-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathnginx.runner-ingress.conf
104 lines (84 loc) · 2.44 KB
/
nginx.runner-ingress.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# user www-data;
worker_processes auto;
pid nginx.pid;
# pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /dev/stdout;
error_log /dev/stdout notice;
# map
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# INTERNAL_PORT
# PORT
# upstream subrequest { server localhost:<%= ENV['PORT'] %>; }
# upstream subrequest { server localhost:2829; }
upstream subrequest { server 169.254.1.1:2829; }
server {
# listen *:<%= ENV['SCHEDULER_SERVICE_PORT'] %>;
listen *:2831;
server_name localhost _;
# resolver <%= ENV['RESOLVER_IP'] %>;
resolver 169.254.1.1;
keepalive_timeout 70;
location = /internal/validate_request {
internal;
proxy_http_version 1.1;
proxy_set_header X-Origin-URI $request_uri;
proxy_pass http://subrequest/scheduled/consul/cluster/$tenant/;
proxy_set_header Host "$tenant";
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_method GET;
}
location ~ /environs/(?<tenant>[^/]*)([/].*)?$ {
auth_request /internal/validate_request;
auth_request_set $cluster $upstream_http_x_elected_runner;
proxy_pass $cluster$2;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Request-Start $msec;
proxy_set_header X-Origin-URI $request_uri;
}
location / {
proxy_pass http://subrequest;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Request-Start $msec;
}
}
}