ansible-roles/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualh...

375 lines
12 KiB
Django/Jinja

server {
listen {{ http_port }};
{% if letsencrypt_acme_install %}
include /etc/nginx/snippets/letsencrypt-proxy.conf;
{% endif %}
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
return 404;
}
client_max_body_size {{ nginx_client_max_body_size | default('100M') }};
{% if egi_image is defined and egi_image %}
# No servername into the EGI images
{% elif hostname is defined %}
server_name _;
{% else %}
server_name {{ item.servername }} {% if smartgears_nginx_serveraliases is defined %}{% for vh in smartgears_nginx_serveraliases %} {{ vh }}{% endfor %}{% endif %};
{% endif %}
access_log /var/log/nginx/{{ item.servername }}_access.log;
error_log /var/log/nginx/{{ item.servername }}_error.log;
root {{ item.web_document_root | default('/usr/share/nginx/html/') }};
{% if haproxy_ips is defined %}
# We are behind haproxy
{% for ip in haproxy_ips %}
set_real_ip_from {{ ip }};
{% endfor %}
real_ip_header X-Forwarded-For;
{% endif %}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# don't send the nginx version number in error pages and Server header
server_tokens off;
{% if nginx_client_body_temp_dir is defined %}
client_body_temp_path {{ nginx_client_body_temp_dir }} 1 2;
{% endif %}
# Proxy stuff
include /etc/nginx/snippets/nginx-proxy-params.conf;
{% if nginx_websockets_support %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% endif %}
{% if r_connector_install is defined and r_connector_install %}
location /auth-sign-in {
rewrite ^/auth-sign-in http://{{ item.servername }}/r-connector/gcube/service/disconnect;
}
{% endif %}
location /whn-manager {
proxy_pass http://127.0.0.1:{{ item.http_port }}/whn-manager;
}
{% if not http_redirect_to_https %}
{% for instance in tomcat_m_instances %}
{% for context in instance.app_contexts %}
{% if context != "whn-manager" %}
{% if context != "uri-resolver" %}
{% if context != '' %}
location /{{ context }} {
{% if varnish_install is defined and varnish_install %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
{% else %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
{% endif %}
{% else %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
{% endif %}
{% else %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
proxy_pass http://127.0.0.1:{{ item.http_port }};
{% else %}
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
{% endif %}
{% else %}
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
{% endif %}
{% endif %}
}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}
{% if smart_executor_install is defined and smart_executor_install %}
location {{ smart_executor_context }} {
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}{{ smart_executor_context }};
}
{% endif %}
{% if data_transfer_service_install %}
location /data-transfer-service {
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/data-transfer-service;
}
{% endif %}
{% if tomcat_m_manager_install or tomcat_m_host_manager_install %}
{% if smartgears_tomcat_manager_exposed %}
location /manager {
{% for acl in smartgears_tomcat_manager_access_acls %}
{{ acl.policy }} {{ acl.address }};
{% endfor %}
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/manager;
}
{% endif %}
{% endif %}
{% if remote_opencpu_server is defined and remote_opencpu_server %}
location {{ opencpu_context | default('/ocpu') }} {
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
proxy_pass http://{{ remote_opencpu_host }}:{{ opencpu_proxy_port | default('8004') }}{{ opencpu_context | default('/ocpu') }};
}
{% endif %}
{% if smartgears_nginx_expose_tomcat_logs %}
location /gcube-logs/ {
alias {{ smartgears_instance_path }}/logs/;
autoindex on;
autoindex_localtime on;
}
{% endif %}
{% if rstudio_install_server is defined and rstudio_install_server %}
location / {
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
proxy_pass http://127.0.0.1:8787/;
}
{% endif %}
{% if smartgears_uri_resolver_install is defined and smartgears_uri_resolver_install %}
location /geonetwork {
{% for ip in ckan_ip_list %}
allow {{ ip }};
{% endfor %}
deny all;
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/uri-resolver/geonetwork;
}
location / {
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
rewrite ^ $request_uri;
rewrite ^/(.*) uri-resolver/$1 break;
return 400; #if the second rewrite won't match
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/$uri;
}
{% endif %}
{% if smartgears_special_redirect is defined %}
{% for target in smartgears_special_redirect %}
location {{ target.source_uri }} {
return 301 http://{{ target.dest_host }}/{{ target.dest_url }};
}
{% endfor %}
{% endif %}
{% else %}
location / {
