kubernetes/ansible-kube/roles/nginx/templates/nginx.conf.j2 - openwhisk-devtools - Git at Google

 {# this template is used to generate a nginx.conf for booting a nginx server based on the given environment inventory #}

 events {
 {# default: 1024 #}
     worker_connections  4096;
 }

 http {
 {# allow large uploads, need to thread proper limit into here #}
     client_max_body_size 50M;

     rewrite_log on;
 {# change log format to display the upstream information #}
     log_format combined-upstream '$remote_addr - $remote_user [$time_local] '
         '$request $status $body_bytes_sent '
         '$http_referer $http_user_agent $upstream_addr';
     access_log /logs/nginx_access.log combined-upstream;

     server {
         listen 443 default ssl;

         # match namespace, note while OpenWhisk allows a richer character set for a
         # namespace, not all those characters are permitted in the (sub)domain name;
         # if namespace does not match, no vanity URL rewriting takes place.
         server_name ~^(?<namespace>[0-9a-zA-Z-]+)\.{{ whisk_api_localhost_name | default(whisk_api_host_name) | default(whisk_api_localhost_name_default) }}$;

         ssl_session_cache    shared:SSL:1m;
         ssl_session_timeout  10m;
         ssl_certificate      /etc/nginx/certs/openwhisk-cert.pem;
         ssl_certificate_key  /etc/nginx/certs/openwhisk-key.pem;
         ssl_verify_client off;
         ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers RC4:HIGH:!aNULL:!MD5;
         ssl_prefer_server_ciphers on;
         proxy_ssl_session_reuse off;

         # proxy to the web action path
         location / {
             if ($namespace) {
               rewrite    /(.*) /api/v1/web/${namespace}/$1 break;
             }
             proxy_pass http://{{ controller_host }}:{{ controller.port }};
             proxy_read_timeout 70s; # 60+10 additional seconds to allow controller to terminate request
         }

         # proxy to 'public/html' web action by convention
         location = / {
             if ($namespace) {
               rewrite    ^ /api/v1/web/${namespace}/public/index.html break;
             }
             proxy_pass http://{{ controller_host }}:{{ controller.port }};
             proxy_read_timeout 70s; # 60+10 additional seconds to allow controller to terminate request
         }

         location /blackbox-0.1.0.tar.gz {
             root /etc/nginx;
         }

         location /OpenWhiskIOSStarterApp.zip {
             return 301 https://github.com/openwhisk/openwhisk-client-swift/releases/download/0.2.3/starterapp-0.2.3.zip;
         }

         location /cli/go/download {
             autoindex on;
             root /etc/nginx;
         }
     }
 }
	{# this template is used to generate a nginx.conf for booting a nginx server based on the given environment inventory #}

	events {
	{# default: 1024 #}
	worker_connections 4096;
	}

	http {
	{# allow large uploads, need to thread proper limit into here #}
	client_max_body_size 50M;

	rewrite_log on;
	{# change log format to display the upstream information #}
	log_format combined-upstream '$remote_addr - $remote_user [$time_local] '
	'$request $status $body_bytes_sent '
	'$http_referer $http_user_agent $upstream_addr';
	access_log /logs/nginx_access.log combined-upstream;

	server {
	listen 443 default ssl;

	# match namespace, note while OpenWhisk allows a richer character set for a
	# namespace, not all those characters are permitted in the (sub)domain name;
	# if namespace does not match, no vanity URL rewriting takes place.
	server_name ~^(?<namespace>[0-9a-zA-Z-]+)\.{{ whisk_api_localhost_name \| default(whisk_api_host_name) \| default(whisk_api_localhost_name_default) }}$;

	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout 10m;
	ssl_certificate /etc/nginx/certs/openwhisk-cert.pem;
	ssl_certificate_key /etc/nginx/certs/openwhisk-key.pem;
	ssl_verify_client off;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers RC4:HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;
	proxy_ssl_session_reuse off;

	# proxy to the web action path
	location / {
	if ($namespace) {
	rewrite /(.*) /api/v1/web/${namespace}/$1 break;
	}
	proxy_pass http://{{ controller_host }}:{{ controller.port }};
	proxy_read_timeout 70s; # 60+10 additional seconds to allow controller to terminate request
	}

	# proxy to 'public/html' web action by convention
	location = / {
	if ($namespace) {
	rewrite ^ /api/v1/web/${namespace}/public/index.html break;
	}
	proxy_pass http://{{ controller_host }}:{{ controller.port }};
	proxy_read_timeout 70s; # 60+10 additional seconds to allow controller to terminate request
	}

	location /blackbox-0.1.0.tar.gz {
	root /etc/nginx;
	}

	location /OpenWhiskIOSStarterApp.zip {
	return 301 https://github.com/openwhisk/openwhisk-client-swift/releases/download/0.2.3/starterapp-0.2.3.zip;
	}

	location /cli/go/download {
	autoindex on;
	root /etc/nginx;
	}
	}
	}