Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: 9985d7632a
Fetching contributors…

Cannot retrieve contributors at this time

125 lines (95 sloc) 3.909 kb
# deployment cloudcontroller nginx.conf
user vcap vcap;
error_log /var/vcap/sys/log/nginx/nginx.error.log;
pid /var/vcap/sys/run/nginx/nginx.pid;
http {
include mime.types;
default_type text/html;
server_tokens off;
log_format main '$host - [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'$proxy_add_x_forwarded_for response_time:$upstream_response_time';
access_log /var/vcap/sys/log/nginx/nginx.access.log main;
sendfile on; #enable use of sendfile()
tcp_nopush on;
tcp_nodelay on; #disable nagel's algorithm
keepalive_timeout 75 20; #inherited from router
client_max_body_size 256M; #already enforced upstream/but doesn't hurt.
upstream cloud_controller {
server unix:/var/vcap/sys/run/cloud_controller_ng/cloud_controller.sock;
}
server {
listen 9022;
server_name _;
server_name_in_redirect off;
# proxy and log all CC traffic
location / {
access_log /var/vcap/sys/log/nginx/nginx.access.log main;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_connect_timeout 10;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_pass http://cloud_controller;
}
# used for x-accel-redirect uri://location/foo.txt
# nginx will serve the file root || location || foo.txt
location /droplets/ {
internal;
root /var/vcap/shared;
}
location ~ (/apps/.*/application|/v2/apps/.*/bits|/services/v\d+/configurations/.*/serialized/data) {
# Pass altered request body to this location
upload_pass @cc_uploads;
upload_pass_args on;
# Store files to this directory
upload_store /var/vcap/data/cloud_controller_ng/tmp/uploads;
# No limit for output body forwarded to CC
upload_max_output_body_len 0;
# Allow uploaded files to be read only by user
upload_store_access user:r;
# Set specified fields in request body
upload_set_form_field "${upload_field_name}_name" $upload_file_name;
upload_set_form_field "${upload_field_name}_path" $upload_tmp_path;
#forward the following fields from existing body
upload_pass_form_field "^resources$";
upload_pass_form_field "^_method$";
#on any error, delete uploaded files.
upload_cleanup 400-505;
}
# Droplet uploads from the stager should be authenticated
location /staging/droplets/ {
# Pass along auth header
set $auth_header $upstream_http_x_auth;
proxy_set_header Authorization $auth_header;
# Pass altered request body to this location
upload_pass @cc_uploads;
# Store files to this directory
upload_store /var/vcap/data/cloud_controller_ng/tmp/staged_droplet_uploads;
# Allow uploaded files to be read only by user
upload_store_access user:r;
# Set specified fields in request body
upload_set_form_field "droplet_path" $upload_tmp_path;
#on any error, delete uploaded files.
upload_cleanup 400-505;
}
# Pass altered request body to a backend
location @cc_uploads {
proxy_pass http://unix:/var/vcap/sys/run/cloud_controller_ng/cloud_controller.sock;
}
location ~ ^/internal_redirect/(.*){
# only allow internal redirects
internal;
set $download_url $1;
#have to manualy pass along auth header
set $auth_header $upstream_http_x_auth;
proxy_set_header Authorization $auth_header;
# Download the file and send it to client
proxy_pass $download_url;
}
}
}
Jump to Line
Something went wrong with that request. Please try again.