add nginx template

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/video_pipeline.j2

+#
+# {{ ansible_managed }}
+#
+
+{% if "video_pipeline" in nginx_default_sites %}
+  {% set default_site = "default_server" %}
+{% else %}
+  {% set default_site = "" %}
+{% endif %}
+
+upstream video_pipeline_app_server {
+{% for host in NGINX_VIDEO_PIPELINE_GUNICORN_HOSTS %}
+    server {{ host }}:{{ video_pipeline_gunicorn_port }} fail_timeout=0;
+{% endfor %}
+}
+
+server {
+  server_name {{ VIDEO_PIPELINE_HOSTNAME }};
+
+  {% if NGINX_ENABLE_SSL %}
+
+  listen {{ VIDEO_PIPELINE_NGINX_PORT }} {{ default_site }};
+  listen {{ VIDEO_PIPELINE_SSL_NGINX_PORT }} ssl;
+
+  {% include "common-settings.j2" %}
+
+  ssl_certificate /etc/ssl/certs/{{ NGINX_SSL_CERTIFICATE|basename }};
+  ssl_certificate_key /etc/ssl/private/{{ NGINX_SSL_KEY|basename }};
+  # request the browser to use SSL for all connections
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
+  {% else %}
+  listen {{ VIDEO_PIPELINE_NGINX_PORT }} {{ default_site }};
+  {% endif %}
+
+  # Prevent invalid display courseware in IE 10+ with high privacy settings
+  add_header P3P '{{ NGINX_P3P_MESSAGE }}';
+
+  location ~ ^/static/(?P<file>.*) {
+    root {{ COMMON_DATA_DIR }}/{{ video_pipeline_service_name }};
+    try_files /staticfiles/$file =404;
+  }
+
+  location / {
+    try_files $uri @proxy_to_app;
+  }
+
+  {% include "robots.j2" %}
+
+location @proxy_to_app {
+    {% if NGINX_SET_X_FORWARDED_HEADERS %}
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Port $server_port;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    {% else %}
+    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+    proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
+    proxy_set_header X-Forwarded-For $http_x_forwarded_for;
+    {% endif %}
+
+    # newrelic-specific header records the time when nginx handles a request.
+    proxy_set_header X-Queue-Start "t=${msec}";
+
+    proxy_set_header Host $http_host;
+
+    proxy_redirect off;
+    proxy_pass http://video_pipeline_app_server;
+  }
+  # Nginx does not support nested condition or or conditions so
+  # there is an unfortunate mix of conditonals here.
+  {% if NGINX_REDIRECT_TO_HTTPS %}
+     {% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
+  # Redirect http to https over single instance
+  if ($scheme != "https")
+  {
+   set $do_redirect_to_https "true";
+  }
+
+    {% elif NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
+
+  # Forward to HTTPS if we're an HTTP request... and the server is behind ELB
+  if ($http_x_forwarded_proto = "http")
+  {
+   set $do_redirect_to_https "true";
+  }
+     {% endif %}
+
+  # Execute the actual redirect
+  if ($do_redirect_to_https = "true")
+  {
+  return 301 https://$host$request_uri;
+  }
+  {% endif %}
+}

playbooks/roles/video_pipeline/defaults/main.yml

@@ -73,6 +73,11 @@ VIDEO_PIPELINE_MEDIA_STORAGE_BACKEND:
 
 VIDEO_PIPELINE_STATICFILES_STORAGE: "django.contrib.staticfiles.storage.StaticFilesStorage"
 
+VIDEO_PIPELINE_HOSTNAME: '~^((stage|prod)-)?pipeline.*'
+
+NGINX_VIDEO_PIPELINE_GUNICORN_HOSTS:
+  - 127.0.0.1
+
 VIDEO_PIPELINE_GUNICORN_EXTRA: ""
 
 VIDEO_PIPELINE_EXTRA_APPS: []