diff options
Diffstat (limited to 'roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2')
| -rw-r--r-- | roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2 | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2 b/roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2 new file mode 100644 index 00000000..a7248194 --- /dev/null +++ b/roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2 @@ -0,0 +1,113 @@ +client_max_body_size 128M; + +# static files +location ^~ /browser { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; +{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %} + proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }}; +{% else %} + proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }}; +{% endif %} + proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem; + proxy_ssl_verify on; + proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}; + proxy_ssl_protocols TLSv1.3; +} + +# WOPI discovery URL +location ^~ /hosting/discovery { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; +{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %} + proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }}; +{% else %} + proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }}; +{% endif %} + proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem; + proxy_ssl_verify on; + proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}; + proxy_ssl_protocols TLSv1.3; +} + +# Capabilities +location ^~ /hosting/capabilities { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; +{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %} + proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }}; +{% else %} + proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }}; +{% endif %} + proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem; + proxy_ssl_verify on; + proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}; + proxy_ssl_protocols TLSv1.3; +} + +# main websocket +location ~ ^/cool/(.*)/ws$ { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_read_timeout 36000s; + + proxy_set_header Host $http_host; +{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %} + proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }}; +{% else %} + proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }}; +{% endif %} + proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem; + proxy_ssl_verify on; + proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}; + proxy_ssl_protocols TLSv1.3; +} + +# download, presentation and image upload +location ~ ^/(c|l)ool { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; +{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %} + proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }}; +{% else %} + proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }}; +{% endif %} + proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem; + proxy_ssl_verify on; + proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}; + proxy_ssl_protocols TLSv1.3; +} + +# Admin Console websocket +location ^~ /cool/adminws { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_read_timeout 36000s; + + proxy_set_header Host $http_host; +{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %} + proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }}; +{% else %} + proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }}; +{% endif %} + proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem; + proxy_ssl_verify on; + proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }}; + proxy_ssl_protocols TLSv1.3; +} |