forked from ISTI-ansible-roles/ansible-roles
New virtualhost template for the nginx instance that backs smartgears service. Much more flexible.
This commit is contained in:
parent
f7c965d545
commit
f43c3a638c
|
@ -3,6 +3,7 @@ setup_nginx: False
|
|||
http_redirect_to_https: False
|
||||
letsencrypt_acme_install: False
|
||||
smartgears_install_generic_virthost: True
|
||||
smartgears_install_common_nginx_virthualhost: False
|
||||
#smartgears_nginx_serveraliases:
|
||||
smartgears_nginx_cors_enabled: False
|
||||
nginx_cors_acl_origin: ''
|
||||
|
@ -16,3 +17,26 @@ smartgears_tomcat_manager_access_acls:
|
|||
|
||||
smartgears_nginx_expose_tomcat_logs: False
|
||||
smartgears_nginx_rw_html_root: False
|
||||
|
||||
smartgears_nginx_virtualhosts:
|
||||
- virthost_name: '{{ smartgears_tomcat_servername }}'
|
||||
smartgears_id: '{{ smartgears_instance_id }}'
|
||||
#listen: '{{ http_port }}'
|
||||
server_name: '{{ smartgears_tomcat_servername }}'
|
||||
ssl_enabled: True
|
||||
ssl_only: '{{ http_redirect_to_https }}'
|
||||
ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}'
|
||||
smartgears_over_ssl: False
|
||||
smartgears_http_port: '{{ smartgears_http_port }}'
|
||||
root: '{{ smartgears_web_document_root }}'
|
||||
server_tokens: 'off'
|
||||
index: index.html index.do
|
||||
max_body: '{{ nginx_client_max_body_size }}'
|
||||
user: '{{ smartgears_user }}'
|
||||
proxy_standard_setup: True
|
||||
# locations:
|
||||
# - location: /yam
|
||||
# other_opts:
|
||||
# - 'try_files $uri $uri/ $uri.php$is_args$query_string'
|
||||
# - location: ~ \.php$
|
||||
# php_target: '{{ phpfpm_listen_host }}:{{ phpfpm_listen_port }}'
|
||||
|
|
|
@ -1,41 +1,69 @@
|
|||
---
|
||||
# Install the nginx virtualhosts
|
||||
- name: Install the nginx virtualhost, if a specific one has been defined
|
||||
template: src={{ item.servername }}-virtualhost.j2 dest=/etc/nginx/sites-available/{{ item.servername }} owner=root group=root mode=0444
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
when: not smartgears_install_generic_virthost
|
||||
notify: Reload nginx
|
||||
# If bot smartgears_install_generic_virthost and smartgears_install_common_nginx_virthualhost are True, we prefer the latter
|
||||
- block:
|
||||
- name: Install the nginx generic virtualhost
|
||||
template: src=nginx-smartgears-virtualhost.j2 dest=/etc/nginx/sites-available/{{ item.virthost_name }} owner=root group=root mode=0444
|
||||
with_items: '{{ smartgears_nginx_virtualhosts }}'
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Enable the nginx virtualhosts
|
||||
file: src=/etc/nginx/sites-available/{{ item.virthost_name }} dest=/etc/nginx/sites-enabled/smartgears_{{ item.smartgears_id }}.conf state=link
|
||||
with_items: '{{ smartgears_nginx_virtualhosts }}'
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Give the smartgears user access to the document root, and create it if needed
|
||||
file: dest={{ item.root}} state=directory owner={{ item.user }} group={{ item.user }} mode=0755
|
||||
with_items: '{{ smartgears_nginx_virtualhosts }}'
|
||||
when: smartgears_nginx_rw_html_root
|
||||
notify: Reload nginx
|
||||
tags: [ 'nginx', 'virtualhost', 'web_root' ]
|
||||
|
||||
tags: [ 'nginx', 'virtualhost' ]
|
||||
when: smartgears_install_common_nginx_virthualhost
|
||||
|
||||
- block:
|
||||
- name: Install the nginx generic virtualhost (old, to be replaced by a newer template)
|
||||
template: src=generic-smartgears-virtualhost.j2 dest=/etc/nginx/sites-available/{{ item.servername }} owner=root group=root mode=0444
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
when: smartgears_install_generic_virthost
|
||||
notify: Reload nginx
|
||||
tags: [ 'nginx', 'virtualhost' ]
|
||||
|
||||
- name: Install the nginx virtualhost, if a specific one has been defined
|
||||
template: src={{ item.servername }}-virtualhost.j2 dest=/etc/nginx/sites-available/{{ item.servername }} owner=root group=root mode=0444
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
when: not smartgears_install_generic_virthost
|
||||
notify: Reload nginx
|
||||
tags: [ 'nginx', 'virtualhost' ]
|
||||
|
||||
- name: Enable the nginx virtualhosts (old style)
|
||||
file: src=/etc/nginx/sites-available/{{ item.servername }} dest=/etc/nginx/sites-enabled/smartgears_{{ item.smartgears_id }}.conf state=link
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
notify: Reload nginx
|
||||
tags: [ 'nginx', 'virtualhost' ]
|
||||
|
||||
- name: Give the smartgears user access to the document root, and create it if needed (old style)
|
||||
file: dest={{ item.web_document_root}} state=directory owner={{ item.user }} group={{ item.user }} mode=0755
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
when: smartgears_nginx_rw_html_root
|
||||
notify: Reload nginx
|
||||
tags: [ 'nginx', 'virtualhost', 'web_root' ]
|
||||
|
||||
when: not smartgears_install_common_nginx_virthualhost
|
||||
tags: [ 'nginx', 'virtualhost' ]
|
||||
|
||||
- name: Install the nginx generic virtualhost
|
||||
template: src=generic-smartgears-virtualhost.j2 dest=/etc/nginx/sites-available/{{ item.servername }} owner=root group=root mode=0444
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
when: smartgears_install_generic_virthost
|
||||
notify: Reload nginx
|
||||
|
||||
- block:
|
||||
- name: Remove the old hostname based virtualhost filename
|
||||
file: dest=/etc/nginx/sites-enabled/{{ item.servername }}.conf state=absent
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Remove the old ubuntu.conf virtualhost filename
|
||||
file: dest=/etc/nginx/sites-enabled/ubuntu.conf state=absent
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
notify: Reload nginx
|
||||
|
||||
tags: [ 'nginx', 'virtualhost' ]
|
||||
|
||||
- name: Enable the nginx virtualhosts
|
||||
file: src=/etc/nginx/sites-available/{{ item.servername }} dest=/etc/nginx/sites-enabled/smartgears_{{ item.smartgears_id }}.conf state=link
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
notify: Reload nginx
|
||||
tags: [ 'nginx', 'virtualhost' ]
|
||||
|
||||
- name: Remove the old hostname based virtualhost filename
|
||||
file: dest=/etc/nginx/sites-enabled/{{ item.servername }}.conf state=absent
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
notify: Reload nginx
|
||||
tags: [ 'nginx', 'virtualhost' ]
|
||||
|
||||
- name: Remove the old ubuntu.conf virtualhost filename
|
||||
file: dest=/etc/nginx/sites-enabled/ubuntu.conf state=absent
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
notify: Reload nginx
|
||||
tags: [ 'nginx', 'virtualhost' ]
|
||||
|
||||
- name: Give the smartgears user access to the document root, and create it if needed
|
||||
file: dest={{ item.web_document_root}} state=directory owner={{ item.user }} group={{ item.user }} mode=0755
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
when: smartgears_nginx_rw_html_root
|
||||
notify: Reload nginx
|
||||
tags: [ 'nginx', 'virtualhost', 'web_root' ]
|
||||
|
||||
|
|
|
@ -0,0 +1,615 @@
|
|||
{% if nginx_websockets_support is defined and nginx_websockets_support %}
|
||||
include /etc/nginx/snippets/nginx-websockets.conf;
|
||||
{% elif item.websockets is defined and item.websockets %}
|
||||
include /etc/nginx/snippets/nginx-websockets.conf;
|
||||
{% endif %}
|
||||
|
||||
server {
|
||||
listen {{ item.listen | default ('80') }};
|
||||
{% if egi_image is defined and egi_image %}
|
||||
# No servername into the EGI images
|
||||
{% elif hostname is defined %}
|
||||
server_name _;
|
||||
{% else %}
|
||||
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
|
||||
{% endif %}
|
||||
|
||||
location ~ /\.(?!well-known).* {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
return 404;
|
||||
}
|
||||
|
||||
{% if letsencrypt_acme_install %}
|
||||
include /etc/nginx/snippets/letsencrypt-proxy.conf;