return 301 https://{{ item.servername }}$request_uri;
}
{% endif %}
}
{% if letsencrypt_acme_install %}
server {
listen {{ https_port }} ssl;
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
return 404;
}
client_max_body_size {{ nginx_client_max_body_size | default('100M') }};
{% if egi_image is defined and egi_image %}
# No servername into the EGI images
{% elif hostname is defined %}
server_name _;
{% else %}
server_name {{ item.servername }} {% if smartgears_nginx_serveraliases is defined %}{% for vh in smartgears_nginx_serveraliases %} {{ vh }}{% endfor %}{% endif %};
{% endif %}
access_log /var/log/nginx/{{ item.servername }}_access_ssl.log;
error_log /var/log/nginx/{{ item.servername }}_error_ssl.log;
root {{ item.web_document_root | default('/usr/share/nginx/html/') }};
{% if haproxy_ips is defined %}
# We are behind haproxy
{% for ip in haproxy_ips %}
set_real_ip_from {{ ip }};
{% endfor %}
real_ip_header X-Forwarded-For;
{% endif %}
include /etc/nginx/snippets/nginx-server-ssl.conf;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# don't send the nginx version number in error pages and Server header
server_tokens off;
{% if nginx_client_body_temp_dir is defined %}
client_body_temp_path {{ nginx_client_body_temp_dir }} 1 2;
{% endif %}
# Proxy stuff
include /etc/nginx/snippets/nginx-proxy-params.conf;
{% if nginx_websockets_support %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% endif %}
{% if r_connector_install is defined and r_connector_install %}
location /auth-sign-in {
rewrite ^/auth-sign-in http://{{ item.servername }}/r-connector/gcube/service/disconnect;
}
{% endif %}
location /whn-manager {
proxy_pass http://127.0.0.1:{{ item.http_port }}/whn-manager;
}
{% for instance in tomcat_m_instances %}
{% for context in instance.app_contexts %}
{% if context != "whn-manager" %}
{% if context != "uri-resolver" %}
{% if context != '' %}
location /{{ context }} {
{% if varnish_install is defined and varnish_install %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
{% else %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
{% endif %}
{% else %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
{% endif %}
{% else %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
proxy_pass http://127.0.0.1:{{ item.http_port }};
{% else %}
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
{% endif %}
{% else %}
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
{% endif %}
{% endif %}
}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}
{% if smart_executor_install is defined and smart_executor_install %}
location {{ smart_executor_context }} {
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}{{ smart_executor_context }};
}
{% endif %}
{% if data_transfer_service_install %}
location /data-transfer-service {
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/data-transfer-service;
}
{% endif %}
{% if tomcat_m_manager_install or tomcat_m_host_manager_install %}
{% if smartgears_tomcat_manager_exposed %}
location /manager {
{% for acl in smartgears_tomcat_manager_access_acls %}
{{ acl.policy }} {{ acl.address }};
{% endfor %}
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/manager;
}
{% endif %}
{% endif %}
{% if remote_opencpu_server is defined and remote_opencpu_server %}
location {{ opencpu_context | default('/ocpu') }} {
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
proxy_pass http://{{ remote_opencpu_host }}:{{ opencpu_proxy_port | default('8004') }}{{ opencpu_context | default('/ocpu') }};
}
{% endif %}
{% if smartgears_nginx_expose_tomcat_logs %}
location /gcube-logs/ {
alias {{ smartgears_instance_path }}/logs/;
autoindex on;
autoindex_localtime on;
}
{% endif %}
{% if rstudio_install_server is defined and rstudio_install_server %}
location / {
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
proxy_pass http://127.0.0.1:8787/;
}
{% endif %}
{% if smartgears_uri_resolver_install is defined and smartgears_uri_resolver_install %}
location /geonetwork {
{% for ip in ckan_ip_list %}
allow {{ ip }};
{% endfor %}
deny all;
rewrite ^ $request_uri;
rewrite ^/(.*) uri-resolver/$1 break;
return 400; #if the second rewrite won't match
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/$uri;
}
location / {
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
rewrite ^ $request_uri;
rewrite ^/(.*) uri-resolver/$1 break;
return 400; #if the second rewrite won't match
proxy_pass http://127.0.0.1:{{ smartgears_http_port }}/$uri;
}
{% endif %}
{% if smartgears_special_redirect is defined %}
{% for target in smartgears_special_redirect %}
location {{ target.source_uri }} {
return 301 https://{{ target.dest_host }}/{{ target.dest_url }};
}
{% endfor %}
{% endif %}
}
{% endif %}