0af15c5687
Configuration for nginx is now generated in a way such that redirects have a suitable Host header, which is important e.g. to run skyline on k8s. Change-Id: I89503dcbcf988f3e13781d137fc1fde377c3076d
126 lines
3.7 KiB
Django/Jinja
126 lines
3.7 KiB
Django/Jinja
worker_processes auto;
|
|
pid /run/nginx.pid;
|
|
include /etc/nginx/modules-enabled/*.conf;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
multi_accept on;
|
|
}
|
|
|
|
http {
|
|
|
|
##
|
|
# Basic Settings
|
|
##
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
client_max_body_size 0;
|
|
types_hash_max_size 2048;
|
|
proxy_request_buffering off;
|
|
server_tokens off;
|
|
|
|
# server_names_hash_bucket_size 64;
|
|
# server_name_in_redirect off;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
{% if ssl_certfile and ssl_keyfile %}
|
|
##
|
|
# SSL Settings
|
|
##
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# Self signed certs generated by the ssl-cert package
|
|
# Don't use them in a production server!
|
|
ssl_certificate {{ ssl_certfile }};
|
|
ssl_certificate_key {{ ssl_keyfile }};
|
|
{% endif %}
|
|
##
|
|
# Logging Settings
|
|
##
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request_time" '
|
|
'"$upstream_response_time" "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
access_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-access.log main;
|
|
error_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-error.log;
|
|
|
|
##
|
|
# Gzip Settings
|
|
##
|
|
gzip on;
|
|
gzip_static on;
|
|
gzip_disable "msie6";
|
|
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
# gzip_http_version 1.1;
|
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
|
|
|
upstream skyline {
|
|
server unix:/var/lib/skyline/skyline.sock fail_timeout=0;
|
|
}
|
|
|
|
##
|
|
# Virtual Host Configs
|
|
##
|
|
server {
|
|
listen {{ listen_address | default('0.0.0.0:9999') }}{% if ssl_certfile and ssl_keyfile %} ssl http2{% endif %} default_server;
|
|
|
|
root {{ skyline_console_static_path }};
|
|
|
|
# Add index.php to the list if you are using PHP
|
|
index index.html;
|
|
|
|
server_name _;
|
|
|
|
error_page 497 https://$http_host$request_uri;
|
|
|
|
location / {
|
|
# First attempt to serve request as file, then
|
|
# as directory, then fall back to displaying a 404.
|
|
try_files $uri $uri/ /index.html;
|
|
expires 1d;
|
|
add_header Cache-Control "public";
|
|
}
|
|
|
|
location /api/openstack/skyline/ {
|
|
proxy_pass http://skyline/;
|
|
proxy_redirect off;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
location {{ api_prefix }}/ {
|
|
proxy_pass http://skyline{{ api_prefix }}/;
|
|
proxy_redirect off;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
{% for endpoint in endpoints %}
|
|
{{ endpoint["part"] }}
|
|
location {{ endpoint["location"] }} {
|
|
proxy_pass {{ endpoint["url"] }};
|
|
proxy_redirect {{ endpoint["url"] }} {{ endpoint["location"] }};
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host {{ endpoint["host"] }};
|
|
}
|
|
{% endfor %}
|
|
}
|
|
|
|
}
|