forked from ISTI-ansible-roles/ansible-roles
375 lines
12 KiB
Django/Jinja
375 lines
12 KiB
Django/Jinja
server {
|
|
listen {{ http_port }};
|
|
{% if letsencrypt_acme_install %}
|
|
include /etc/nginx/snippets/letsencrypt-proxy.conf;
|
|
{% endif %}
|
|
location ~ /\.(?!well-known).* {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
return 404;
|
|
}
|
|
|
|
client_max_body_size {{ nginx_client_max_body_size | default('100M') }};
|
|
{% if egi_image is defined and egi_image %}
|
|
# No servername into the EGI images
|
|
{% elif hostname is defined %}
|
|
server_name _;
|
|
{% else %}
|
|
server_name {{ item.servername }} {% if smartgears_nginx_serveraliases is defined %}{% for vh in smartgears_nginx_serveraliases %} {{ vh }}{% endfor %}{% endif %};
|
|
{% endif %}
|
|
access_log /var/log/nginx/{{ item.servername }}_access.log;
|
|
error_log /var/log/nginx/{{ item.servername }}_error.log;
|
|
root {{ item.web_document_root | default('/usr/share/nginx/html/') }};
|
|
|
|
{% if haproxy_ips is defined %}
|
|
# We are behind haproxy
|
|
{% for ip in haproxy_ips %}
|
|
set_real_ip_from {{ ip }};
|
|
{% endfor %}
|
|
real_ip_header X-Forwarded-For;
|
|
{% endif %}
|
|
|
|
# redirect server error pages to the static page /50x.html
|
|
#
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
}
|
|
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
# don't send the nginx version number in error pages and Server header
|
|
server_tokens off;
|
|
|
|
{% if nginx_client_body_temp_dir is defined %}
|
|
client_body_temp_path {{ nginx_client_body_temp_dir }} 1 2;
|
|
{% endif %}
|
|
|
|
# Proxy stuff
|
|
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
|
{% if nginx_websockets_support %}
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
{% endif %}
|
|
|
|
{% if r_connector_install is defined and r_connector_install %}
|
|
location /auth-sign-in {
|
|
rewrite ^/auth-sign-in http://{{ item.servername }}/r-connector/gcube/service/disconnect;
|
|
}
|
|
{% endif %}
|
|
location /whn-manager {
|
|
proxy_pass http://127.0.0.1:{{ item.http_port }}/whn-manager;
|
|
}
|
|
{% if not http_redirect_to_https %}
|
|
{% for instance in tomcat_m_instances %}
|
|
{% for context in instance.app_contexts %}
|
|
{% if context != "whn-manager" %}
|
|
{% if context != "uri-resolver" %}
|
|
{% if context != '' %}
|
|
location /{{ context }} {
|
|
{% if varnish_install is defined and varnish_install %}
|
|
{% if smartgears_nginx_cors_enabled %}
|
|
include /etc/nginx/snippets/nginx-cors.conf;
|
|
{% if nginx_cors_extended_rules %}
|
|
proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
|
|
{% else %}
|
|
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
|
|
{% endif %}
|
|
{% else %}
|
|
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
|
|
{% endif %}
|
|
{% else %}
|
|
{% if smartgears_nginx_cors_enabled %}
|
|
include /etc/nginx/snippets/nginx-cors.conf;
|
|
{% if nginx_cors_extended_rules %}
|
|
proxy_pass http://127.0.0.1:{{ item.http_port }};
|
|
{% else %}
|
|
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
|
|
{% endif %}
|
|
{% else %}
|
|
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
|
|
{% endif %}
|
|
{% endif %}
|
|
}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endfor %}
|
|
{% if smart_executor_install is defined and smart_executor_install %}
|
|
location {{ smart_executor_context }} {
|
|
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}{{ smart_executor_context }};
|
|
}
|
|
{% endif %}
|
|
{% if data_transfer_service_install %}
|
|
location /data-transfer-service {
|
|
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/data-transfer-service;
|
|
}
|
|
{% endif %}
|
|
{% if tomcat_m_manager_install or tomcat_m_host_manager_install %}
|
|
{% if smartgears_tomcat_manager_exposed %}
|
|
location /manager {
|
|
{% for acl in smartgears_tomcat_manager_access_acls %}
|
|
{{ acl.policy }} {{ acl.address }};
|
|
{% endfor %}
