Skip to content

C
configuration
Commit 4ba79e36 by Arbab Nazar
Options

Merge pull request #2684 from edx/arbab/ssl-templates-fix 

modified the remaining templates
parents 277c7b70 1eaa44cb
Showing with 99 additions and 5 deletions
playbooks/roles/nginx/templates/edx/app/nginx/sites-available/analytics_api.j2
...@@ -7,6 +7,32 @@ upstream analytics_api_app_server { ...@@ -7,6 +7,32 @@ upstream analytics_api_app_server {
server { server {
listen {{ ANALYTICS_API_NGINX_PORT }} default_server; listen {{ ANALYTICS_API_NGINX_PORT }} default_server;
# Nginx does not support nested condition or or conditions so
# there is an unfortunate mix of conditonals here.
{% if NGINX_REDIRECT_TO_HTTPS %}
{% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
# Redirect http to https over single instance
if ($scheme != "https")
{
set $do_redirect_to_https "true";
}
{% endif %}
{% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
# Forward to HTTPS if we're an HTTP request... and the server is behind ELB
if ($http_x_forwarded_proto = "http")
{
set $do_redirect_to_https "true";
}
{% endif %}
# Execute the actual redirect
if ($do_redirect_to_https = "true")
{
rewrite ^ https://$host$request_uri? permanent;
}
{% endif %}
location ~ ^/static/(?P<file>.*) { location ~ ^/static/(?P<file>.*) {
root {{ COMMON_DATA_DIR }}/{{ analytics_api_service_name }}; root {{ COMMON_DATA_DIR }}/{{ analytics_api_service_name }};
try_files /staticfiles/$file =404; try_files /staticfiles/$file =404;
......
playbooks/roles/nginx/templates/edx/app/nginx/sites-available/ecommerce.j2
...@@ -30,20 +30,24 @@ server { ...@@ -30,20 +30,24 @@ server {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
{% endif %} {% endif %}
# Nginx does not support nested condition or or conditions so
# there is an unfortunate mix of conditonals here.
{% if NGINX_REDIRECT_TO_HTTPS %} {% if NGINX_REDIRECT_TO_HTTPS %}
{% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
# Redirect http to https over single instance # Redirect http to https over single instance
if ($scheme != "https") if ($scheme != "https")
{ {
set $do_redirect_to_https "true"; set $do_redirect_to_https "true";
} }
{% endif %}
# Nginx does not support nested conditions {% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
# Forward to HTTPS if we're an HTTP request... and the server is behind ELB # Forward to HTTPS if we're an HTTP request... and the server is behind ELB
if ($http_x_forwarded_proto = "http") if ($http_x_forwarded_proto = "http")
{ {
set $do_redirect_to_https "true"; set $do_redirect_to_https "true";
} }
{% endif %}
# Execute the actual redirect
if ($do_redirect_to_https = "true") if ($do_redirect_to_https = "true")
{ {
rewrite ^ https://$host$request_uri? permanent; rewrite ^ https://$host$request_uri? permanent;
......
playbooks/roles/nginx/templates/edx/app/nginx/sites-available/edx_notes_api.j2
...@@ -7,6 +7,32 @@ upstream {{ edx_notes_api_service_name }}_app_server { ...@@ -7,6 +7,32 @@ upstream {{ edx_notes_api_service_name }}_app_server {
server { server {
listen {{ edx_notes_api_nginx_port }} default_server; listen {{ edx_notes_api_nginx_port }} default_server;
# Nginx does not support nested condition or or conditions so
# there is an unfortunate mix of conditonals here.
{% if NGINX_REDIRECT_TO_HTTPS %}
{% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
# Redirect http to https over single instance
if ($scheme != "https")
{
set $do_redirect_to_https "true";
}
{% endif %}
{% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
# Forward to HTTPS if we're an HTTP request... and the server is behind ELB
if ($http_x_forwarded_proto = "http")
{
set $do_redirect_to_https "true";
}
{% endif %}
# Execute the actual redirect
if ($do_redirect_to_https = "true")
{
rewrite ^ https://$host$request_uri? permanent;
}
{% endif %}
