-
-
Save ztraboo/a424fb63e2ba85316939 to your computer and use it in GitHub Desktop.
https://groups.google.com/forum/#!topic/edx-code/b1ccc6dJ6ZE (/edx/app/nginx/sites-available/lms)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream lms-backend { | |
server 127.0.0.1:8000 fail_timeout=0; | |
} | |
# Shibboleth Setup (Start) | |
# -------------------------------------------- | |
upstream apache-lms-backend { | |
# For a TCP configuration: | |
server 127.0.0.1:5253 fail_timeout=0; | |
} | |
# Shibboleth Setup (End) | |
# -------------------------------------------- | |
server { | |
listen 80 default; | |
## redirect http to https ## | |
rewrite ^ https://$host$request_uri? permanent; | |
} | |
server { | |
# LMS configuration file for nginx, templated by ansible | |
listen 443 ssl; | |
ssl_certificate /edx/app/nginx/ssl/domain.edu.crt; | |
ssl_certificate_key /edx/app/nginx/ssl/domain.edu.key; | |
## redirect www to nowww ## | |
if ($host ~* ^www\.(.*)) { | |
set $host_without_www $1; | |
rewrite ^/(.*)$ http://$host_without_www/$1 permanent; | |
} | |
error_page 503 @maintenance; | |
location @maintenance { | |
rewrite ^(.*)$ /maintenance.html break; | |
} | |
access_log /edx/var/log/nginx/access.log; | |
error_log /edx/var/log/nginx/error.log error; | |
# CS184 requires uploads of up to 4MB for submitting screenshots. | |
# CMS requires larger value for course assest, values provided | |
# via hiera. | |
client_max_body_size 4M; | |
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last; | |
location @proxy_to_lms_app { | |
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; | |
proxy_set_header X-Forwarded-Port $http_x_forwarded_port; | |
proxy_set_header X-Forwarded-For $http_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_redirect off; | |
proxy_pass http://lms-backend; | |
} | |
location / { | |
if ($maintenance) { | |
return 503; | |
} | |
try_files $uri @proxy_to_lms_app; | |
} | |
# No basic auth security on the github_service_hook url, so that github can use it for cms | |
location /github_service_hook { | |
try_files $uri @proxy_to_lms_app; | |
} | |
# No basic auth security on the heartbeat url, so that ELB can use it | |
location /heartbeat { | |
try_files $uri @proxy_to_lms_app; | |
} | |
# Check security on this | |
location ~ /static/(?P<file>.*) { | |
root /edx/var/edxapp; | |
try_files /staticfiles/$file /course_static/$file =404; | |
# return a 403 for static files that shouldn't be | |
# in the staticfiles directory | |
location ~ ^/static/(?:.*)(?:\.xml|\.json|README.TXT) { | |
return 403; | |
} | |
# http://www.red-team-design.com/firefox-doesnt-allow-cross-domain-fonts-by-default | |
location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\.(eot|otf|ttf|woff))" { | |
expires max; | |
add_header Access-Control-Allow-Origin *; | |
try_files /staticfiles/$collected /course_static/$collected =404; | |
} | |
# Set django-pipelined files to maximum cache time | |
location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\..*)" { | |
expires max; | |
# Without this try_files, files that have been run through | |
# django-pipeline return 404s | |
try_files /staticfiles/$collected /course_static/$collected =404; | |
} | |
# Expire other static files immediately (there should be very few / none of these) | |
expires epoch; | |
} | |
# Shibboleth Setup (Start) | |
# -------------------------------------------- | |
location @proxy_to_apache_lms { | |
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; | |
proxy_set_header X-Forwarded-Port $http_x_forwarded_port; | |
proxy_set_header X-Forwarded-For $http_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_redirect off; | |
proxy_pass https://apache-lms-backend; | |
} | |
# pass /Shibboleth.sso on to apache | |
location /Shibboleth.sso { | |
try_files $uri @proxy_to_apache_lms; | |
} | |
# pass shib-login on to apache | |
location ~ ^/shib-login/?$ { | |
try_files $uri @proxy_to_apache_lms; | |
} | |
# Shibboleth Setup (End) | |
# -------------------------------------------- | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment