2016-06-13 16:24:30 +02:00
|
|
|
server {
|
|
|
|
|
listen {{ http_port }};
|
|
|
|
|
server_name {{ item.servername }};
|
2016-09-19 19:29:58 +02:00
|
|
|
{% if letsencrypt_acme_install %}
|
2016-10-03 18:28:15 +02:00
|
|
|
include /etc/nginx/snippets/letsencrypt-proxy.conf;
|
2016-09-19 19:29:58 +02:00
|
|
|
{% endif %}
|
2016-10-03 18:28:15 +02:00
|
|
|
{% if not http_redirect_to_https %}
|
2016-09-19 19:29:58 +02:00
|
|
|
access_log /var/log/nginx/{{ item.servername }}_access.log;
|
|
|
|
|
error_log /var/log/nginx/{{ item.servername }}_error.log;
|
|
|
|
|
root /usr/share/nginx/html/;
|
2016-06-13 16:24:30 +02:00
|
|
|
|
2016-09-19 19:29:58 +02:00
|
|
|
client_max_body_size 100M;
|
2016-06-13 16:24:30 +02:00
|
|
|
|
2016-10-03 18:28:15 +02:00
|
|
|
{% if haproxy_ips is defined %}
|
|
|
|
|
# We are behind haproxy
|
|
|
|
|
{% for ip in haproxy_ips %}
|
|
|
|
|
set_real_ip_from {{ ip }};
|
|
|
|
|
{% endfor %}
|
|
|
|
|
real_ip_header X-Forwarded-For;
|
|
|
|
|
{% endif %}
|
|
|
|
|
|
2016-06-13 16:24:30 +02:00
|
|
|
# redirect server error pages to the static page /50x.html
|
|
|
|
|
#
|
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
|
location = /50x.html {
|
2016-09-19 19:29:58 +02:00
|
|
|
root /usr/share/nginx/html;
|
2016-06-13 16:24:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location = /favicon.ico {
|
|
|
|
|
log_not_found off;
|
|
|
|
|
access_log off;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location = /robots.txt {
|
|
|
|
|
allow all;
|
|
|
|
|
log_not_found off;
|
|
|
|
|
access_log off;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# don't send the nginx version number in error pages and Server header
|
|
|
|
|
server_tokens off;
|
|
|
|
|
|
|
|
|
|
# Proxy stuff
|
2016-10-03 18:28:15 +02:00
|
|
|
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
2016-10-08 12:28:08 +02:00
|
|
|
{% if nginx_websockets_support %}
|
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
|
{% endif %}
|
2016-09-19 19:29:58 +02:00
|
|
|
|
|
|
|
|
{% if r_connector_install %}
|
|
|
|
|
location /auth-sign-in {
|
|
|
|
|
rewrite ^/auth-sign-in http://{{ item.servername }}/r-connector/gcube/service/disconnect;
|
|
|
|
|
}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% for instance in tomcat_m_instances %}
|
|
|
|
|
{% for context in instance.app_contexts %}
|
2016-06-13 16:24:30 +02:00
|
|
|
location /{{ context }} {
|
|
|
|
|
proxy_pass http://localhost:{{ item.http_port }}/{{ context }};
|
|
|
|
|
}
|
2016-09-19 19:29:58 +02:00
|
|
|
{% endfor %}
|
|
|
|
|
{% endfor %}
|
|
|
|
|
{% if smart_executor_install %}
|
2016-06-13 16:24:30 +02:00
|
|
|
location {{ smart_executor_context }} {
|
|
|
|
|
proxy_pass http://localhost:{{ item.http_port }}{{ smart_executor_context }};
|
|
|
|
|
}
|
2016-09-19 19:29:58 +02:00
|
|
|
{% endif %}
|
|
|
|
|
{% if rstudio_install_server %}
|
|
|
|
|
location / {
|
|
|
|
|
proxy_pass http://localhost:8787/;
|
|
|
|
|
}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% else %}
|
|
|
|
|
