{% if nginx_websockets_support is defined and nginx_websockets_support %}
include /etc/nginx/snippets/nginx-websockets.conf;
{% elif item.websockets is defined and item.websockets %}
include /etc/nginx/snippets/nginx-websockets.conf;
{% endif %}
server {
listen {{ item.listen | default ('80') }};
{% if egi_image is defined and egi_image %}
# No servername into the EGI images
{% elif hostname is defined %}
server_name _;
{% else %}
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
{% endif %}
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
return 404;
}
{% if letsencrypt_acme_install %}
include /etc/nginx/snippets/letsencrypt-proxy.conf;
{% endif %}
{% if item.access_log is defined %}
access_log {{ item.access_log }};
{% else %}
access_log /var/log/nginx/{{ item.server_name }}_access.log;
{% endif %}
{% if item.error_log is defined %}
error_log {{ item.error_log }};
{% else %}
error_log /var/log/nginx/{{ item.server_name }}_error.log;
{% endif %}
server_tokens {{ item.server_tokens | default('off') }};
{% if item.ssl_enabled and item.ssl_only %}
{% if item.smartgears_over_ssl %}
location / {
return 301 https://{{ item.server_name }}$request_uri;
}
{% else %}
# Smartgears answers over http
include /etc/nginx/snippets/nginx-proxy-params.conf;
{% if r_connector_install is defined and r_connector_install %}
location /auth-sign-in {
rewrite ^/auth-sign-in http://{{ item.virthost_name }}/r-connector/gcube/service/disconnect;
}
{% endif %}
location /whn-manager {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/whn-manager;
}
{% if smart_executor_install is defined and smart_executor_install %}
location {{ smart_executor_context }} {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }};
}
{% endif %}
{% if data_transfer_service_install %}
location /data-transfer-service {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service;
}
{% endif %}
location / {
return 301 https://{{ item.server_name }}$request_uri;
}
{% endif %}
{% else %}
root {{ item.root | default('/usr/share/nginx/html/') }};
index {{ item.index | default('index.html index.htm') }};
error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }};
location = /50x.html {
root /usr/share/nginx/html;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
return 404;
}
{% if haproxy_ips is defined %}
# We are behind haproxy
{% for ip in haproxy_ips %}
set_real_ip_from {{ ip }};
{% endfor %}
real_ip_header X-Forwarded-For;
{% endif %}
{% if item.max_body is defined %}
client_max_body_size {{ item.max_body }};
{% else %}
client_max_body_size {{ nginx_client_max_body_size }};
{% endif %}
{% if item.body_timeout is defined %}
client_body_timeout {{ item.body_timeout }};
{% else %}
client_body_timeout {{ nginx_client_body_timeout }};
{% endif %}
{% if nginx_cors_enabled %}
{% if nginx_cors_global %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
{% endif %}
{% if item.additional_options is defined %}
{% for add_opt in item.additional_options %}
{{ add_opt }};
{% endfor %}
{% endif %}
{% if item.http_acls is defined %}
{% for acl in item.http_acls %}
{{ acl }};
{% endfor %}
{% endif %}
{% if nginx_websockets_support is defined and nginx_websockets_support %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% elif item.websockets is defined and item.websockets %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% endif %}
include /etc/nginx/snippets/nginx-proxy-params.conf;
{% if item.proxy_additional_options is defined %}
{% for popt in item.proxy_additional_options %}
{{ popt }};
{% endfor %}
{% endif %}
# Smartgears special urls - start
{% if r_connector_install is defined and r_connector_install %}
location /auth-sign-in {
rewrite ^/auth-sign-in http://{{ item.virthost_name }}/r-connector/gcube/service/disconnect;
}
{% endif %}
location /whn-manager {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/whn-manager;
}
{% if smart_executor_install is defined and smart_executor_install %}
location {{ smart_executor_context }} {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }};
}
{% endif %}
{% if data_transfer_service_install %}
location /data-transfer-service {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service;
}
{% endif %}
# Smartgears special urls - end
# Smartgears targets - start
{% for instance in tomcat_m_instances %}
{% for context in instance.app_contexts %}
{% if context != "whn-manager" %}
{% if context != "uri-resolver" %}
{% if context != '' %}
location /{{ context }} {
{% if varnish_install is defined and varnish_install %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
{% else %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
{% endif %}
{% else %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
{% endif %}
{% else %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }};
{% else %}
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/{{ context }};
{% endif %}
{% else %}
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/{{ context }};
{% endif %}
{% endif %}
}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}
