Adding nginx role

nginx is crucial part of our offline solution, within this role
we are covering deployment of this lightweight http server
together with its configuration.

Change-Id: I89695074349f4c6938340ab3bb735108c8c278f4
Issue-ID: OOM-1551
Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>

1 files changed, 105 insertions, 0 deletions

diff --git a/ansible/roles/nginx/templates/nginx.conf.j2 b/ansible/roles/nginx/templates/nginx.conf.j2
new file mode 100644
index 00000000..fb48565f
--- /dev/null
+++ b/ansible/roles/nginx/templates/nginx.conf.j2
@@ -0,0 +1,105 @@
+worker_processes 2;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    error_log /var/log/nginx/error.log debug;
+    access_log /var/log/nginx/access.log;
+
+    proxy_intercept_errors on;
+    proxy_send_timeout 120;
+    proxy_read_timeout 300;
+
+    upstream nexus {
+        server nexus:8081;
+    }
+
+    upstream registry {
+        server nexus:8082;
+    }
+
+# http simulations
+    server {
+        listen 80;
+        listen 443 ssl;
+        server_name _;
+        ssl_certificate         /etc/nginx/certs/nexus_server.crt;
+        ssl_certificate_key     /etc/nginx/certs/nexus_server.key;
+
+        keepalive_timeout  5 5;
+
+        location / {
+            root   /srv/http/$host;
+            index  index.html;
+        }
+    }
+
+# nexus simulations
+    server {
+        listen 80;
+        listen 443 ssl;
+        server_name {% for host in simulated_hosts.nexus -%}
+                        {{ host + " " }}
+                    {%- endfor %};
+        ssl_certificate         /etc/nginx/certs/nexus_server.crt;
+        ssl_certificate_key     /etc/nginx/certs/nexus_server.key;
+
+        keepalive_timeout  5 5;
+        proxy_buffering    off;
+
+        # allow large uploads
+        client_max_body_size 3G;
+
+        location / {
+            # redirect to docker registry
+            if ($http_user_agent ~ docker ) {
+                proxy_pass http://registry;
+            }
+            proxy_pass http://nexus;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }
+
+# git simulations
+    server {
+        listen 80;
+        listen 443 ssl;
+        server_name {% for host in simulated_hosts.git -%}
+                        {{ host + " " }}
+                    {%- endfor %};
+        ssl_certificate         /etc/nginx/certs/nexus_server.crt;
+        ssl_certificate_key     /etc/nginx/certs/nexus_server.key;
+
+        keepalive_timeout  5 5;
+        proxy_buffering    off;
+
+        location / {
+              try_files $uri $uri/ @git;
+        }
+
+        location @git {
+
+            # Set chunks to unlimited, as the body's can be huge
+            client_max_body_size            0;
+
+            fastcgi_param   SCRIPT_FILENAME     /usr/libexec/git-core/git-http-backend;
+            fastcgi_param   QUERY_STRING        $args;
+            fastcgi_param   HTTP_HOST           $server_name;
+            fastcgi_param   PATH_INFO           $uri;
+
+            include fastcgi_params;
+
+            fastcgi_param   GIT_HTTP_EXPORT_ALL "";
+            fastcgi_param   GIT_PROJECT_ROOT    /srv/git/$host/;
+
+            # Forward REMOTE_USER as we want to know when we are authenticated
+            fastcgi_param               REMOTE_USER $remote_user;
+
+            fastcgi_pass unix:/var/run/fcgiwrap.socket;
+        }
+    }
+}