quay/conf/nginx/http-base.conf

# vim: ft=nginx

set_real_ip_from 0.0.0.0/0;
real_ip_recursive on;
log_format lb_logs '$remote_addr ($proxy_protocol_addr) '
                   '- $remote_user [$time_local] '
                   '"$request" $status $body_bytes_sent '
                   '"$http_referer" "$http_user_agent" '
                   '($request_time $request_length $upstream_response_time)';

types_hash_max_size 2048;
include /etc/opt/rh/rh-nginx112/nginx/mime.types;

default_type application/octet-stream;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_body_temp_path /tmp/nginx 1 2;
proxy_temp_path /tmp/nginx-proxy;
fastcgi_temp_path /tmp/nginx-fastcgi;
uwsgi_temp_path /tmp/nginx-uwsgi;
scgi_temp_path /tmp/nginx-scgi;

sendfile on;

gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain text/xml text/css
           text/javascript application/x-javascript
           application/javascript image/svg+xml
           application/octet-stream;

map $proxy_protocol_addr $proper_forwarded_for {
  ""      $proxy_add_x_forwarded_for;
  default $proxy_protocol_addr;
}

map $http_x_forwarded_proto $proper_scheme {
  default $scheme;
  https   https;
}

upstream web_app_server {
    server unix:/tmp/gunicorn_web.sock fail_timeout=0;
}
upstream jwtproxy_secscan {
    server unix:/tmp/jwtproxy_secscan.sock fail_timeout=0;
}
upstream verbs_app_server {
    server unix:/tmp/gunicorn_verbs.sock fail_timeout=0;
}
upstream registry_app_server {
    server unix:/tmp/gunicorn_registry.sock fail_timeout=0;
}

# NOTE: Exposed for the _internal_ping *only*. All other secscan routes *MUST* go through
# the jwtproxy.
upstream secscan_app_server {
    server unix:/tmp/gunicorn_secscan.sock fail_timeout=0;
}


upstream build_manager_controller_server {
    server localhost:8686;
}

upstream build_manager_websocket_server {
    server localhost:8787;
}
initial import for Open Source 🎉 2019-11-12 16:09:47 +00:00			`# vim: ft=nginx`

			`set_real_ip_from 0.0.0.0/0;`
			`real_ip_recursive on;`
			`log_format lb_logs '$remote_addr ($proxy_protocol_addr) '`
			`'- $remote_user [$time_local] '`
			`'"$request" $status $body_bytes_sent '`
			`'"$http_referer" "$http_user_agent" '`
			`'($request_time $request_length $upstream_response_time)';`

			`types_hash_max_size 2048;`
			`include /etc/opt/rh/rh-nginx112/nginx/mime.types;`

			`default_type application/octet-stream;`

			`access_log /var/log/nginx/access.log;`
			`error_log /var/log/nginx/error.log;`
			`client_body_temp_path /tmp/nginx 1 2;`
			`proxy_temp_path /tmp/nginx-proxy;`
			`fastcgi_temp_path /tmp/nginx-fastcgi;`
			`uwsgi_temp_path /tmp/nginx-uwsgi;`
			`scgi_temp_path /tmp/nginx-scgi;`

			`sendfile on;`

			`gzip on;`
			`gzip_http_version 1.0;`
			`gzip_proxied any;`
			`gzip_min_length 500;`
			`gzip_disable "MSIE [1-6]\.";`
			`gzip_types text/plain text/xml text/css`
			`text/javascript application/x-javascript`
			`application/javascript image/svg+xml`
			`application/octet-stream;`

			`map $proxy_protocol_addr $proper_forwarded_for {`
			`"" $proxy_add_x_forwarded_for;`
			`default $proxy_protocol_addr;`
			`}`

			`map $http_x_forwarded_proto $proper_scheme {`
			`default $scheme;`
			`https https;`
			`}`

			`upstream web_app_server {`
			`server unix:/tmp/gunicorn_web.sock fail_timeout=0;`
			`}`
			`upstream jwtproxy_secscan {`
			`server unix:/tmp/jwtproxy_secscan.sock fail_timeout=0;`
			`}`
			`upstream verbs_app_server {`
			`server unix:/tmp/gunicorn_verbs.sock fail_timeout=0;`
			`}`
			`upstream registry_app_server {`
			`server unix:/tmp/gunicorn_registry.sock fail_timeout=0;`
			`}`

			`# NOTE: Exposed for the _internal_ping only. All other secscan routes MUST go through`
			`# the jwtproxy.`
			`upstream secscan_app_server {`
			`server unix:/tmp/gunicorn_secscan.sock fail_timeout=0;`
			`}`


			`upstream build_manager_controller_server {`
			`server localhost:8686;`
			`}`

			`upstream build_manager_websocket_server {`
			`server localhost:8787;`
			`}`