3176cfbc47
When using http protocol to access, nginx will respond with 400 and
report "400 The plain HTTP request was sent to HTTPS port".
The reason is that http 497 error[1] appeared in nginx, so 497
error was redirected to https protocol.
[1] 56f5331683/src/http/ngx_http_special_response.c (L274)
Change-Id: I01c35318dd5d219dbb31e6a89bdc05d2a4db7804
117 lines
3.2 KiB
Django/Jinja
117 lines
3.2 KiB
Django/Jinja
worker_processes auto;
|
|
pid /run/nginx.pid;
|
|
include /etc/nginx/modules-enabled/*.conf;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
multi_accept on;
|
|
}
|
|
|
|
http {
|
|
|
|
##
|
|
# Basic Settings
|
|
##
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
client_max_body_size 0;
|
|
types_hash_max_size 2048;
|
|
proxy_request_buffering off;
|
|
server_tokens off;
|
|
|
|
# server_names_hash_bucket_size 64;
|
|
# server_name_in_redirect off;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
##
|
|
# SSL Settings
|
|
##
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# Self signed certs generated by the ssl-cert package
|
|
# Don't use them in a production server!
|
|
ssl_certificate {{ ssl_certfile | default('/etc/ssl/certs/ssl-cert-snakeoil.pem') }};
|
|
ssl_certificate_key {{ ssl_keyfile | default('/etc/ssl/private/ssl-cert-snakeoil.key') }};
|
|
|
|
##
|
|
# Logging Settings
|
|
##
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request_time" '
|
|
'"$upstream_response_time" "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
access_log /var/log/skyline/nginx_access.log main;
|
|
error_log /var/log/skyline/nginx_error.log;
|
|
|
|
##
|
|
# Gzip Settings
|
|
##
|
|
gzip on;
|
|
gzip_static on;
|
|
gzip_disable "msie6";
|
|
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
# gzip_http_version 1.1;
|
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
|
|
|
upstream skyline {
|
|
server unix:/var/lib/skyline/skyline.sock fail_timeout=0;
|
|
}
|
|
|
|
##
|
|
# Virtual Host Configs
|
|
##
|
|
server {
|
|
listen 8080 ssl http2 default_server;
|
|
|
|
root {{ skyline_console_static_path }};
|
|
|
|
# Add index.php to the list if you are using PHP
|
|
index index.html;
|
|
|
|
server_name _;
|
|
|
|
error_page 497 https://$http_host$request_uri;
|
|
|
|
location / {
|
|
# First attempt to serve request as file, then
|
|
# as directory, then fall back to displaying a 404.
|
|
try_files $uri $uri/ /index.html;
|
|
expires 1d;
|
|
add_header Cache-Control "public";
|
|
}
|
|
|
|
location /api/openstack/skyline/ {
|
|
proxy_pass http://skyline/;
|
|
proxy_redirect off;
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
|
|
{% for endpoint in endpoints %}
|
|
{{ endpoint["part"] }}
|
|
location {{ endpoint["location"] }} {
|
|
proxy_pass {{ endpoint["url"] }};
|
|
proxy_redirect {{ endpoint["url"] }} {{ endpoint["location"] }};
|
|
proxy_buffering off;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Host $http_host;
|
|
}
|
|
{% endfor %}
|
|
}
|
|
|
|
}
|
|
|