nginx_conf.in 4.46 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
worker_processes {{ param_nginx_frontend['nb_workers'] }};

pid {{ param_nginx_frontend['path_pid'] }};
error_log {{ param_nginx_frontend['path_error_log'] }};

daemon off;

events {
	worker_connections 1024;
	accept_mutex off;
}

http {
     default_type application/octet-stream;
     access_log {{ param_nginx_frontend['path_access_log'] }} combined;
16 17 18 19
     map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
     }
20
     server {
21
        listen {{ param_nginx_frontend['local-ip'] }}:{{ param_nginx_frontend['port'] }};
22 23
        server_name _;

24
        keepalive_timeout 90s;
25 26 27 28 29 30 31
        client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
        proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
        fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }};
        uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }};
        scgi_temp_path {{ param_tempdir['scgi_temp_path'] }};
        location / {
            auth_basic  "Restricted";
32
            auth_basic_user_file   {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
33
            proxy_pass  http://{{ param_nginx_frontend['cloud9-ip'] }}:{{ param_nginx_frontend['cloud9-port'] }};
34 35 36
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            proxy_redirect off;
            proxy_buffering off;
37 38 39
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
40 41 42 43 44
            proxy_set_header        Host            $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
45 46 47 48 49 50 51 52 53 54 55 56 57 58
     server {
        listen [{{ param_nginx_frontend['global-ip'] }}]:{{ param_nginx_frontend['global-port'] }} ssl;
        server_name _;
        ssl_certificate     {{ param_nginx_frontend['ssl-certificate'] }};
        ssl_certificate_key {{ param_nginx_frontend['ssl-key'] }};
        ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;
        keepalive_timeout 90s;
        client_body_temp_path {{ param_tempdir['client_body_temp_path'] }};
        proxy_temp_path {{ param_tempdir['proxy_temp_path'] }};
        fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }};
        uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }};
        scgi_temp_path {{ param_tempdir['scgi_temp_path'] }};
        location / {
59 60 61 62 63 64 65 66 67 68 69 70 71
            proxy_pass  http://{{ param_nginx_frontend['runner-ip'] }}:{{ param_nginx_frontend['runner-port'] }};
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            auth_basic  "Restricted";
            auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
            proxy_redirect off;
            proxy_buffering off;
            proxy_set_header        Host              $host;
            proxy_set_header        X-Real-IP         $remote_addr;
            proxy_set_header        X-Forwarded-Proto $scheme;
            proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header        X-Forwarded-Host  $http_host;
        }
        location ~ ^(/login|/doLogin|/static|/setAccount|/configAccount|/slapgridResult) {
72 73 74 75 76 77 78 79 80 81
            proxy_pass  http://{{ param_nginx_frontend['runner-ip'] }}:{{ param_nginx_frontend['runner-port'] }};
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            proxy_redirect off;
            proxy_buffering off;
            proxy_set_header        Host              $host;
            proxy_set_header        X-Real-IP         $remote_addr;
            proxy_set_header        X-Forwarded-Proto $scheme;
            proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header        X-Forwarded-Host  $http_host;
        }
82
	location /shellinabox {
83
            proxy_pass  http://[::1]:{{ shellinabox_port }}/;
84
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
85
            auth_basic  "Restricted";
86
            auth_basic_user_file {{ param_nginx_frontend['etc_dir'] }}/.htpasswd;
87 88 89 90 91 92
            proxy_redirect off;
            proxy_buffering off;
            proxy_set_header        Host              $host;
            proxy_set_header        X-Real-IP         $remote_addr;
            proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
	}
93
    }
94
}