software/slaprunner/nginx_conf.in

   1 worker_processes {{ param_nginx_frontend['nb_workers'] }};
   2
   3 pid {{ param_nginx_frontend['path_pid'] }};
   4 error_log {{ param_nginx_frontend['path_error_log'] }};
   5
   6 daemon off;
   7
   8 events {
   9         worker_connections 1024;
  10         accept_mutex off;
  11 }
  12
  13 http {
  14      default_type application/octet-stream;
  15      access_log {{ param_nginx_frontend['path_access_log'] }} combined;
  16      client_max_body_size 10M;
  17      map $http_upgrade $connection_upgrade {
  18         default upgrade;
  19         ''      close;
  20      }
  21      server {
  22         listen [{{ param_nginx_frontend['global-ip'] }}]:{{ param_nginx_frontend['global-port'] }} ssl;
  23         server_name _;
  24         ssl_certificate     {{ param_nginx_frontend['ssl-certificate'] }};
  25         ssl_certificate_key {{ param_nginx_frontend['ssl-key'] }};
  26         ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  27         ssl_ciphers         HIGH:!aNULL:!MD5;
  28         keepalive_timeout 90s;
  29         client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
  30         proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
  31         fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }};
  32         uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }};
  33         scgi_temp_path {{ param_tempdir['scgi_temp_path'] }};
  34         error_page 401 /login;
  35         location / {
  36             auth_basic "Restricted";
  37             auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
  38             proxy_redirect off;
  39             proxy_set_header   X-Forwarded-Proto $scheme;
  40             proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
  41             proxy_set_header   X-Forwarded-Host  $http_host;
  42             proxy_set_header   X-Accel-Mapping   /private/;
  43
  44             proxy_pass http://unix:{{ socket }};
  45         }
  46         location ~ ^(/login|/doLogin|/static|/setAccount|/configAccount|/slapgridResult|/isSRReady) {
  47             proxy_redirect off;
  48             proxy_set_header   X-Forwarded-Proto $scheme;
  49             proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
  50             proxy_set_header   X-Forwarded-Host  $http_host;
  51             proxy_set_header   X-Accel-Mapping   /private/;
  52
  53             proxy_pass http://unix:{{ socket }};
  54         }
  55         location /shellinabox {
  56             proxy_pass  http://[{{ param_nginx_frontend['global-ip'] }}]:{{ shellinabox_port }}/;
  57             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
  58             auth_basic "Restricted";
  59             auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
  60             proxy_redirect off;
  61             proxy_buffering off;
  62             proxy_set_header        Host              $host;
  63             proxy_set_header        X-Real-IP         $remote_addr;
  64             proxy_set_header        X-Forwarded-Proto $scheme;
  65             proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
  66             proxy_set_header        X-Forwarded-Host  $http_host;
  67         }
  68     }
  69 }