From c64392eb676da42ef151a577d0379991b51d99e6 Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Fri, 7 Oct 2016 10:50:30 -0400 Subject: removing old apache, renaming nginx config --- config/awx-httpd-443.conf | 50 -------------------------------- config/awx-httpd-80.conf | 49 ------------------------------- config/awx-nginx-80.conf | 73 ----------------------------------------------- config/awx-nginx.conf | 73 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 73 insertions(+), 172 deletions(-) delete mode 100644 config/awx-httpd-443.conf delete mode 100644 config/awx-httpd-80.conf delete mode 100644 config/awx-nginx-80.conf create mode 100644 config/awx-nginx.conf (limited to 'config') diff --git a/config/awx-httpd-443.conf b/config/awx-httpd-443.conf deleted file mode 100644 index 2266f042c6..0000000000 --- a/config/awx-httpd-443.conf +++ /dev/null @@ -1,50 +0,0 @@ -NameVirtualHost *:443 -WSGISocketPrefix /var/run/wsgi -WSGIPythonHome /var/lib/awx/venv/tower - -# LoadModule ssl_module modules/mod_ssl.so - - - ServerName localhost - ServerAlias * - DocumentRoot /var/lib/awx/public - SSLEngine on -# This certificate can be replaced. -# However, do not use a different name for, or path to, the SSL certificate. -# Tower's live events feature requires the SSL certificate to be in this location. - SSLCertificateFile /etc/tower/tower.cert - SSLCertificateKeyFile /etc/tower/tower.key - SSLProtocol all -SSLv3 -SSLv2 - - WSGIScriptAlias / /var/lib/awx/wsgi.py - WSGIPassAuthorization On - - WSGIDaemonProcess awx user=awx group=awx processes=2 threads=20 maximum-requests=1000 display-name="%{GROUP}" - WSGIProcessGroup awx - - Alias /favicon.ico /var/lib/awx/public/static/favicon.ico - Alias /static/ /var/lib/awx/public/static/ - - - - = 2.3> - Require all granted - - - Order deny,allow - Allow from all - - - - - - = 2.3> - Require all granted - - - Order deny,allow - Allow from all - - - - diff --git a/config/awx-httpd-80.conf b/config/awx-httpd-80.conf deleted file mode 100644 index f1390fead3..0000000000 --- a/config/awx-httpd-80.conf +++ /dev/null @@ -1,49 +0,0 @@ -WSGISocketPrefix /var/run/wsgi -WSGIPythonHome /var/lib/awx/venv/tower - - - - RewriteEngine On - # don't redirect HTTPs - RewriteCond %{HTTPS} off - # don't redirect /api traffic that requested explicit http:// - RewriteRule ^/api - [L] - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} - - ServerName localhost - ServerAlias * - DocumentRoot /var/lib/awx/public - - WSGIScriptAlias / /var/lib/awx/wsgi.py - WSGIPassAuthorization On - - WSGIDaemonProcess awx_plain user=awx group=awx processes=2 threads=20 maximum-requests=1000 display-name="%{GROUP}" - WSGIProcessGroup awx_plain - - Alias /favicon.ico /var/lib/awx/public/static/favicon.ico - Alias /static/ /var/lib/awx/public/static/ - - - - = 2.3> - Require all granted - - - Order deny,allow - Allow from all - - - - - - = 2.3> - Require all granted - - - Order deny,allow - Allow from all - - - - - diff --git a/config/awx-nginx-80.conf b/config/awx-nginx-80.conf deleted file mode 100644 index facaeae181..0000000000 --- a/config/awx-nginx-80.conf +++ /dev/null @@ -1,73 +0,0 @@ -worker_processes auto; - -# Enable upgrading of connection (and websocket proxying) depending on the -# presence of the upgrade field in the client request header -map \$http_upgrade \$connection_upgrade { -default upgrade; -'' close; -} - -# Create an upstream alias to where we've set daphne to bind to -upstream uwsgi { - server 127.0.0.1:8050; -} - -upstream daphne { - server 127.0.0.1:8051; -} - -http { - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - - server { - listen 80; - listen 443 ssl; - - # If you have a domain name, this is where to add it - server_name localhost *; - keepalive_timeout 70; - - ssl_certificate /etc/tower/tower.crt; - ssl_certificate_key /etc/tower/tower.key; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers HIGH:!aNULL:!MD5; - - location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; } - location /static { alias /var/lib/awx/public/static; } - - location /websocket { - # Pass request to the upstream alias - proxy_pass http://daphne; - # Require http version 1.1 to allow for upgrade requests - proxy_http_version 1.1; - # We want proxy_buffering off for proxying to websockets. - proxy_buffering off; - # http://en.wikipedia.org/wiki/X-Forwarded-For - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # enable this if you use HTTPS: - proxy_set_header X-Forwarded-Proto https; - # pass the Host: header from the client for the sake of redirects - proxy_set_header Host $http_host; - # We've set the Host header, so we don't need Nginx to muddle - # about with redirects - proxy_redirect off; - # Depending on the request value, set the Upgrade and - # connection headers - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - } - - location / { - proxy_pass http://uwsgi; - proxy_http_version 1.1; - proxy_buffering off; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header Host $http_host; - proxy_redirect off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - } - } -} diff --git a/config/awx-nginx.conf b/config/awx-nginx.conf new file mode 100644 index 0000000000..facaeae181 --- /dev/null +++ b/config/awx-nginx.conf @@ -0,0 +1,73 @@ +worker_processes auto; + +# Enable upgrading of connection (and websocket proxying) depending on the +# presence of the upgrade field in the client request header +map \$http_upgrade \$connection_upgrade { +default upgrade; +'' close; +} + +# Create an upstream alias to where we've set daphne to bind to +upstream uwsgi { + server 127.0.0.1:8050; +} + +upstream daphne { + server 127.0.0.1:8051; +} + +http { + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + server { + listen 80; + listen 443 ssl; + + # If you have a domain name, this is where to add it + server_name localhost *; + keepalive_timeout 70; + + ssl_certificate /etc/tower/tower.crt; + ssl_certificate_key /etc/tower/tower.key; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + + location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; } + location /static { alias /var/lib/awx/public/static; } + + location /websocket { + # Pass request to the upstream alias + proxy_pass http://daphne; + # Require http version 1.1 to allow for upgrade requests + proxy_http_version 1.1; + # We want proxy_buffering off for proxying to websockets. + proxy_buffering off; + # http://en.wikipedia.org/wiki/X-Forwarded-For + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # enable this if you use HTTPS: + proxy_set_header X-Forwarded-Proto https; + # pass the Host: header from the client for the sake of redirects + proxy_set_header Host $http_host; + # We've set the Host header, so we don't need Nginx to muddle + # about with redirects + proxy_redirect off; + # Depending on the request value, set the Upgrade and + # connection headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + + location / { + proxy_pass http://uwsgi; + proxy_http_version 1.1; + proxy_buffering off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + } +} -- cgit v1.2.3