrite: '^/users/.*/ssh_keys /ssh-keys-user redirect' - - rewrite: '^/containers.* /all_processes redirect' - - rewrite: '^/container_requests /all_processes redirect' - - rewrite: '^/job.* /all_processes redirect' - - rewrite: '^/users/link_account /link_account redirect' - - rewrite: '^/search.* /search-results redirect' - - rewrite: '^/keep_services.* /keep-services redirect' - - rewrite: '^/trash_items.* /trash redirect' - - # Redirects that don't have a good mapping and - # just go to root. - - rewrite: '^/themes.* / redirect' - - rewrite: '^/keep_disks.* / redirect' - - rewrite: '^/user_agreements.* / redirect' - - rewrite: '^/nodes.* / redirect' - - rewrite: '^/humans.* / redirect' - - rewrite: '^/traits.* / redirect' - - rewrite: '^/sessions.* / redirect' - - rewrite: '^/logout.* / redirect' - - rewrite: '^/logged_out.* / redirect' - - rewrite: '^/current_token / redirect' - - rewrite: '^/logs.* / redirect' - - rewrite: '^/factory_jobs.* / redirect' - - rewrite: '^/uploaded_datasets.* / redirect' - - rewrite: '^/specimens.* / redirect' - - rewrite: '^/pipeline_templates.* / redirect' - - rewrite: '^/pipeline_instances.* / redirect' - location /: - - root: /var/www/arvados-workbench2/workbench2 - - try_files: '$uri $uri/ /index.html' - - 'if (-f $document_root/maintenance.html)': - - return: 503 - - location /config.json: - - return: {{ "200 '" ~ '{"API_HOST":"__DOMAIN__:__CONTROLLER_EXT_SSL_PORT__"}' ~ "'" }} + - return: '301 https://workbench.__DOMAIN__$request_uri' + - include: snippets/ssl_hardening_default.conf - ssl_certificate: __CERT_PEM__ - ssl_certificate_key: __CERT_KEY__