location / {
|
|
|
|
|
return 301 https://{{ item.servername }}$request_uri;
|
|
|
|
|
}
|
|
|
|
|
{% endif %}
|
2016-10-03 18:28:15 +02:00
|
|
|
|
2016-09-19 19:29:58 +02:00
|
|
|
}
|
2016-10-03 18:28:15 +02:00
|
|
|
|
2016-09-19 19:29:58 +02:00
|
|
|
{% if letsencrypt_acme_install %}
|
|
|
|
|
server {
|
|
|
|
|
listen {{ https_port }} ssl;
|
|
|
|
|
server_name {{ item.servername }};
|
|
|
|
|
|
|
|
|
|
access_log /var/log/nginx/{{ item.servername }}_access_ssl.log;
|
|
|
|
|
error_log /var/log/nginx/{{ item.servername }}_error_ssl.log;
|
|
|
|
|
|
|
|
|
|
# This is the default for nginx on Ubuntu 14.04
|
|
|
|
|
root /usr/share/nginx/html/;
|
|
|
|
|
|
|
|
|
|
client_max_body_size 100M;
|
|
|
|
|
|
2016-10-03 18:35:07 +02:00
|
|
|
{% if haproxy_ips is defined %}
|
|
|
|
|
# We are behind haproxy
|
|
|
|
|
{% for ip in haproxy_ips %}
|
|
|
|
|
set_real_ip_from {{ ip }};
|
|
|
|
|
{% endfor %}
|
|
|
|
|
real_ip_header X-Forwarded-For;
|
|
|
|
|
{% endif %}
|
|
|
|
|
|
2016-10-03 18:28:15 +02:00
|
|
|
include /etc/nginx/snippets/nginx-server-ssl.conf;
|
|
|
|
|
|
2016-09-19 19:29:58 +02:00
|
|
|
# redirect server error pages to the static page /50x.html
|
|
|
|
|
#
|
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
|
location = /50x.html {
|
|
|
|
|
root /usr/share/nginx/html;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location = /favicon.ico {
|
|
|
|
|
log_not_found off;
|
|
|
|
|
access_log off;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location = /robots.txt {
|
|
|
|
|
allow all;
|
|
|
|
|
log_not_found off;
|
|
|
|
|
access_log off;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# don't send the nginx version number in error pages and Server header
|
|
|
|
|
server_tokens off;
|
|
|
|
|
|
|
|
|
|
# Proxy stuff
|
2016-10-03 18:28:15 +02:00
|
|
|
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
2016-10-08 12:28:08 +02:00
|
|
|
{% if nginx_websockets_support %}
|
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
|
{% endif %}
|
2016-09-19 19:29:58 +02:00
|
|
|
{% if r_connector_install %}
|
|
|
|
|
location /auth-sign-in {
|
|
|
|
|
rewrite ^/auth-sign-in http://{{ item.servername }}/r-connector/gcube/service/disconnect;
|
|
|
|
|
}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% for instance in tomcat_m_instances %}
|
|
|
|
|
{% for context in instance.app_contexts %}
|
|
|
|
|
location /{{ context }} {
|
|
|
|
|
proxy_pass http://localhost:{{ item.http_port }}/{{ context }};
|
|
|
|
|
}
|
|
|
|
|
{% endfor %}
|
|
|
|
|
{% endfor %}
|
|
|
|
|
{% if smart_executor_install %}
|
|
|
|
|
location {{ smart_executor_context }} {
|
|
|
|
|
proxy_pass http://localhost:{{ item.http_port }}{{ smart_executor_context }};
|
|
|
|
|
}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% if rstudio_install_server %}
|
|
|
|
|
location / {
|
|
|
|
|
proxy_pass http://localhost:8787/;
|
|
|
|
|
}
|
|
|
|
|
{% endif %}
|
2016-10-03 18:28:15 +02:00
|
|
|
|
2016-06-13 16:24:30 +02:00
|
|
|
}
|
2016-09-20 12:20:20 +02:00
|
|
|
{% endif %}
|