|
||||
{% endif %}
|
||||
|
||||
{% if item.access_log is defined %}
|
||||
access_log {{ item.access_log }};
|
||||
{% else %}
|
||||
access_log /var/log/nginx/{{ item.server_name }}_access.log;
|
||||
{% endif %}
|
||||
|
||||
{% if item.error_log is defined %}
|
||||
error_log {{ item.error_log }};
|
||||
{% else %}
|
||||
error_log /var/log/nginx/{{ item.server_name }}_error.log;
|
||||
{% endif %}
|
||||
|
||||
server_tokens {{ item.server_tokens | default('off') }};
|
||||
|
||||
{% if item.ssl_enabled and item.ssl_only %}
|
||||
{% if item.smartgears_over_ssl %}
|
||||
location / {
|
||||
return 301 https://{{ item.server_name }}$request_uri;
|
||||
}
|
||||
{% else %}
|
||||
# Smartgears answers over http
|
||||
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
||||
{% if r_connector_install is defined and r_connector_install %}
|
||||
location /auth-sign-in {
|
||||
rewrite ^/auth-sign-in http://{{ item.virthost_name }}/r-connector/gcube/service/disconnect;
|
||||
}
|
||||
{% endif %}
|
||||
location /whn-manager {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/whn-manager;
|
||||
}
|
||||
|
||||
{% if smart_executor_install is defined and smart_executor_install %}
|
||||
location {{ smart_executor_context }} {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }};
|
||||
}
|
||||
{% endif %}
|
||||
{% if data_transfer_service_install %}
|
||||
location /data-transfer-service {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
location / {
|
||||
return 301 https://{{ item.server_name }}$request_uri;
|
||||
}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
|
||||
root {{ item.root | default('/usr/share/nginx/html/') }};
|
||||
index {{ item.index | default('index.html index.htm') }};
|
||||
error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }};
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
return 404;
|
||||
}
|
||||
{% if haproxy_ips is defined %}
|
||||
# We are behind haproxy
|
||||
{% for ip in haproxy_ips %}
|
||||
set_real_ip_from {{ ip }};
|
||||
{% endfor %}
|
||||
real_ip_header X-Forwarded-For;
|
||||
{% endif %}
|
||||
|
||||
{% if item.max_body is defined %}
|
||||
client_max_body_size {{ item.max_body }};
|
||||
{% else %}
|
||||
client_max_body_size {{ nginx_client_max_body_size }};
|
||||
{% endif %}
|
||||
|
||||
{% if item.body_timeout is defined %}
|
||||
client_body_timeout {{ item.body_timeout }};
|
||||
{% else %}
|
||||
client_body_timeout {{ nginx_client_body_timeout }};
|
||||
{% endif %}
|
||||
|
||||
{% if nginx_cors_enabled %}
|
||||
{% if nginx_cors_global %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if item.additional_options is defined %}
|
||||
{% for add_opt in item.additional_options %}
|
||||
{{ add_opt }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if item.http_acls is defined %}
|
||||
{% for acl in item.http_acls %}
|
||||
{{ acl }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if nginx_websockets_support is defined and nginx_websockets_support %}
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
{% elif item.websockets is defined and item.websockets %}
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
{% endif %}
|
||||
|
||||
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
||||
{% if item.proxy_additional_options is defined %}
|
||||
{% for popt in item.proxy_additional_options %}
|
||||
{{ popt }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
# Smartgears special urls - start
|
||||
{% if r_connector_install is defined and r_connector_install %}
|
||||
location /auth-sign-in {
|
||||
rewrite ^/auth-sign-in http://{{ item.virthost_name }}/r-connector/gcube/service/disconnect;
|
||||
}
|
||||
{% endif %}
|
||||
location /whn-manager {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/whn-manager;
|
||||
}
|
||||
|
||||
{% if smart_executor_install is defined and smart_executor_install %}
|
||||
