| |
| ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES'; |
| ssl_dhparam /etc/nginx/ssl/dh_params.pem; |
| ssl_session_cache shared:SSL:10m; |
| |
| ssl_certificate /etc/nginx/ssl/skia_org.pem; |
| ssl_certificate_key /etc/nginx/ssl/skia_org.key; |
| |
| # Keep these marginally longer than the 600s we keep the GCE HTTPS Load Balancer. |
| proxy_connect_timeout 620s; |
| proxy_send_timeout 620s; |
| proxy_read_timeout 620s; |
| send_timeout 620s; |
| |
| # Include the proxied host into the combined log format. |
| log_format combined_proxy '$remote_addr - $remote_user [$time_local] ' |
| '"$request" $status $body_bytes_sent ' |
| '"$http_referer" "$http_user_agent" ' |
| 'upstream=$upstream_response_time ' |
| '"$proxy_host"'; |
| |
| ## |
| # Global Headers |
| ## |
| # Enable HSTS. |
| add_header Strict-Transport-Security "max-age=31536000; preload;"; |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options "nosniff"; |
| |
| # Prevent clickjacking. |
| # add_header X-Frame-Options "SAMEORIGIN" always; |
| |
| ##### skia.org ################################ |
| server { |
| listen 443 default_server; |
| server_name skia.org www.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/skia.access.log; |
| error_log /var/log/nginx/skia.error.log error; |
| |
| if ( $host != 'skia.org' ) { |
| rewrite ^/(.*)$ https://skia.org/$1 permanent; |
| } |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80 default_server; |
| server_name skia.org www.skia.org ""; |
| return 301 https://skia.org$request_uri; |
| } |
| |
| ##### contest.skia.org ########################### |
| server { |
| listen 443; |
| server_name contest.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/contest.access.log; |
| error_log /var/log/nginx/contest.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name contest.skia.org; |
| return 301 https://contest.skia.org$request_uri; |
| } |
| |
| ##### perf.skia.org ########################### |
| server { |
| listen 443; |
| server_name perf.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/perf.access.log; |
| error_log /var/log/nginx/perf.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name perf.skia.org; |
| return 301 https://perf.skia.org$request_uri; |
| } |
| |
| ##### android-perf.skia.org (REDIRECT) ########################### |
| server { |
| listen 80; |
| listen 443 ssl; |
| |
| server_name android-perf.skia.org; |
| |
| return 301 https://android-master-perf.skia.org$request_uri; |
| |
| access_log /var/log/nginx/android-perf.access.log; |
| error_log /var/log/nginx/android-perf.error.log error; |
| } |
| |
| ##### android-master-ingest.skia.org ########################### |
| server { |
| listen 443; |
| server_name android-master-ingest.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/android-master-ingest.access.log; |
| error_log /var/log/nginx/android-master-ingest.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name android-master-ingest.skia.org; |
| return 301 https://android-master-ingest.skia.org$request_uri; |
| } |
| |
| ##### android-master-perf.skia.org ########################### |
| server { |
| listen 443; |
| server_name android-master-perf.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/android-master-perf.access.log; |
| error_log /var/log/nginx/android-master-perf.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name android-master-perf.skia.org; |
| return 301 https://android-master-perf.skia.org$request_uri; |
| } |
| |
| ##### gold.skia.org ########################### |
| server { |
| listen 443; |
| server_name gold.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/gold.access.log combined_proxy; |
| error_log /var/log/nginx/gold.error.log error; |
| |
| client_max_body_size 100M; |
| |
| location /_/hashes { |
| proxy_pass https://storage.googleapis.com/skia-infra-gm/hash_files/gold-prod-hashes.txt; |
| } |
| |
| # Serve images directly from the diff server. |
| location /img/ { |
| proxy_pass http://skia-diffserver-prod:8001; |
| proxy_set_header Host $host; |
| } |
| |
| location /json/trstatus { |
| proxy_pass http://skia-gold-prod:19000; |
| proxy_set_header Host $host; |
| } |
| |
| location / { |
| proxy_pass http://skia-gold-prod:8001; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name gold.skia.org; |
| return 301 https://gold.skia.org$request_uri; |
| } |
| |
| ##### public-gold.skia.org ########################### |
| server { |
| listen 443; |
| server_name public-gold.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/public-gold.access.log combined_proxy; |
| error_log /var/log/nginx/public-gold.error.log error; |
| |
| client_max_body_size 100M; |
| |
| # Serve images directly from the diff server. |
| location /img/ { |
| proxy_pass http://skia-diffserver-prod:8001; |
| proxy_set_header Host $host; |
| } |
| |
| location / { |
| proxy_pass http://skia-gold-public:8001; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name public-gold.skia.org; |
| return 301 https://public-gold.skia.org$request_uri; |
| } |
| |
| ##### gold-stage.skia.org ########################### |
