worker_processes {{ param_nginx_frontend['nb_workers'] }}; pid {{ param_nginx_frontend['path_pid'] }}; error_log {{ param_nginx_frontend['path_error_log'] }}; daemon off; events { worker_connections 1024; accept_mutex off; } http { default_type application/octet-stream; access_log {{ param_nginx_frontend['path_access_log'] }} combined; map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen {{ param_nginx_frontend['local-ip'] }}:{{ param_nginx_frontend['port'] }}; server_name _; keepalive_timeout 90s; client_body_temp_path {{ param_tempdir['client_body_temp_path'] }}; proxy_temp_path {{ param_tempdir['proxy_temp_path'] }}; fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }}; uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }}; scgi_temp_path {{ param_tempdir['scgi_temp_path'] }}; location / { auth_basic "Restricted"; auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd; proxy_pass http://{{ param_nginx_frontend['cloud9-ip'] }}:{{ param_nginx_frontend['cloud9-port'] }}; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen [{{ param_nginx_frontend['global-ip'] }}]:{{ param_nginx_frontend['global-port'] }} ssl; server_name _; ssl_certificate {{ param_nginx_frontend['ssl-certificate'] }}; ssl_certificate_key {{ param_nginx_frontend['ssl-key'] }}; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; keepalive_timeout 90s; client_body_temp_path {{ param_tempdir['client_body_temp_path'] }}; proxy_temp_path {{ param_tempdir['proxy_temp_path'] }}; fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }}; uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }}; scgi_temp_path {{ param_tempdir['scgi_temp_path'] }}; error_page 401 /login; location / { auth_basic "Restricted"; auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd; proxy_redirect off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Accel-Mapping /private/; proxy_pass http://unix:{{ socket }}; } location ~ ^(/login|/doLogin|/static|/setAccount|/configAccount|/slapgridResult) { proxy_redirect off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Accel-Mapping /private/; proxy_pass http://unix:{{ socket }}; } location /shellinabox { proxy_pass http://[{{ param_nginx_frontend['global-ip'] }}]:{{ shellinabox_port }}/; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; auth_basic "Restricted"; auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $http_host; } } }