summaryrefslogtreecommitdiffstats
path: root/ansible/roles/nginx/templates/nginx.conf.j2
blob: fb48565f6af04f2fe898f72d7b173c9060f3d879 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
worker_processes 2;

events {
    worker_connections 1024;
}

http {
    error_log /var/log/nginx/error.log debug;
    access_log /var/log/nginx/access.log;

    proxy_intercept_errors on;
    proxy_send_timeout 120;
    proxy_read_timeout 300;

    upstream nexus {
        server nexus:8081;
    }

    upstream registry {
        server nexus:8082;
    }

# http simulations
    server {
        listen 80;
        listen 443 ssl;
        server_name _;
        ssl_certificate         /etc/nginx/certs/nexus_server.crt;
        ssl_certificate_key     /etc/nginx/certs/nexus_server.key;

        keepalive_timeout  5 5;

        location / {
            root   /srv/http/$host;
            index  index.html;
        }
    }

# nexus simulations
    server {
        listen 80;
        listen 443 ssl;
        server_name {% for host in simulated_hosts.nexus -%}
                        {{ host + " " }}
                    {%- endfor %};
        ssl_certificate         /etc/nginx/certs/nexus_server.crt;
        ssl_certificate_key     /etc/nginx/certs/nexus_server.key;

        keepalive_timeout  5 5;
        proxy_buffering    off;

        # allow large uploads
        client_max_body_size 3G;

        location / {
            # redirect to docker registry
            if ($http_user_agent ~ docker ) {
                proxy_pass http://registry;
            }
            proxy_pass http://nexus;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

# git simulations
    server {
        listen 80;
        listen 443 ssl;
        server_name {% for host in simulated_hosts.git -%}
                        {{ host + " " }}
                    {%- endfor %};
        ssl_certificate         /etc/nginx/certs/nexus_server.crt;
        ssl_certificate_key     /etc/nginx/certs/nexus_server.key;

        keepalive_timeout  5 5;
        proxy_buffering    off;

        location / {
              try_files $uri $uri/ @git;
        }

        location @git {

            # Set chunks to unlimited, as the body's can be huge
            client_max_body_size            0;

            fastcgi_param   SCRIPT_FILENAME     /usr/libexec/git-core/git-http-backend;
            fastcgi_param   QUERY_STRING        $args;
            fastcgi_param   HTTP_HOST           $server_name;
            fastcgi_param   PATH_INFO           $uri;

            include fastcgi_params;

            fastcgi_param   GIT_HTTP_EXPORT_ALL "";
            fastcgi_param   GIT_PROJECT_ROOT    /srv/git/$host/;

            # Forward REMOTE_USER as we want to know when we are authenticated
            fastcgi_param               REMOTE_USER $remote_user;

            fastcgi_pass unix:/var/run/fcgiwrap.socket;
        }
    }
}