| server { |
| listen 443; |
| server_name gold-stage.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/gold-stage.access.log combined_proxy; |
| error_log /var/log/nginx/gold-stage.error.log error; |
| |
| client_max_body_size 100M; |
| |
| location /_/hashes { |
| proxy_pass https://storage.googleapis.com/skia-infra-gm/hash_files/gold-prod-hashes.txt; |
| } |
| |
| # Serve images directly from the diff server. |
| location /img/ { |
| proxy_pass http://skia-diffserver-stage:8001; |
| proxy_set_header Host $host; |
| } |
| |
| # TODO(stephana): Resolve accessing Gold from Gerrit with authentication and |
| # remove this rewrite rule. Right now this for testing only. |
| location /json/tryjobs/ { |
| proxy_pass http://skia-gold-stage:19000; |
| proxy_set_header Host $host; |
| } |
| |
| location / { |
| proxy_pass http://skia-gold-stage:8001; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name gold-stage.skia.org; |
| return 301 https://gold-stage.skia.org$request_uri; |
| } |
| |
| ##### pdfium-gold.skia.org ##################### |
| server { |
| listen 443; |
| server_name pdfium-gold.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/pdfium-gold.access.log; |
| error_log /var/log/nginx/pdfium-gold.error.log error; |
| |
| client_max_body_size 100M; |
| |
| location /_/hashes { |
| proxy_pass https://storage.googleapis.com/skia-infra-gm/hash_files/gold-pdfium-hashes.txt; |
| } |
| |
| location / { |
| proxy_pass http://skia-gold-pdfium:8001; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name pdfium-gold.skia.org; |
| return 301 https://pdfium-gold.skia.org$request_uri; |
| } |
| |
| ##### chrome-vr-gold.skia.org ##################### |
| server { |
| listen 443; |
| server_name chrome-vr-gold.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/chromevr-gold.access.log; |
| error_log /var/log/nginx/chromevr-gold.error.log error; |
| |
| client_max_body_size 100M; |
| |
| location /_/hashes { |
| proxy_pass https://storage.googleapis.com/skia-chromevr-gm/hash_files/gold-chromevr-hashes.txt; |
| } |
| |
| location / { |
| proxy_pass http://skia-gold-chromevr:8001; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name chrome-vr-gold.skia.org; |
| return 301 https://chrome-vr-gold.skia.org$request_uri; |
| } |
| |
| ##### afdo-chromium-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name afdo-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/afdo-chromium-autoroll; |
| } |
| server { |
| listen 80; |
| server_name afdo-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/afdo-chromium-autoroll; |
| } |
| |
| ##### autoroll.skia.org ########################### |
| server { |
| listen 443; |
| server_name autoroll.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/autoroll.access.log; |
| error_log /var/log/nginx/autoroll.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name autoroll.skia.org; |
| return 301 https://autoroll.skia.org$request_uri; |
| } |
| |
| ##### autoroll-internal.skia.org ########################### |
| server { |
| listen 443; |
| server_name autoroll-internal.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/autoroll-internal.access.log; |
| error_log /var/log/nginx/autoroll-internal.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name autoroll-internal.skia.org; |
| return 301 https://autoroll-internal.skia.org$request_uri; |
| } |
| |
| ##### android-master-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name android-master-roll.skia.org; |
| return 301 https://autoroll-internal.skia.org/r/android-master-autoroll; |
| } |
| server { |
| listen 80; |
| server_name android-master-roll.skia.org; |
| return 301 https://autoroll-internal.skia.org/r/android-master-autoroll; |
| } |
| |
| ##### android-next-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name android-next-roll.skia.org; |
| return 301 https://autoroll-internal.skia.org/r/android-next-autoroll; |
| } |
| server { |
| listen 80; |
| server_name android-next-roll.skia.org; |
| return 301 https://autoroll-internal.skia.org/r/android-next-autoroll; |
| } |
| |
| |
| ##### android-o-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name android-o-roll.skia.org; |
| return 301 https://autoroll-internal.skia.org/r/android-o-autoroll; |
| } |
| server { |
| listen 80; |
| server_name android-o-roll.skia.org; |
| return 301 https://autoroll-internal.skia.org/r/android-o-autoroll; |
| } |
| |
| |
| ##### angle-chromium-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name angle-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/angle-chromium-autoroll; |
| } |
| server { |
| listen 80; |
| server_name angle-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/angle-chromium-autoroll; |
| } |
| |
| |
| ##### angle-skia-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name angle-skia-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/angle-skia-autoroll; |
| } |
| server { |
| listen 80; |
| server_name angle-skia-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/angle-skia-autoroll; |
| } |
| |