{% if smart_executor_install is defined and smart_executor_install %}
location {{ smart_executor_context }} {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }};
}
{% endif %}
{% if data_transfer_service_install %}
location /data-transfer-service {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service;
}
{% endif %}
{% if tomcat_m_manager_install or tomcat_m_host_manager_install %}
{% if smartgears_tomcat_manager_exposed %}
location /manager {
{% for acl in smartgears_tomcat_manager_access_acls %}
{{ acl.policy }} {{ acl.address }};
{% endfor %}
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/manager;
}
{% endif %}
{% endif %}
{% if remote_opencpu_server is defined and remote_opencpu_server %}
location {{ opencpu_context | default('/ocpu') }} {
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
proxy_pass http://{{ remote_opencpu_host }}:{{ opencpu_proxy_port | default('8004') }}{{ opencpu_context | default('/ocpu') }};
}
{% endif %}
{% if smartgears_nginx_expose_tomcat_logs %}
location /gcube-logs/ {
alias {{ smartgears_instance_path }}/logs/;
autoindex on;
autoindex_localtime on;
}
{% endif %}
{% if rstudio_install_server is defined and rstudio_install_server %}
location / {
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
proxy_pass http://127.0.0.1:8787/;
}
{% endif %}
{% if smartgears_uri_resolver_install is defined and smartgears_uri_resolver_install %}
location /geonetwork {
{% for ip in ckan_ip_list %}
allow {{ ip }};
{% endfor %}
deny all;
rewrite ^ $request_uri;
rewrite ^/(.*) uri-resolver/$1 break;
return 400; #if the second rewrite won't match
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/$uri;
}
location / {
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
rewrite ^ $request_uri;
rewrite ^/(.*) uri-resolver/$1 break;
return 400; #if the second rewrite won't match
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/$uri;
}
{% endif %}
# Smartgears targets - end
{% if item.locations is defined %}
{% for location in item.locations -%}
location {{ location.location }} {
{% if nginx_cors_enabled %}
{% if not nginx_cors_global %}
{% if location.cors is defined and location.cors %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
{% endif %}
{% endif %}
{% if location.target is defined %}
proxy_pass {{ location.target }};
{% elif location.php_target is defined %}
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass {{ location.php_target }};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REMOTE_ADDR $http_x_forwarded_for;
#fastcgi_param REMOTE_ADDR $remote_addr;
include fastcgi_params;
{% endif %}
{% if location.websockets is defined and location.websockets %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
{% endif %}
{% if location.extra_conf is defined %}
{{ location.extra_conf }}
{% endif %}
{% if location.acls is defined %}
{% for acl in location.acls %}
{{ acl }};
{% endfor %}
{% endif %}
{% if location.other_opts is defined %}
{% for opt in location.other_opts %}
{{ opt }};
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}
{% if item.extra_parameters is defined %}
{{ item.extra_parameters }}
{% endif %}
{% endif %}
}
{% if item.ssl_enabled %}
server {
listen {{ https_port | default('443') }} {{ nginx_ssl_type }};
{% if egi_image is defined and egi_image %}
# No servername into the EGI images
{% elif hostname is defined %}
server_name _;
{% else %}
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
{% endif %}
{% if item.access_log is defined %}
access_log {{ item.access_log }};
{% else %}
access_log /var/log/nginx/{{ item.server_name }}_ssl_access.log;
{% endif %}
{% if item.error_log is defined %}
error_log {{ item.error_log }};
{% else %}
error_log /var/log/nginx/{{ item.server_name }}_ssl_error.log;
{% endif %}
root {{ item.root | default('/usr/share/nginx/html/') }};
index {{ item.index | default('index.html index.htm') }};
error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }};
location = /50x.html {
root /usr/share/nginx/html;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
}
{% if haproxy_ips is defined %}
# We are behind haproxy
{% for ip in haproxy_ips %}
set_real_ip_from {{ ip }};
{% endfor %}
real_ip_header X-Forwarded-For;
{% endif %}
{% if item.max_body is defined %}
client_max_body_size {{ item.max_body }};
{% else %}
client_max_body_size {{ nginx_client_max_body_size }};
{% endif %}
{% if item.body_timeout is defined %}
client_body_timeout {{ item.body_timeout }};
{% else %}
client_body_timeout {{ nginx_client_body_timeout }};
{% endif %}
include /etc/nginx/snippets/nginx-server-ssl.conf;
server_tokens {{ item.server_tokens | default('off') }};
{% if nginx_cors_enabled %}
{% if nginx_cors_global %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
{% endif %}
{% if nginx_websockets_support is defined and nginx_websockets_support %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% elif item.websockets is defined and item.websockets %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
{% endif %}
{% if item.additional_options is defined %}