location {{ smart_executor_context }} {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }};
|
||||
}
|
||||
{% endif %}
|
||||
{% if data_transfer_service_install %}
|
||||
location /data-transfer-service {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service;
|
||||
}
|
||||
{% endif %}
|
||||
# Smartgears special urls - end
|
||||
|
||||
# Smartgears targets - start
|
||||
{% for instance in tomcat_m_instances %}
|
||||
{% for context in instance.app_contexts %}
|
||||
{% if context != "whn-manager" %}
|
||||
{% if context != "uri-resolver" %}
|
||||
{% if context != '' %}
|
||||
location /{{ context }} {
|
||||
{% if varnish_install is defined and varnish_install %}
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% if nginx_cors_extended_rules %}
|
||||
proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
|
||||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% if nginx_cors_extended_rules %}
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }};
|
||||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% if smart_executor_install is defined and smart_executor_install %}
|
||||
location {{ smart_executor_context }} {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }};
|
||||
}
|
||||
{% endif %}
|
||||
{% if data_transfer_service_install %}
|
||||
location /data-transfer-service {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service;
|
||||
}
|
||||
{% endif %}
|
||||
{% if tomcat_m_manager_install or tomcat_m_host_manager_install %}
|
||||
{% if smartgears_tomcat_manager_exposed %}
|
||||
location /manager {
|
||||
{% for acl in smartgears_tomcat_manager_access_acls %}
|
||||
{{ acl.policy }} {{ acl.address }};
|
||||
{% endfor %}
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/manager;
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if remote_opencpu_server is defined and remote_opencpu_server %}
|
||||
location {{ opencpu_context | default('/ocpu') }} {
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
proxy_pass http://{{ remote_opencpu_host }}:{{ opencpu_proxy_port | default('8004') }}{{ opencpu_context | default('/ocpu') }};
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if smartgears_nginx_expose_tomcat_logs %}
|
||||
location /gcube-logs/ {
|
||||
alias {{ smartgears_instance_path }}/logs/;
|
||||
autoindex on;
|
||||
autoindex_localtime on;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if rstudio_install_server is defined and rstudio_install_server %}
|
||||
location / {
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
proxy_pass http://127.0.0.1:8787/;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if smartgears_uri_resolver_install is defined and smartgears_uri_resolver_install %}
|
||||
location /geonetwork {
|
||||
{% for ip in ckan_ip_list %}
|
||||
allow {{ ip }};
|
||||
{% endfor %}
|
||||
deny all;
|
||||
rewrite ^ $request_uri;
|
||||
rewrite ^/(.*) uri-resolver/$1 break;
|
||||
return 400; #if the second rewrite won't match
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/$uri;
|
||||
}
|
||||
|
||||
location / {
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
rewrite ^ $request_uri;
|
||||
rewrite ^/(.*) uri-resolver/$1 break;
|
||||
return 400; #if the second rewrite won't match
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/$uri;
|
||||
}
|
||||
{% endif %}
|
||||
# Smartgears targets - end
|
||||
|
||||
{% if item.locations is defined %}
|
||||
{% for location in item.locations -%}
|
||||
|
||||
location {{ location.location }} {
|
||||
|
||||
{% if nginx_cors_enabled %}
|
||||
{% if not nginx_cors_global %}
|
||||
{% if location.cors is defined and location.cors %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if location.target is defined %}
|
||||
proxy_pass {{ location.target }};
|
||||
{% elif location.php_target is defined %}
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass {{ location.php_target }};
