Start to test all json schema and files.
[slapos.git] / software / slaprunner / nginx_conf.in
1 worker_processes {{ param_nginx_frontend['nb_workers'] }};
2
3 pid {{ param_nginx_frontend['path_pid'] }};
4 error_log {{ param_nginx_frontend['path_error_log'] }};
5
6 daemon off;
7
8 events {
9         worker_connections 1024;
10         accept_mutex off;
11 }
12
13 http {
14      default_type application/octet-stream;
15      access_log {{ param_nginx_frontend['path_access_log'] }} combined;
16      client_max_body_size 10M;
17      map $http_upgrade $connection_upgrade {
18         default upgrade;
19         ''      close;
20      }
21      server {
22         listen [{{ param_nginx_frontend['global-ip'] }}]:{{ param_nginx_frontend['global-port'] }} ssl;
23         server_name _;
24         ssl_certificate     {{ param_nginx_frontend['ssl-certificate'] }};
25         ssl_certificate_key {{ param_nginx_frontend['ssl-key'] }};
26         ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
27         ssl_ciphers         HIGH:!aNULL:!MD5;
28         keepalive_timeout 90s;
29         client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
30         proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
31         fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }};
32         uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }};
33         scgi_temp_path {{ param_tempdir['scgi_temp_path'] }};
34         error_page 401 /login;
35         location / {
36             auth_basic "Restricted";
37             auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
38             proxy_redirect off;
39             proxy_set_header   X-Forwarded-Proto $scheme;
40             proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
41             proxy_set_header   X-Forwarded-Host  $http_host;
42             proxy_set_header   X-Accel-Mapping   /private/;
43
44             proxy_pass http://unix:{{ socket }};
45         }
46         location ~ ^(/login|/doLogin|/static|/setAccount|/configAccount|/slapgridResult|/isSRReady) {
47             proxy_redirect off;
48             proxy_set_header   X-Forwarded-Proto $scheme;
49             proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
50             proxy_set_header   X-Forwarded-Host  $http_host;
51             proxy_set_header   X-Accel-Mapping   /private/;
52
53             proxy_pass http://unix:{{ socket }};
54         }
55         location /shellinabox {
56             proxy_pass  http://[{{ param_nginx_frontend['global-ip'] }}]:{{ shellinabox_port }}/;
57             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
58             auth_basic "Restricted";
59             auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
60             proxy_redirect off;
61             proxy_buffering off;
62             proxy_set_header        Host              $host;
63             proxy_set_header        X-Real-IP         $remote_addr;
64             proxy_set_header        X-Forwarded-Proto $scheme;
65             proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
66             proxy_set_header        X-Forwarded-Host  $http_host;
67         }
68     }
69 }