X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/71be4f147153573074a3eff4bfa1be559bc091b5..742e976881831760bc83c2cd6ad3d735a8d7b877:/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls index 81d72aac74..11f6e85695 100644 --- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls +++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_keepproxy_configuration.sls @@ -11,13 +11,27 @@ nginx: ### STREAMS http: upstream keepproxy_upstream: - - server: '__HOSTNAME_INT__:25100 fail_timeout=10s' + - server: '__IP_INT__:25100 fail_timeout=10s' servers: managed: - arvados_keepproxy_ssl: + ### DEFAULT + arvados_keepproxy_default.conf: enabled: true overwrite: true + config: + - server: + - server_name: keep.__CLUSTER__.__DOMAIN__ + - listen: + - 80 + - location /: + - return: '301 https://$host$request_uri' + + arvados_keepproxy_ssl.conf: + enabled: true + overwrite: true + requires: + __CERT_REQUIRES__ config: - server: - server_name: __HOSTNAME_EXT__ @@ -38,6 +52,8 @@ nginx: - client_max_body_size: 64M - proxy_http_version: '1.1' - proxy_request_buffering: 'off' - - include: 'snippets/arvados-snakeoil.conf' + - include: snippets/ssl_hardening_default.conf + - ssl_certificate: __CERT_PEM__ + - ssl_certificate_key: __CERT_KEY__ - access_log: /var/log/nginx/keepproxy.__CLUSTER__.__DOMAIN__.access.log combined - error_log: /var/log/nginx/keepproxy.__CLUSTER__.__DOMAIN__.error.log