|
|
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/manager;
|
|
}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if remote_opencpu_server is defined and remote_opencpu_server %}
|
|
location {{ opencpu_context | default('/ocpu') }} {
|
|
{% if smartgears_nginx_cors_enabled %}
|
|
include /etc/nginx/snippets/nginx-cors.conf;
|
|
{% endif %}
|
|
proxy_pass http://{{ remote_opencpu_host }}:{{ opencpu_proxy_port | default('8004') }}{{ opencpu_context | default('/ocpu') }};
|
|
}
|
|
{% endif %}
|
|
|
|
{% if smartgears_nginx_expose_tomcat_logs %}
|
|
location /gcube-logs/ {
|
|
alias {{ smartgears_instance_path }}/logs/;
|
|
autoindex on;
|
|
autoindex_localtime on;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if rstudio_install_server is defined and rstudio_install_server %}
|
|
location / {
|
|
{% if smartgears_nginx_cors_enabled %}
|
|
include /etc/nginx/snippets/nginx-cors.conf;
|
|
{% endif %}
|
|
proxy_pass http://127.0.0.1:8787/;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if smartgears_uri_resolver_install is defined and smartgears_uri_resolver_install %}
|
|
location /geonetwork {
|
|
{% for ip in ckan_ip_list %}
|
|
allow {{ ip }};
|
|
{% endfor %}
|
|
deny all;
|
|
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/uri-resolver/geonetwork;
|
|
}
|
|
|
|
location / {
|
|
{% if smartgears_nginx_cors_enabled %}
|
|
include /etc/nginx/snippets/nginx-cors.conf;
|
|
{% endif %}
|
|
rewrite ^ $request_uri;
|
|
rewrite ^/(.*) uri-resolver/$1 break;
|
|
return 400; #if the second rewrite won't match
|
|
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/$uri;
|
|
}
|
|
{% endif %}
|
|
{% if smartgears_special_redirect is defined %}
|
|
{% for target in smartgears_special_redirect %}
|
|
location {{ target.source_uri }} {
|
|
return 301 http://{{ target.dest_host }}/{{ target.dest_url }};
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% else %}
|
|
location / {
|
|
return 301 https://{{ item.servername }}$request_uri;
|
|
}
|
|
{% endif %}
|
|
}
|
|
|
|
{% if letsencrypt_acme_install %}
|
|
server {
|
|
listen {{ https_port }} ssl;
|
|
location ~ /\.(?!well-known).* {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
return 404;
|
|
}
|
|
|
|
client_max_body_size {{ nginx_client_max_body_size | default('100M') }};
|
|
{% if egi_image is defined and egi_image %}
|
|
# No servername into the EGI images
|
|
{% elif hostname is defined %}
|
|
server_name _;
|
|
{% else %}
|
|
server_name {{ item.servername }} {% if smartgears_nginx_serveraliases is defined %}{% for vh in smartgears_nginx_serveraliases %} {{ vh }}{% endfor %}{% endif %};
|
|
{% endif %}
|
|
|
|
access_log /var/log/nginx/{{ item.servername }}_access_ssl.log;
|
|
error_log /var/log/nginx/{{ item.servername }}_error_ssl.log;
|
|
|
|
root {{ item.web_document_root | default('/usr/share/nginx/html/') }};
|
|
|
|
{% if haproxy_ips is defined %}
|
|
# We are behind haproxy
|
|
{% for ip in haproxy_ips %}
|
|
set_real_ip_from {{ ip }};
|
|
{% endfor %}
|
|
real_ip_header X-Forwarded-For;
|
|
{% endif %}
|
|
|
|
include /etc/nginx/snippets/nginx-server-ssl.conf;
|
|
|
|
# redirect server error pages to the static page /50x.html
|
|
#
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
}
|
|
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
|
|
# don't send the nginx version number in error pages and Server header
|
|
server_tokens off;
|
|
|
|
{% if nginx_client_body_temp_dir is defined %}
|
|
client_body_temp_path {{ nginx_client_body_temp_dir }} 1 2;
|
|
{% endif %}
|
|
|
|
# Proxy stuff
|
|
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
|
{% if nginx_websockets_support %}
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
{% endif %}
|
|
{% if r_connector_install is defined and r_connector_install %}
|
|
location /auth-sign-in {
|
|
rewrite ^/auth-sign-in http://{{ item.servername }}/r-connector/gcube/service/disconnect;
|
|
}
|
|
