diff options
Diffstat (limited to 'ansible/roles/nginx/templates/nginx.conf.j2')
-rw-r--r-- | ansible/roles/nginx/templates/nginx.conf.j2 | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/ansible/roles/nginx/templates/nginx.conf.j2 b/ansible/roles/nginx/templates/nginx.conf.j2 new file mode 100644 index 00000000..fb48565f --- /dev/null +++ b/ansible/roles/nginx/templates/nginx.conf.j2 @@ -0,0 +1,105 @@ +worker_processes 2; + +events { + worker_connections 1024; +} + +http { + error_log /var/log/nginx/error.log debug; + access_log /var/log/nginx/access.log; + + proxy_intercept_errors on; + proxy_send_timeout 120; + proxy_read_timeout 300; + + upstream nexus { + server nexus:8081; + } + + upstream registry { + server nexus:8082; + } + +# http simulations + server { + listen 80; + listen 443 ssl; + server_name _; + ssl_certificate /etc/nginx/certs/nexus_server.crt; + ssl_certificate_key /etc/nginx/certs/nexus_server.key; + + keepalive_timeout 5 5; + + location / { + root /srv/http/$host; + index index.html; + } + } + +# nexus simulations + server { + listen 80; + listen 443 ssl; + server_name {% for host in simulated_hosts.nexus -%} + {{ host + " " }} + {%- endfor %}; + ssl_certificate /etc/nginx/certs/nexus_server.crt; + ssl_certificate_key /etc/nginx/certs/nexus_server.key; + + keepalive_timeout 5 5; + proxy_buffering off; + + # allow large uploads + client_max_body_size 3G; + + location / { + # redirect to docker registry + if ($http_user_agent ~ docker ) { + proxy_pass http://registry; + } + proxy_pass http://nexus; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + +# git simulations + server { + listen 80; + listen 443 ssl; + server_name {% for host in simulated_hosts.git -%} + {{ host + " " }} + {%- endfor %}; + ssl_certificate /etc/nginx/certs/nexus_server.crt; + ssl_certificate_key /etc/nginx/certs/nexus_server.key; + + keepalive_timeout 5 5; + proxy_buffering off; + + location / { + try_files $uri $uri/ @git; + } + + location @git { + + # Set chunks to unlimited, as the body's can be huge + client_max_body_size 0; + + fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_param PATH_INFO $uri; + + include fastcgi_params; + + fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /srv/git/$host/; + + # Forward REMOTE_USER as we want to know when we are authenticated + fastcgi_param REMOTE_USER $remote_user; + + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + } +} |