Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
server {
error_log logs/error.log debug;
access_log logs/access.log storm;
listen 443 ssl;
server_name storm.example;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /certs/cert.pem;
ssl_certificate_key /certs/key.pem;
ssl_client_certificate /etc/pki/tls/certs/ca-bundle.crt;
ssl_verify_client optional;
ssl_verify_depth 100;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location /srm {
proxy_pass http://fe:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
# Simple tracing via request_id
proxy_set_header X-Request-Id $request_id;
# VOMS headers
proxy_set_header x-voms_fqans $voms_fqans;
proxy_set_header x-voms_user $voms_user;
proxy_set_header x-voms_user_ca $voms_user_ca;
proxy_set_header x-voms_vo $voms_vo;
proxy_set_header x-voms_not_before $voms_not_before;
proxy_set_header x-voms_not_after $voms_not_after;
proxy_set_header x-voms_generic_attributes $voms_generic_attributes;
proxy_set_header x-voms_serial $voms_serial;
}
}