forked from percona/pmm-server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx.conf
131 lines (111 loc) · 3.02 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
gzip on;
etag on;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen 443 ssl http2;
server_name _;
server_tokens off;
# workaround CVE-2017-7529
max_ranges 1;
ssl_certificate /srv/nginx/certificate.crt;
ssl_certificate_key /srv/nginx/certificate.key;
ssl_trusted_certificate /srv/nginx/ca-certs.pem;
ssl_dhparam /srv/nginx/dhparam.pem;
# Authentification
set $setup_type ovf-ami;
set $realm off;
if (-f /srv/nginx/.htpasswd) {
set $realm on;
set $setup_type "${setup_type}-protected";
}
if ($setup_type = "ovf-ami") {
rewrite ^/$ $scheme://$http_host/password-page/ permanent;
}
if ($setup_type ~ "-protected") {
rewrite ^/password-page $scheme://$http_host/ permanent;
}
root /usr/share/pmm-server/landing-page;
auth_basic $realm;
auth_basic_user_file /srv/nginx/.htpasswd;
# Grafana
rewrite ^/$ $scheme://$http_host/graph/ permanent;
rewrite ^/graph$ /graph/;
location /graph {
proxy_pass http://127.0.0.1:3000;
rewrite ^/graph/(.*) /$1 break;
proxy_read_timeout 600;
}
location = /graph/logout {
if ($realm = "on") {
# Force browser to reauthenticate
return 307 $scheme://logmeout:now@$http_host/graph/;
}
proxy_pass http://127.0.0.1:3000/logout;
proxy_read_timeout 600;
}
# Prometheus
location /prometheus {
proxy_pass http://127.0.0.1:9090;
proxy_read_timeout 600;
}
# Consul UI
location /consul/ {
proxy_pass http://127.0.0.1:8500/ui/;
}
# Consul API
location /v1/ {
proxy_pass http://127.0.0.1:8500/v1/;
add_header X-Remote-IP $remote_addr;
add_header X-Server-Time $date_gmt;
}
# QAN App
location /qan {
alias /usr/share/percona-qan-app;
try_files $uri /index.html break;
add_header X-Frame-Options SAMEORIGIN;
}
# QAN API
rewrite ^/qan-api$ /qan-api/;
location /qan-api {
proxy_pass http://127.0.0.1:9001;
rewrite ^/qan-api/(.*) /$1 break;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 86400;
}
# Orchestrator
location /orchestrator {
proxy_pass http://127.0.0.1:4000;
}
location /collect_info {
root /srv/collect_info;
autoindex on;
}
location /password-page {
alias /usr/share/pmm-server/password-page;
try_files $uri /index.html break;
}
# Configurator
location /configurator {
proxy_pass http://127.0.0.1:7777;
proxy_read_timeout 86400;
}
# pmm-managed
location /managed {
proxy_pass http://127.0.0.1:7772;
rewrite ^/managed/(.*) /$1 break;
}
# PMM-2004 health endpoint
rewrite ^/ping$ /managed/v1/version;
location /managed/v1/version {
auth_basic off;
proxy_pass http://127.0.0.1:7772;
rewrite ^/managed/(.*) /$1 break;
}
}