Skip to content

Instantly share code, notes, and snippets.

@ztraboo

ztraboo/nginx-lms Secret

Last active August 29, 2015 14:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ztraboo/a424fb63e2ba85316939 to your computer and use it in GitHub Desktop.
Save ztraboo/a424fb63e2ba85316939 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nginx-lms
upstream lms-backend {
server 127.0.0.1:8000 fail_timeout=0;
}
# Shibboleth Setup (Start)
# --------------------------------------------
upstream apache-lms-backend {
# For a TCP configuration:
server 127.0.0.1:5253 fail_timeout=0;
}
# Shibboleth Setup (End)
# --------------------------------------------
server {
listen 80 default;
## redirect http to https ##
rewrite ^ https://$host$request_uri? permanent;
}
server {
# LMS configuration file for nginx, templated by ansible
listen 443 ssl;
ssl_certificate /edx/app/nginx/ssl/domain.edu.crt;
ssl_certificate_key /edx/app/nginx/ssl/domain.edu.key;
## redirect www to nowww ##
if ($host ~* ^www\.(.*)) {
set $host_without_www $1;
rewrite ^/(.*)$ http://$host_without_www/$1 permanent;
}
error_page 503 @maintenance;
location @maintenance {
rewrite ^(.*)$ /maintenance.html break;
}
access_log /edx/var/log/nginx/access.log;
error_log /edx/var/log/nginx/error.log error;
# CS184 requires uploads of up to 4MB for submitting screenshots.
# CMS requires larger value for course assest, values provided
# via hiera.
client_max_body_size 4M;
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
location @proxy_to_lms_app {
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://lms-backend;
}
location / {
if ($maintenance) {
return 503;
}
try_files $uri @proxy_to_lms_app;
}
# No basic auth security on the github_service_hook url, so that github can use it for cms
location /github_service_hook {
try_files $uri @proxy_to_lms_app;
}
# No basic auth security on the heartbeat url, so that ELB can use it
location /heartbeat {
try_files $uri @proxy_to_lms_app;
}
# Check security on this
location ~ /static/(?P<file>.*) {
root /edx/var/edxapp;
try_files /staticfiles/$file /course_static/$file =404;
# return a 403 for static files that shouldn't be
# in the staticfiles directory
location ~ ^/static/(?:.*)(?:\.xml|\.json|README.TXT) {
return 403;
}
# http://www.red-team-design.com/firefox-doesnt-allow-cross-domain-fonts-by-default
location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\.(eot|otf|ttf|woff))" {
expires max;
add_header Access-Control-Allow-Origin *;
try_files /staticfiles/$collected /course_static/$collected =404;
}
# Set django-pipelined files to maximum cache time
location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\..*)" {
expires max;
# Without this try_files, files that have been run through
# django-pipeline return 404s
try_files /staticfiles/$collected /course_static/$collected =404;
}
# Expire other static files immediately (there should be very few / none of these)
expires epoch;
}
# Shibboleth Setup (Start)
# --------------------------------------------
location @proxy_to_apache_lms {
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass https://apache-lms-backend;
}
# pass /Shibboleth.sso on to apache
location /Shibboleth.sso {
try_files $uri @proxy_to_apache_lms;
}
# pass shib-login on to apache
location ~ ^/shib-login/?$ {
try_files $uri @proxy_to_apache_lms;
}
# Shibboleth Setup (End)
# --------------------------------------------
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment