| 1 | # MANAGED BY PUPPET
|
|---|
| 2 | server {
|
|---|
| 3 | listen *:443 ssl http2;
|
|---|
| 4 | server_name jenkins;
|
|---|
| 5 |
|
|---|
| 6 | ssl on;
|
|---|
| 7 |
|
|---|
| 8 | ssl_certificate /var/private/cert_chain.pem;
|
|---|
| 9 | ssl_certificate_key /var/private/private.key;
|
|---|
| 10 | ssl_dhparam /var/private/dhparam.pem;
|
|---|
| 11 | ssl_session_cache shared:SSL:50m;
|
|---|
| 12 | ssl_session_timeout 1d;
|
|---|
| 13 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|---|
| 14 | ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
|
|---|
| 15 | ssl_prefer_server_ciphers on;
|
|---|
| 16 | ssl_stapling on;
|
|---|
| 17 | ssl_stapling_verify on;
|
|---|
| 18 | ssl_trusted_certificate /var/private/root_chain.pem;
|
|---|
| 19 |
|
|---|
| 20 | resolver 8.8.8.8 4.4.4.4;
|
|---|
| 21 | index index.html index.htm index.php;
|
|---|
| 22 |
|
|---|
| 23 | access_log /var/log/nginx/jenkins.access.log combined;
|
|---|
| 24 | error_log /var/log/nginx/jenkins.error.log;
|
|---|
| 25 |
|
|---|
| 26 | if ( $host != 'jhoblitt-demo-ci.lsst.codes' ) {
|
|---|
| 27 | return 301 https://jhoblitt-demo-ci.lsst.codes$request_uri;
|
|---|
| 28 | }
|
|---|
| 29 | add_header Strict-Transport-Security 'max-age=15552000';
|
|---|
| 30 |
|
|---|
| 31 | location / {
|
|---|
| 32 |
|
|---|
| 33 | proxy_pass http://jenkins;
|
|---|
| 34 | proxy_read_timeout 90;
|
|---|
| 35 | proxy_connect_timeout 150;
|
|---|
| 36 | proxy_redirect default;
|
|---|
| 37 | proxy_set_header Host $host;
|
|---|
| 38 | proxy_set_header X-Real-IP $remote_addr;
|
|---|
| 39 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|---|
| 40 | }
|
|---|
| 41 |
|
|---|
| 42 | location /... {
|
|---|
| 43 | internal;
|
|---|
| 44 |
|
|---|
| 45 | access_log /var/log/nginx/ganglia.access.log;
|
|---|
| 46 | error_log /var/log/nginx/ganglia.error.log;
|
|---|
| 47 | location ~ ^/\.\.\.(?<p_doc_root>.*)/\.\.\.(?<p_prefix>.*)/\.\.\.(?<p_script>.*\.php)/\.\.\.(?<p_pathinfo>.*)$ {
|
|---|
| 48 | fastcgi_pass 127.0.0.1:9000;
|
|---|
| 49 | fastcgi_index index.php;
|
|---|
| 50 | include fastcgi_params;
|
|---|
| 51 | fastcgi_param SCRIPT_FILENAME $p_doc_root$p_script;
|
|---|
| 52 | fastcgi_param SCRIPT_NAME $p_prefix$p_script;
|
|---|
| 53 | fastcgi_param REQUEST_URI $p_prefix$p_script$p_pathinfo$is_args$query_string;
|
|---|
| 54 | fastcgi_param DOCUMENT_URI $p_prefix$p_script$p_pathinfo;
|
|---|
| 55 | fastcgi_param DOCUMENT_ROOT $p_doc_root;
|
|---|
| 56 | fastcgi_param PATH_INFO $p_pathinfo if_not_empty;
|
|---|
| 57 | }
|
|---|
| 58 | }
|
|---|
| 59 |
|
|---|
| 60 | location /ganglia {
|
|---|
| 61 |
|
|---|
| 62 | access_log /var/log/nginx/ganglia.access.log;
|
|---|
| 63 | alias /usr/share/ganglia;
|
|---|
| 64 | error_log /var/log/nginx/ganglia.error.log;
|
|---|
| 65 | rewrite ^(/ganglia)(/.*?\.php)(/.*)?$ /...$document_root/...$1/...$2/...$3 last;
|
|---|
| 66 | }
|
|---|
| 67 | }
|
|---|