{% for add_opt in item.additional_options %}
{{ add_opt }};
{% endfor %}
{% endif %}
{% if item.https_acls is defined %}
{% for acl in item.https_acls %}
{{ acl }};
{% endfor %}
{% endif %}
include /etc/nginx/snippets/nginx-proxy-params.conf;
{% if item.proxy_additional_options is defined %}
{% for popt in item.proxy_additional_options %}
{{ popt }}
{% endfor %}
{% endif %}
# Smartgears special urls - start
{% if r_connector_install is defined and r_connector_install %}
location /auth-sign-in {
rewrite ^/auth-sign-in http://{{ item.virthost_name }}/r-connector/gcube/service/disconnect;
}
{% endif %}
location /whn-manager {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/whn-manager;
}
{% if smart_executor_install is defined and smart_executor_install %}
location {{ smart_executor_context }} {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }};
}
{% endif %}
{% if data_transfer_service_install %}
location /data-transfer-service {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service;
}
{% endif %}
# Smartgears special urls - end
# Smartgears targets - start
{% for instance in tomcat_m_instances %}
{% for context in instance.app_contexts %}
{% if context != "whn-manager" %}
{% if context != "uri-resolver" %}
{% if context != '' %}
location /{{ context }} {
{% if varnish_install is defined and varnish_install %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
{% else %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
{% endif %}
{% else %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
{% endif %}
{% else %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }};
{% else %}
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/{{ context }};
{% endif %}
{% else %}
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/{{ context }};
{% endif %}
{% endif %}
}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
{% endfor %}
{% if smart_executor_install is defined and smart_executor_install %}
location {{ smart_executor_context }} {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }};
}
{% endif %}
{% if data_transfer_service_install %}
location /data-transfer-service {
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service;
}
{% endif %}
{% if tomcat_m_manager_install or tomcat_m_host_manager_install %}
{% if smartgears_tomcat_manager_exposed %}
location /manager {
{% for acl in smartgears_tomcat_manager_access_acls %}
{{ acl.policy }} {{ acl.address }};
{% endfor %}
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/manager;
}
{% endif %}
{% endif %}
{% if remote_opencpu_server is defined and remote_opencpu_server %}
location {{ opencpu_context | default('/ocpu') }} {
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
proxy_pass http://{{ remote_opencpu_host }}:{{ opencpu_proxy_port | default('8004') }}{{ opencpu_context | default('/ocpu') }};
}
{% endif %}
{% if smartgears_nginx_expose_tomcat_logs %}
location /gcube-logs/ {
alias {{ smartgears_instance_path }}/logs/;
autoindex on;
autoindex_localtime on;
}
{% endif %}
{% if rstudio_install_server is defined and rstudio_install_server %}
location / {
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
proxy_pass http://127.0.0.1:8787/;
}
{% endif %}
{% if smartgears_uri_resolver_install is defined and smartgears_uri_resolver_install %}
location /geonetwork {
{% for ip in ckan_ip_list %}
allow {{ ip }};
{% endfor %}
deny all;
rewrite ^ $request_uri;
rewrite ^/(.*) uri-resolver/$1 break;
return 400; #if the second rewrite won't match
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/$uri;
}
location / {
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
rewrite ^ $request_uri;
rewrite ^/(.*) uri-resolver/$1 break;
return 400; #if the second rewrite won't match
proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/$uri;
}
{% endif %}
# Smartgears targets - end
{% if item.locations is defined %}
{% for location in item.locations -%}
location {{ location.location }} {
{% if nginx_cors_enabled %}
{% if not nginx_cors_global %}
{% if location.cors is defined and location.cors %}
include /etc/nginx/snippets/nginx-cors.conf;
{% endif %}
{% endif %}
{% endif %}
{% if location.target is defined %}
proxy_pass {{ location.target }};
{% elif location.php_target is defined %}
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass {{ location.php_target }};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REMOTE_ADDR $http_x_forwarded_for;
#fastcgi_param REMOTE_ADDR $remote_addr;
include fastcgi_params;
{% endif %}
{% if location.websockets is defined and location.websockets %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
{% endif %}
{% if location.extra_conf is defined %}
{{ location.extra_conf }}
{% endif %}
{% if location.acls is defined %}
{% for acl in location.acls %}
{{ acl }};
{% endfor %}
{% endif %}
{% if location.other_opts is defined %}
{% for opt in location.other_opts %}
{{ opt }};
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}
{% if item.extra_parameters is defined %}
{{ item.extra_parameters }}
{% endif %}
}
{% endif %}