gCubeSystem
/
d4s-nginx-pep-examples
16
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
d4s-nginx-pep-examples/shinyproxy/ansible_vars/nginx.yml

100 lines
4.0 KiB
YAML
Raw Blame History

---
nginx_use_nginx_org_repo: true
nginx_org_modules:
- pkg_name: nginx-module-njs
mod_name: ngx_http_js_module.so
enabled: true
nginx_set_frame_origin: true
nginx_set_content_security_options: true
nginx_disable_content_security_options: true
nginx_x_frame_options: ''
nginx_pep_debug_enabled: 'true'
nginx_proxy_define_header_host: true
nginx_proxy_header_x_forwarded_proto: 'https'
nginx_conf_remote_snippets:
- url: 'https://code-repo.d4science.org/gCubeSystem/d4s-nginx-pep-examples/raw/branch/master/shinyproxy/pep.js.j2'
name: pep.js
nginx_conf_remote_global_conf:
- url: 'https://code-repo.d4science.org/gCubeSystem/d4s-nginx-pep-examples/raw/branch/master/shinyproxy/nginx_pep_gcube.conf.j2'
name: nginx_pep_gcube
- url: 'https://code-repo.d4science.org/gCubeSystem/d4s-nginx-pep-examples/raw/branch/master/shinyproxy/nginx_pep_global.conf.j2'
name: nginx_pep_global
nginx_virthosts:
- virthost_name: 'shinyproxy.garr.d4science.org'
server_name: 'shinyproxy.garr.d4science.org'
serveraliases: 'shinyproxy-sdg.d4science.org'
plain_http_enabled: false
upstream_backends:
- name: shinyproxy_sdg
servers:
- '{{ docker_garr_swarm1_ip }}:8080'
- '{{ docker_garr_swarm2_ip }}:8080'
- '{{ docker_garr_swarm3_ip }}:8080'
ssl_enabled: true
ssl_only: true
ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}'
root: '{{ nginx_webroot }}'
server_tokens: 'off'
# global_additional_options:
# - 'include /etc/nginx/snippets/nginx_pep_gcube.conf'
proxy_standard_setup: true
include_global_proxy_conf: true
proxy_additional_options:
- 'proxy_cache_path /tmp/shinyproxy_sdg levels=1:2 keys_zone=shinyproxy_sdg_cache:10m max_size=10g inactive=60m use_temp_path=off'
websockets: true
locations:
- location: '~ /app/'
other_opts:
- 'subrequest_output_buffer_size 128k'
- 'js_content pep.enforce'
- location: '~ /[^_].+'
target: 'http://shinyproxy_sdg'
other_opts:
- 'subrequest_output_buffer_size 128k'
- location: /_jwt_verify_request
target: '{{ keycloak_auth_server }}/auth/realms/d4science/protocol/openid-connect/token/introspect'
other_opts:
- 'internal'
- 'proxy_method POST'
- 'gunzip on'
- 'proxy_set_header Authorization "{{ keycloak_auth_credentials_prod }}"'
- 'proxy_set_header Content-Type "application/x-www-form-urlencoded"'
- 'proxy_cache shinyproxy_sdg_cache'
- 'proxy_cache_key $source_auth'
- 'proxy_cache_lock on'
- 'proxy_cache_valid 200 10s'
- 'proxy_ignore_headers Cache-Control Expires Set-Cookie'
- location: /_backend
other_opts:
- 'internal'
- 'subrequest_output_buffer_size 128k'
- 'resolver 146.48.122.10'
- 'proxy_set_header Host $host'
- 'proxy_set_header X-Forwarded-Proto "https"'
- 'proxy_set_header Authorization "$auth_token"'
target: 'http://shinyproxy_sdg$request_uri'
- location: /_accounting
target: 'https://accounting-service.d4science.org/accounting-service/record'
other_opts:
- 'internal'
- 'proxy_method POST'
- 'proxy_set_header Authorization "$auth_token"'
- 'proxy_set_header Content-Type "application/json"'
- location: /_homeserv
target: 'https://192.168.100.54/'
other_opts:
- 'internal'
- 'proxy_method POST'
- 'proxy_set_header Content-Type "application/x-www-form-urlencoded"'
- 'proxy_ssl_verify off'
- location: /_gcube_user_info
target: 'https://api.d4science.org/rest/2/people/profile'
other_opts:
- 'internal'
- 'proxy_method GET'
- 'gunzip on'
- 'proxy_set_header gcube-token "$auth_token"'
- 'proxy_cache shinyproxy_sdg_cache'
- 'proxy_cache_key $auth_token'
View Git Blame Copy Permalink