From: David Galloway Date: Thu, 3 Aug 2017 15:59:42 +0000 (-0400) Subject: ansible: Update jenkins nginx reverse proxy config X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=aca256da4ee46e2c0684f482cdeb082610a52221;p=ceph-build.git ansible: Update jenkins nginx reverse proxy config Signed-off-by: David Galloway --- diff --git a/ansible/roles/ansible-jenkins/templates/jenkins.conf b/ansible/roles/ansible-jenkins/templates/jenkins.conf index 617fde92..b299938d 100644 --- a/ansible/roles/ansible-jenkins/templates/jenkins.conf +++ b/ansible/roles/ansible-jenkins/templates/jenkins.conf @@ -4,25 +4,33 @@ server { listen 80 default_server; listen 443 default_server ssl; - server_name localhost {{ ansible_fqdn }}; + server_name {{ inventory_hostname }}; - ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}-bundled.crt; - ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; add_header Strict-Transport-Security "max-age=31536000"; access_log /var/log/nginx/jenkins_access.log; error_log /var/log/nginx/jenkins_error.log; + location '/.well-known/acme-challenge' { + default_type "text/plain"; + root /var/www/{{ inventory_hostname }}; + } + location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://127.0.0.1:8080; + proxy_pass http://127.0.0.1:{{ jenkins_port }}; proxy_read_timeout 180; + # http://tracker.ceph.com/issues/18176 + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + # Redirect all plaintext HTTP to HTTPS if ($scheme != "https") { rewrite ^ https://$host$uri permanent;