X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/6eb3d1fb8fe71623fa63da46c250184cf2e4fbb8..14a6eb786a0d01e86ccae7645e880661caf6f0cb:/sdk/python/tests/nginx.conf?ds=sidebyside diff --git a/sdk/python/tests/nginx.conf b/sdk/python/tests/nginx.conf index 61966054a0..6010ee4bf7 100644 --- a/sdk/python/tests/nginx.conf +++ b/sdk/python/tests/nginx.conf @@ -1,19 +1,35 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: Apache-2.0 + daemon off; -error_log stderr info; # Yes, must be specified here _and_ cmdline +error_log "{{ERRORLOG}}" info; # Yes, must be specified here _and_ cmdline events { } http { - access_log /dev/stderr combined; + log_format customlog + '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port ' + '"$http_referer" "$http_user_agent"'; + access_log "{{ACCESSLOG}}" customlog; + client_body_temp_path "{{TMPDIR}}"; + proxy_temp_path "{{TMPDIR}}"; + fastcgi_temp_path "{{TMPDIR}}"; + uwsgi_temp_path "{{TMPDIR}}"; + scgi_temp_path "{{TMPDIR}}"; upstream arv-git-http { server localhost:{{GITPORT}}; } server { listen *:{{GITSSLPORT}} ssl default_server; - server_name _; - ssl_certificate {{SSLCERT}}; - ssl_certificate_key {{SSLKEY}}; + server_name arv-git-http; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; location / { proxy_pass http://arv-git-http; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; } } upstream keepproxy { @@ -21,11 +37,89 @@ http { } server { listen *:{{KEEPPROXYSSLPORT}} ssl default_server; - server_name _; - ssl_certificate {{SSLCERT}}; - ssl_certificate_key {{SSLKEY}}; + server_name keepproxy; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; location / { proxy_pass http://keepproxy; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; + + proxy_http_version 1.1; + proxy_request_buffering off; + } + } + upstream keep-web { + server localhost:{{KEEPWEBPORT}}; + } + server { + listen *:{{KEEPWEBSSLPORT}} ssl default_server; + server_name keep-web; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; + location / { + proxy_pass http://keep-web; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; + + client_max_body_size 0; + proxy_http_version 1.1; + proxy_request_buffering off; + } + } + server { + listen *:{{KEEPWEBDLSSLPORT}} ssl default_server; + server_name keep-web-dl ~.*; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; + location / { + proxy_pass http://keep-web; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; + + client_max_body_size 0; + proxy_http_version 1.1; + proxy_request_buffering off; + } + } + upstream ws { + server localhost:{{WSPORT}}; + } + server { + listen *:{{WSSPORT}} ssl default_server; + server_name websocket; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; + location / { + proxy_pass http://ws; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; + } + } + upstream controller { + server localhost:{{CONTROLLERPORT}}; + } + server { + listen *:{{CONTROLLERSSLPORT}} ssl default_server; + server_name controller; + ssl_certificate "{{SSLCERT}}"; + ssl_certificate_key "{{SSLKEY}}"; + location / { + proxy_pass http://controller; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_redirect off; } } }