{% endif %}
|
|
location /whn-manager {
|
|
proxy_pass http://127.0.0.1:{{ item.http_port }}/whn-manager;
|
|
}
|
|
{% for instance in tomcat_m_instances %}
|
|
{% for context in instance.app_contexts %}
|
|
{% if context != "whn-manager" %}
|
|
{% if context != "uri-resolver" %}
|
|
{% if context != '' %}
|
|
location /{{ context }} {
|
|
{% if varnish_install is defined and varnish_install %}
|
|
{% if smartgears_nginx_cors_enabled %}
|
|
include /etc/nginx/snippets/nginx-cors.conf;
|
|
{% if nginx_cors_extended_rules %}
|
|
proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
|
|
{% else %}
|
|
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
|
|
{% endif %}
|
|
{% else %}
|
|
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
|
|
{% endif %}
|
|
{% else %}
|
|
{% if smartgears_nginx_cors_enabled %}
|
|
include /etc/nginx/snippets/nginx-cors.conf;
|
|
{% if nginx_cors_extended_rules %}
|
|
proxy_pass http://127.0.0.1:{{ item.http_port }};
|
|
{% else %}
|
|
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
|
|
{% endif %}
|
|
{% else %}
|
|
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
|
|
{% endif %}
|
|
{% endif %}
|
|
}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endfor %}
|
|
{% if smart_executor_install is defined and smart_executor_install %}
|
|
location {{ smart_executor_context }} {
|
|
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}{{ smart_executor_context }};
|
|
}
|
|
{% endif %}
|
|
{% if data_transfer_service_install %}
|
|
location /data-transfer-service {
|
|
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/data-transfer-service;
|
|
}
|
|
{% endif %}
|
|
{% if tomcat_m_manager_install or tomcat_m_host_manager_install %}
|
|
{% if smartgears_tomcat_manager_exposed %}
|
|
location /manager {
|
|
{% for acl in smartgears_tomcat_manager_access_acls %}
|
|
{{ acl.policy }} {{ acl.address }};
|
|
{% endfor %}
|
|
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/manager;
|
|
}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if remote_opencpu_server is defined and remote_opencpu_server %}
|
|
location {{ opencpu_context | default('/ocpu') }} {
|
|
{% if smartgears_nginx_cors_enabled %}
|
|
include /etc/nginx/snippets/nginx-cors.conf;
|
|
{% endif %}
|
|
proxy_pass http://{{ remote_opencpu_host }}:{{ opencpu_proxy_port | default('8004') }}{{ opencpu_context | default('/ocpu') }};
|
|
}
|
|
{% endif %}
|
|
|
|
{% if smartgears_nginx_expose_tomcat_logs %}
|
|
location /gcube-logs/ {
|
|
alias {{ smartgears_instance_path }}/logs/;
|
|
autoindex on;
|
|
autoindex_localtime on;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if rstudio_install_server is defined and rstudio_install_server %}
|
|
location / {
|
|
{% if smartgears_nginx_cors_enabled %}
|
|
include /etc/nginx/snippets/nginx-cors.conf;
|
|
{% endif %}
|
|
proxy_pass http://127.0.0.1:8787/;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if smartgears_uri_resolver_install is defined and smartgears_uri_resolver_install %}
|
|
location /geonetwork {
|
|
{% for ip in ckan_ip_list %}
|
|
allow {{ ip }};
|
|
{% endfor %}
|
|
deny all;
|
|
rewrite ^ $request_uri;
|
|
rewrite ^/(.*) uri-resolver/$1 break;
|
|
return 400; #if the second rewrite won't match
|
|
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/$uri;
|
|
}
|
|
|
|
location / {
|
|
{% if smartgears_nginx_cors_enabled %}
|
|
include /etc/nginx/snippets/nginx-cors.conf;
|
|
{% endif %}
|
|
rewrite ^ $request_uri;
|
|
rewrite ^/(.*) uri-resolver/$1 break;
|
|
return 400; #if the second rewrite won't match
|
|
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/$uri;
|
|
}
|
|
{% endif %}
|
|
{% if smartgears_special_redirect is defined %}
|
|
{% for target in smartgears_special_redirect %}
|
|
location {{ target.source_uri }} {
|
|
return 301 https://{{ target.dest_host }}/{{ target.dest_url }};
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
}
|
|
{% endif %}
|