fuel-library/deployment/puppet/nailgun/templates/nginx_nailgun.conf.erb

server {
    <%- if @plain_http -%>
    listen   8000;
    <% else %>
    listen   8000;
    return 301 https://$host:8443$request_uri;
}

server {
    <%- end -%>
    <%- if @ssl_enabled -%>
    listen   8443 ssl;
    ssl_certificate /var/lib/fuel/keys/master/nginx/nginx.crt;
    ssl_certificate_key /var/lib/fuel/keys/master/nginx/nginx.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    # NOTE: today we have to use SHA here cause there are no supported
    # protocols below TLS1.2 which can use SHA256 at least.
    # TODO(sbog): add !SHA here as soon as all our clients will support TLS1.2
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_session_cache shared:SSL:10m;
    ssl_dhparam /etc/pki/tls/dhparam.pem;
    <%- end -%>

    server_name localhost;

    access_log /var/log/nginx/access_nailgun.log;
    error_log /var/log/nginx/error_nailgun.log debug;

    charset utf-8;
    client_max_body_size 10M;

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    gzip on;
    gzip_min_length 1000;
    gzip_types text/plain text/css application/json application/javascript application/x-javascript;

    location /static {
        autoindex on;
        alias <%= @staticdir %>;
    }

    location /dump {
        internal;
        alias <%= @logdumpdir %>;
    }

    location ~ ^/ostf/(.*) {
        proxy_pass http://<%= @ostf_host %>:8777/v1/$1;
        proxy_buffering off;
    }

    location ~ ^/keystone/(.*) {
        proxy_pass http://<%= @keystone_host %>:5000/$1;
        proxy_buffering off;
    }

    location / {
        expires -1;
        root <%= @staticdir %>;
    }

    location /api {
        include uwsgi_params;
        uwsgi_pass <%= @nailgun_host %>:8001;
        client_max_body_size 100m;
    }
}