skyline-apiserver/skyline_apiserver/templates/nginx.conf.j2
Florian Haftmann 0af15c5687 fix: Explicit host header in HTTP redirects
Configuration for nginx is now generated in a way such that redirects
have a suitable Host header, which is important e.g. to run skyline
on k8s.

Change-Id: I89503dcbcf988f3e13781d137fc1fde377c3076d
2024-01-24 13:03:13 +01:00

126 lines
3.7 KiB
Django/Jinja

worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_max_body_size 0;
types_hash_max_size 2048;
proxy_request_buffering off;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
{% if ssl_certfile and ssl_keyfile %}
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
ssl_certificate {{ ssl_certfile }};
ssl_certificate_key {{ ssl_keyfile }};
{% endif %}
##
# Logging Settings
##
log_format main '$remote_addr - $remote_user [$time_local] "$request_time" '
'"$upstream_response_time" "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-access.log main;
error_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-error.log;
##
# Gzip Settings
##
gzip on;
gzip_static on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
# gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
upstream skyline {
server unix:/var/lib/skyline/skyline.sock fail_timeout=0;
}
##
# Virtual Host Configs
##
server {
listen {{ listen_address | default('0.0.0.0:9999') }}{% if ssl_certfile and ssl_keyfile %} ssl http2{% endif %} default_server;
root {{ skyline_console_static_path }};
# Add index.php to the list if you are using PHP
index index.html;
server_name _;
error_page 497 https://$http_host$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
expires 1d;
add_header Cache-Control "public";
}
location /api/openstack/skyline/ {
proxy_pass http://skyline/;
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
location {{ api_prefix }}/ {
proxy_pass http://skyline{{ api_prefix }}/;
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $http_host;
}
{% for endpoint in endpoints %}
{{ endpoint["part"] }}
location {{ endpoint["location"] }} {
proxy_pass {{ endpoint["url"] }};
proxy_redirect {{ endpoint["url"] }} {{ endpoint["location"] }};
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host {{ endpoint["host"] }};
}
{% endfor %}
}
}