Skip to content
Snippets Groups Projects
Normal view Permalink
srm.conf 1.42 KiB
Newer Older
  • Learn to ignore specific revisions
    • Andrea Ceccanti's avatar
    docker: ngx-voms docker image
    Andrea Ceccanti committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 
    server {

  error_log logs/error.log debug;
  access_log logs/access.log storm;

  listen 443 ssl;
  server_name storm.example;

  ssl on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  ssl_certificate      /certs/cert.pem;
  ssl_certificate_key  /certs/key.pem;
  ssl_client_certificate  /etc/pki/tls/certs/ca-bundle.crt;

  ssl_verify_client optional;
  ssl_verify_depth 100;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;

  location /srm {

    proxy_pass              http://fe:8080;

    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto https;
    proxy_set_header        Host $http_host;

    # Simple tracing via request_id
    proxy_set_header        X-Request-Id $request_id;

    # VOMS headers
    Andrea Ceccanti's avatar
    Include additional variables in default conf  
    Andrea Ceccanti committed
    34 35 
        proxy_set_header        x-ssl_client_ee_s_dn $ssl_client_ee_s_dn;
    proxy_set_header        x-ssl_client_ee_i_dn $ssl_client_ee_i_dn;
    Andrea Ceccanti's avatar
    docker: ngx-voms docker image
    Andrea Ceccanti committed
    36 37 38 39 40 41 42 43 44 45 
        proxy_set_header        x-voms_fqans $voms_fqans;
    proxy_set_header        x-voms_user $voms_user;
    proxy_set_header        x-voms_user_ca $voms_user_ca;
    proxy_set_header        x-voms_vo $voms_vo;
    proxy_set_header        x-voms_not_before $voms_not_before;
    proxy_set_header        x-voms_not_after $voms_not_after;
    proxy_set_header        x-voms_generic_attributes $voms_generic_attributes;
    proxy_set_header        x-voms_serial $voms_serial;
  }
}