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param REMOTE_ADDR $http_x_forwarded_for;
|
||||
#fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
include fastcgi_params;
|
||||
{% endif %}
|
||||
|
||||
{% if location.websockets is defined and location.websockets %}
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
{% endif %}
|
||||
|
||||
{% if location.extra_conf is defined %}
|
||||
{{ location.extra_conf }}
|
||||
{% endif %}
|
||||
|
||||
{% if location.acls is defined %}
|
||||
{% for acl in location.acls %}
|
||||
{{ acl }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if location.other_opts is defined %}
|
||||
{% for opt in location.other_opts %}
|
||||
{{ opt }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if item.extra_parameters is defined %}
|
||||
{{ item.extra_parameters }}
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if item.ssl_enabled %}
|
||||
server {
|
||||
listen {{ https_port | default('443') }} {{ nginx_ssl_type }};
|
||||
{% if egi_image is defined and egi_image %}
|
||||
# No servername into the EGI images
|
||||
{% elif hostname is defined %}
|
||||
server_name _;
|
||||
{% else %}
|
||||
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
|
||||
{% endif %}
|
||||
|
||||
{% if item.access_log is defined %}
|
||||
access_log {{ item.access_log }};
|
||||
{% else %}
|
||||
access_log /var/log/nginx/{{ item.server_name }}_ssl_access.log;
|
||||
{% endif %}
|
||||
|
||||
{% if item.error_log is defined %}
|
||||
error_log {{ item.error_log }};
|
||||
{% else %}
|
||||
error_log /var/log/nginx/{{ item.server_name }}_ssl_error.log;
|
||||
{% endif %}
|
||||
|
||||
root {{ item.root | default('/usr/share/nginx/html/') }};
|
||||
index {{ item.index | default('index.html index.htm') }};
|
||||
error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }};
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
}
|
||||
|
||||
{% if haproxy_ips is defined %}
|
||||
# We are behind haproxy
|
||||
{% for ip in haproxy_ips %}
|
||||
set_real_ip_from {{ ip }};
|
||||
{% endfor %}
|
||||
real_ip_header X-Forwarded-For;
|
||||
{% endif %}
|
||||
|
||||
{% if item.max_body is defined %}
|
||||
client_max_body_size {{ item.max_body }};
|
||||
{% else %}
|
||||
client_max_body_size {{ nginx_client_max_body_size }};
|
||||
{% endif %}
|
||||
{% if item.body_timeout is defined %}
|
||||
client_body_timeout {{ item.body_timeout }};
|
||||
{% else %}
|
||||
client_body_timeout {{ nginx_client_body_timeout }};
|
||||
{% endif %}
|
||||
|
||||
include /etc/nginx/snippets/nginx-server-ssl.conf;
|
||||
|
||||
server_tokens {{ item.server_tokens | default('off') }};
|
||||
|
||||
{% if nginx_cors_enabled %}
|
||||
{% if nginx_cors_global %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if nginx_websockets_support is defined and nginx_websockets_support %}
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
{% elif item.websockets is defined and item.websockets %}
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
{% endif %}
|
||||
|
||||
{% if item.additional_options is defined %}
|
||||
{% for add_opt in item.additional_options %}
|
||||
{{ add_opt }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if item.https_acls is defined %}
|
||||
{% for acl in item.https_acls %}
|
||||
{{ acl }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
||||
|
||||
{% if item.proxy_additional_options is defined %}
|
||||
{% for popt in item.proxy_additional_options %}
|
||||
{{ popt }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
# Smartgears special urls - start
|
||||
{% if r_connector_install is defined and r_connector_install %}
|
||||
location /auth-sign-in {
|
||||
rewrite ^/auth-sign-in http://{{ item.virthost_name }}/r-connector/gcube/service/disconnect;
|
||||
}
|
||||
{% endif %}
|
||||
location /whn-manager {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/whn-manager;
|
||||
}
|
||||
|
||||
{% if smart_executor_install is defined and smart_executor_install %}
|
||||
location {{ smart_executor_context }} {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }};
|
||||
}
|
||||
{% endif %}
|
||||
{% if data_transfer_service_install %}
|
||||
location /data-transfer-service {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service;
|
||||
}
|
||||
{% endif %}
|
||||
# Smartgears special urls - end
|
||||
|
||||
# Smartgears targets - start
|
||||
{% for instance in tomcat_m_instances %}
|
||||
{% for context in instance.app_contexts %}
|
||||
{% if context != "whn-manager" %}
|
||||
{% if context != "uri-resolver" %}
|
||||
{% if context != '' %}
|
||||
location /{{ context }} {
|
||||
{% if varnish_install is defined and varnish_install %}
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% if nginx_cors_extended_rules %}
|
||||
proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
|
||||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% if nginx_cors_extended_rules %}
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }};
|
||||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% if smart_executor_install is defined and smart_executor_install %}
|
||||
location {{ smart_executor_context }} {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }};
|
||||
}
|
||||
{% endif %}
|
||||
{% if data_transfer_service_install %}
|
||||
location /data-transfer-service {
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service;
|
||||
}
|
||||
{% endif %}
|
||||
{% if tomcat_m_manager_install or tomcat_m_host_manager_install %}
|
||||
{% if smartgears_tomcat_manager_exposed %}
|
||||
location /manager {
|
||||
{% for acl in smartgears_tomcat_manager_access_acls %}
|
||||
{{ acl.policy }} {{ acl.address }};
|
||||
{% endfor %}
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/manager;
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if remote_opencpu_server is defined and remote_opencpu_server %}
|
||||
location {{ opencpu_context | default('/ocpu') }} {
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
proxy_pass http://{{ remote_opencpu_host }}:{{ opencpu_proxy_port | default('8004') }}{{ opencpu_context | default('/ocpu') }};
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if smartgears_nginx_expose_tomcat_logs %}
|
||||
location /gcube-logs/ {
|
||||
alias {{ smartgears_instance_path }}/logs/;
|
||||
autoindex on;
|
||||
autoindex_localtime on;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if rstudio_install_server is defined and rstudio_install_server %}
|
||||
location / {
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
proxy_pass http://127.0.0.1:8787/;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if smartgears_uri_resolver_install is defined and smartgears_uri_resolver_install %}
|
||||
location /geonetwork {
|
||||
{% for ip in ckan_ip_list %}
|
||||
allow {{ ip }};
|
||||
{% endfor %}
|
||||
deny all;
|
||||
rewrite ^ $request_uri;
|
||||
rewrite ^/(.*) uri-resolver/$1 break;
|
||||
return 400; #if the second rewrite won't match
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/$uri;
|
||||
}
|
||||
|
||||
location / {
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
rewrite ^ $request_uri;
|
||||
rewrite ^/(.*) uri-resolver/$1 break;
|
||||
return 400; #if the second rewrite won't match
|
||||
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/$uri;
|
||||
}
|
||||
{% endif %}
|
||||
# Smartgears targets - end
|
||||
|
||||
{% if item.locations is defined %}
|
||||
{% for location in item.locations -%}
|
||||
location {{ location.location }} {
|
||||
|
||||
{% if nginx_cors_enabled %}
|
||||
{% if not nginx_cors_global %}
|
||||
{% if location.cors is defined and location.cors %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if location.target is defined %}
|
||||
proxy_pass {{ location.target }};
|
||||
{% elif location.php_target is defined %}
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass {{ location.php_target }};
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param REMOTE_ADDR $http_x_forwarded_for;
|
||||
#fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
include fastcgi_params;
|
||||
{% endif %}
|
||||
|
||||
{% if location.websockets is defined and location.websockets %}
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
{% endif %}
|
||||
|
||||
{% if location.extra_conf is defined %}
|
||||
{{ location.extra_conf }}
|
||||
{% endif %}
|
||||
|
||||
{% if location.acls is defined %}
|
||||
{% for acl in location.acls %}
|
||||
{{ acl }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if location.other_opts is defined %}
|
||||
{% for opt in location.other_opts %}
|
||||
{{ opt }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if item.extra_parameters is defined %}
|
||||
{{ item.extra_parameters }}
|
||||
{% endif %}
|
||||
}
|
||||
{% endif %}
|
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
smartgears_node: True
|
||||
smartgears_install_generic_virthost: True
|
||||
smartgears_instance_id: 1
|
||||
|
||||
tomcat_m_webapps_unpack: True
|
||||
tomcat_m_instances:
|
||||
- { http_enabled: True, http_port: '{{ smartgears_http_port }}', http_address: '{{ smartgears_tomcat_listen_address }}', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '-1', java_home: '{{ jdk_java_home }}', user: '{{ smartgears_user }}', user_home: '{{ smartgears_user_home }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ smartgears_instance_path }}', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', jmx_enabled: '{{ tomcat_m_jmx_enabled }}', jmx_disable_additional_ports: '{{ tomcat_m_jmx_disable_additional_ports }}', jmx_port: '{{ tomcat_m_jmx_port }}', jmx_use_ssl: '{{ tomcat_m_jmx_use_ssl }}', jmx_auth_enabled: '{{ tomcat_m_jmx_auth_enabled }}', jmx_auth_dir: '{{ tomcat_m_instances_base_path }}/{{ smartgears_http_port }}/conf', jmx_monitorpass: '{{ tomcat_m_jmx_monitorpass | default(omit) }}', jmx_controlpass: '{{ tomcat_m_jmx_controlpass | default(omit) }}', catalina_tmp_directory: '{{ smartgears_tomcat_tmp_dir }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_port: '{{ smartgears_debugging_port }}', access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ '0.0.0.0/0' ], app_contexts: '{{ smartgears_tomcat_contexts }}', web_document_root: '{{ smartgears_web_document_root }}' , skip_smartgears: False, smartgears_id: 1, servername: '{{ smartgears_tomcat_servername }}' }
|
||||
- { http_enabled: True, http_port: '{{ smartgears_http_port }}', http_address: '{{ smartgears_tomcat_listen_address }}', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '-1', java_home: '{{ jdk_java_home }}', user: '{{ smartgears_user }}', user_home: '{{ smartgears_user_home }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ smartgears_instance_path }}', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', jmx_enabled: '{{ tomcat_m_jmx_enabled }}', jmx_disable_additional_ports: '{{ tomcat_m_jmx_disable_additional_ports }}', jmx_port: '{{ tomcat_m_jmx_port }}', jmx_use_ssl: '{{ tomcat_m_jmx_use_ssl }}', jmx_auth_enabled: '{{ tomcat_m_jmx_auth_enabled }}', jmx_auth_dir: '{{ tomcat_m_instances_base_path }}/{{ smartgears_http_port }}/conf', jmx_monitorpass: '{{ tomcat_m_jmx_monitorpass | default(omit) }}', jmx_controlpass: '{{ tomcat_m_jmx_controlpass | default(omit) }}', catalina_tmp_directory: '{{ smartgears_tomcat_tmp_dir }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_port: '{{ smartgears_debugging_port }}', access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ '0.0.0.0/0' ], app_contexts: '{{ smartgears_tomcat_contexts }}', web_document_root: '{{ smartgears_web_document_root }}' , skip_smartgears: False, smartgears_id: '{{ smartgears_instance_id }}', servername: '{{ smartgears_tomcat_servername }}' }
|
||||
|
|
Loading…
Reference in New Issue