location / { location / {
try_files $uri @proxy_to_app; try_files $uri @proxy_to_app;
} }
......
playbooks/roles/nginx/templates/edx/app/nginx/sites-available/insights.j2
...@@ -33,20 +33,26 @@ location @proxy_to_app { ...@@ -33,20 +33,26 @@ location @proxy_to_app {
proxy_pass http://insights_app_server; proxy_pass http://insights_app_server;
} }
# Nginx does not support nested condition or or conditions so
# there is an unfortunate mix of conditonals here.
{% if NGINX_REDIRECT_TO_HTTPS %} {% if NGINX_REDIRECT_TO_HTTPS %}
{% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
# Redirect http to https over single instance # Redirect http to https over single instance
if ($scheme != "https") if ($scheme != "https")
{ {
set $do_redirect_to_https "true"; set $do_redirect_to_https "true";
} }
{% endif %}
{% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
# Nginx does not support nested conditions
# Forward to HTTPS if we're an HTTP request... and the server is behind ELB # Forward to HTTPS if we're an HTTP request... and the server is behind ELB
if ($http_x_forwarded_proto = "http") if ($http_x_forwarded_proto = "http")
{ {
set $do_redirect_to_https "true"; set $do_redirect_to_https "true";
} }
{% endif %}
# Execute the actual redirect
if ($do_redirect_to_https = "true") if ($do_redirect_to_https = "true")
{ {
rewrite ^ https://$host$request_uri? permanent; rewrite ^ https://$host$request_uri? permanent;
......
playbooks/roles/nginx/templates/edx/app/nginx/sites-available/kibana.j2
...@@ -23,6 +23,32 @@ server { ...@@ -23,6 +23,32 @@ server {
listen {{ KIBANA_NGINX_PORT }} {{ default_site }}; listen {{ KIBANA_NGINX_PORT }} {{ default_site }};
{% endif %} {% endif %}
# Nginx does not support nested condition or or conditions so
# there is an unfortunate mix of conditonals here.
{% if NGINX_REDIRECT_TO_HTTPS %}
{% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
# Redirect http to https over single instance
if ($scheme != "https")
{
set $do_redirect_to_https "true";
}
{% endif %}
{% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
# Forward to HTTPS if we're an HTTP request... and the server is behind ELB
if ($http_x_forwarded_proto = "http")
{
set $do_redirect_to_https "true";
}
{% endif %}
# Execute the actual redirect
if ($do_redirect_to_https = "true")
{
rewrite ^ https://$host$request_uri? permanent;
}
{% endif %}
server_name {{ KIBANA_SERVER_NAME }}; server_name {{ KIBANA_SERVER_NAME }};
root {{ kibana_app_dir }}/htdocs; root {{ kibana_app_dir }}/htdocs;
......
playbooks/roles/nginx/templates/edx/app/nginx/sites-available/programs.j2
...@@ -31,20 +31,26 @@ server { ...@@ -31,20 +31,26 @@ server {
{% endif %} {% endif %}
# Nginx does not support nested condition or or conditions so
# there is an unfortunate mix of conditonals here.
{% if NGINX_REDIRECT_TO_HTTPS %} {% if NGINX_REDIRECT_TO_HTTPS %}
{% if NGINX_HTTPS_REDIRECT_STRATEGY == "scheme" %}
# Redirect http to https over single instance # Redirect http to https over single instance
if ($scheme != "https") if ($scheme != "https")
{ {
set $do_redirect_to_https "true"; set $do_redirect_to_https "true";
} }
{% endif %}
{% if NGINX_HTTPS_REDIRECT_STRATEGY == "forward_for_proto" %}
# Nginx does not support nested conditions
# Forward to HTTPS if we're an HTTP request... and the server is behind ELB # Forward to HTTPS if we're an HTTP request... and the server is behind ELB
if ($http_x_forwarded_proto = "http") if ($http_x_forwarded_proto = "http")
{ {
set $do_redirect_to_https "true"; set $do_redirect_to_https "true";
} }
{% endif %}
# Execute the actual redirect
if ($do_redirect_to_https = "true") if ($do_redirect_to_https = "true")
{ {
rewrite ^ https://$host$request_uri? permanent; rewrite ^ https://$host$request_uri? permanent;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment