From aca256da4ee46e2c0684f482cdeb082610a52221 Mon Sep 17 00:00:00 2001 From: David Galloway Date: Thu, 3 Aug 2017 11:59:42 -0400 Subject: [PATCH] ansible: Update jenkins nginx reverse proxy config Signed-off-by: David Galloway --- .../roles/ansible-jenkins/templates/jenkins.conf | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/ansible/roles/ansible-jenkins/templates/jenkins.conf b/ansible/roles/ansible-jenkins/templates/jenkins.conf index 617fde92..b299938d 100644 --- a/ansible/roles/ansible-jenkins/templates/jenkins.conf +++ b/ansible/roles/ansible-jenkins/templates/jenkins.conf @@ -4,25 +4,33 @@ server { listen 80 default_server; listen 443 default_server ssl; - server_name localhost {{ ansible_fqdn }}; + server_name {{ inventory_hostname }}; - ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}-bundled.crt; - ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; add_header Strict-Transport-Security "max-age=31536000"; access_log /var/log/nginx/jenkins_access.log; error_log /var/log/nginx/jenkins_error.log; + location '/.well-known/acme-challenge' { + default_type "text/plain"; + root /var/www/{{ inventory_hostname }}; + } + location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://127.0.0.1:8080; + proxy_pass http://127.0.0.1:{{ jenkins_port }}; proxy_read_timeout 180; + # http://tracker.ceph.com/issues/18176 + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + # Redirect all plaintext HTTP to HTTPS if ($scheme != "https") { rewrite ^ https://$host$uri permanent; -- 2.39.5