cb90041a98
Change the skyline nginx config to point to the internal port. Closes-Bug: #2069855 Change-Id: Ia29d89b2594a604c687469850a67f7fe29d0eb5d
314 lines
18 KiB
Django/Jinja
314 lines
18 KiB
Django/Jinja
daemon off;
|
|
worker_processes auto;
|
|
pid /run/nginx.pid;
|
|
include /etc/nginx/modules-enabled/*.conf;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
multi_accept on;
|
|
}
|
|
|
|
http {
|
|
|
|
##
|
|
# Basic Settings
|
|
##
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
client_max_body_size 0;
|
|
types_hash_max_size 2048;
|
|
proxy_request_buffering off;
|
|
server_tokens off;
|
|
|
|
# server_names_hash_bucket_size 64;
|
|
# server_name_in_redirect off;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
{% if skyline_ssl_certfile and skyline_ssl_keyfile %}
|
|
##
|
|
# SSL Settings
|
|
##
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# Self signed certs generated by the ssl-cert package
|
|
# Don't use them in a production server!
|
|
ssl_certificate {{ skyline_ssl_certfile }};
|
|
ssl_certificate_key {{ skyline_ssl_keyfile }};
|
|
{% endif %}
|
|
##
|
|
# Logging Settings
|
|
##
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request_time" '
|
|
'"$upstream_response_time" "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
access_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-access.log main;
|
|
error_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-error.log;
|
|
|
|
##
|
|
# Gzip Settings
|
|
##
|
|
gzip on;
|
|
gzip_static on;
|
|
gzip_disable "msie6";
|
|
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
# gzip_http_version 1.1;
|
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
|
|
|
##
|
|
# Virtual Host Configs
|
|
##
|
|
server {
|
|
listen {{ api_interface_address | put_address_in_context('url') }}:{{ skyline_console_listen_port }}{% if skyline_ssl_certfile and skyline_ssl_keyfile %} ssl http2{% endif %} default_server;
|
|
|
|
root /var/lib/kolla/venv/lib/python{{ distro_python_version }}/site-packages/skyline_console/static;
|
|
|
|
# Add index.php to the list if you are using PHP
|
|
index index.html;
|
|
|
|
server_name _;
|
|
|
|
error_page 497 https://$http_host$request_uri;
|
|
|
|
location / {
|
|
# First attempt to serve request as file, then
|
|
# as directory, then fall back to displaying a 404.
|
|
try_files $uri $uri/ /index.html;
|
|
expires 1d;
|
|
add_header Cache-Control "public";
|
|
}
|
|
|
|
# Service: skyline
|
|
location {{ skyline_nginx_prefix }}/skyline/ {
|
|
proxy_pass {{ internal_protocol }}://{{ skyline_apiserver_internal_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ skyline_apiserver_internal_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}/ {{ skyline_nginx_prefix }}/skyline/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
{% if enable_keystone | bool %}# Region: {{ openstack_region_name }}, Service: keystone
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone {
|
|
proxy_pass {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_internal_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_internal_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_glance | bool %}# Region: {{ openstack_region_name }}, Service: glance
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/glance {
|
|
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/glance/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_neutron | bool %}# Region: {{ openstack_region_name }}, Service: neutron
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/neutron {
|
|
proxy_pass {{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/neutron/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_nova | bool %}# Region: {{ openstack_region_name }}, Service: nova
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/nova {
|
|
proxy_pass {{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/nova/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_placement | bool %}# Region: {{ openstack_region_name }}, Service: placement
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/placement {
|
|
proxy_pass {{ internal_protocol }}://{{ placement_internal_fqdn | put_address_in_context('url') }}:{{ placement_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ placement_internal_fqdn | put_address_in_context('url') }}:{{ placement_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/placement/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_cinder | bool %}# Region: {{ openstack_region_name }}, Service: cinder
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/cinder {
|
|
proxy_pass {{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/cinder/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_heat | bool %}# Region: {{ openstack_region_name }}, Service: heat
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/heat {
|
|
proxy_pass {{ internal_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/heat/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_octavia | bool %}# Region: {{ openstack_region_name }}, Service: octavia
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/octavia {
|
|
proxy_pass {{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/octavia/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_manila | bool %}# Region: {{ openstack_region_name }}, Service: manilav2
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/manilav2 {
|
|
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/manilav2/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_ironic | bool %}# Region: {{ openstack_region_name }}, Service: ironic
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/ironic {
|
|
proxy_pass {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/ironic/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_zun | bool %}# Region: {{ openstack_region_name }}, Service: zun
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/zun {
|
|
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ zun_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ zun_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/zun/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_magnum | bool %}# Region: {{ openstack_region_name }}, Service: magnum
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/magnum {
|
|
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ magnum_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ magnum_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/magnum/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_trove | bool %}# Region: {{ openstack_region_name }}, Service: trove
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/trove {
|
|
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ trove_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ trove_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/trove/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_barbican | bool %}# Region: {{ openstack_region_name }}, Service: barbican
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/barbican {
|
|
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ barbican_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ barbican_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/barbican/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_designate | bool %}# Region: {{ openstack_region_name }}, Service: designate
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/designate {
|
|
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ designate_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ designate_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/designate/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_masakari | bool %}# Region: {{ openstack_region_name }}, Service: masakari
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/masakari {
|
|
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ masakari_api_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ masakari_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/masakari/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if enable_swift | bool %}# Region: {{ openstack_region_name }}, Service: swift
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/swift {
|
|
proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}/;
|
|
proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/swift/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% elif enable_ceph_rgw | bool %}# Region: {{ openstack_region_name }}, Service: ceph_rgw
|
|
location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/swift {
|
|
proxy_pass {{ internal_protocol }}://{{ ceph_rgw_internal_fqdn }}:{{ ceph_rgw_port }}/{{ 'swift' if not ceph_rgw_swift_compatibility | bool }};
|
|
proxy_redirect {{ internal_protocol }}://{{ ceph_rgw_internal_fqdn }}:{{ ceph_rgw_port }}/{{ 'swift' if not ceph_rgw_swift_compatibility | bool }} {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/swift/;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endif %}
|
|
}
|
|
}
|