| ##### catapult-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name catapult-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/catapult-autoroll; |
| } |
| server { |
| listen 80; |
| server_name catapult-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/catapult-autoroll; |
| } |
| |
| ##### chromite-chromium-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name chromite-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/chromite-chromium-autoroll; |
| } |
| server { |
| listen 80; |
| server_name chromite-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/chromite-chromium-autoroll; |
| } |
| |
| ##### chromium-skia-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name chromium-skia-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/chromium-skia-autoroll; |
| } |
| server { |
| listen 80; |
| server_name chromium-skia-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/chromium-skia-autoroll; |
| } |
| |
| ##### depot-tools-chromium-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name depot-tools-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/depot-tools-chromium-autoroll; |
| } |
| server { |
| listen 80; |
| server_name depot-tools-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/depot-tools-chromium-autoroll; |
| } |
| |
| ##### flutter-engine-flutter-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name flutter-engine-flutter-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/flutter-engine-flutter-autoroll; |
| } |
| server { |
| listen 80; |
| server_name flutter-engine-flutter-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/flutter-engine-flutter-autoroll; |
| } |
| |
| ##### google3-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name google3-roll.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/google3-roll.access.log; |
| error_log /var/log/nginx/google3-roll.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location /json/roll { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| location / { |
| return 301 https://autoroll-internal.skia.org/r/google3-autoroll; |
| } |
| } |
| server { |
| listen 80; |
| server_name google3-roll.skia.org; |
| return 301 https://autoroll-internal.skia.org/r/google3-autoroll; |
| } |
| |
| ##### lottie-web-lottie-ci-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name lottie-web-lottie-ci-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/lottie-web-lottie-ci-autoroll; |
| } |
| server { |
| listen 80; |
| server_name lottie-web-lottie-ci-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/lottie-web-lottie-ci-autoroll; |
| } |
| |
| ##### nacl-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name nacl-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/nacl-autoroll; |
| } |
| server { |
| listen 80; |
| server_name nacl-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/nacl-autoroll; |
| } |
| |
| ##### pdfium-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name pdfium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/pdfium-autoroll; |
| } |
| server { |
| listen 80; |
| server_name pdfium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/pdfium-autoroll; |
| } |
| |
| ##### perfetto-chromium-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name perfetto-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/perfetto-chromium-autoroll; |
| } |
| server { |
| listen 80; |
| server_name perfetto-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/perfetto-chromium-autoroll; |
| } |
| |
| ##### fuchsia-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name fuchsia-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/fuchsia-autoroll; |
| } |
| server { |
| listen 80; |
| server_name fuchsia-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/fuchsia-autoroll; |
| } |
| |
| ##### fuchsia-sdk-chromium-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name fuchsia-sdk-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/fuchsia-sdk-chromium-autoroll; |
| } |
| server { |
| listen 80; |
| server_name fuchsia-sdk-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/fuchsia-sdk-chromium-autoroll; |
| } |
| |
| ##### skcms-skia-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name skcms-skia-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/skcms-skia-autoroll; |
| } |
| server { |
| listen 80; |
| server_name skcms-skia-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/skcms-skia-autoroll; |
| } |
| |
| ##### skia-flutter-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name skia-flutter-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/skia-flutter-autoroll; |
| } |
| server { |
| listen 80; |
| server_name skia-flutter-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/skia-flutter-autoroll; |
| } |
| |
| ##### skia-lottie-ci-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name skia-lottie-ci-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/skia-lottie-ci-autoroll; |
| } |
| server { |
| listen 80; |
| server_name skia-lottie-ci-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/skia-lottie-ci-autoroll; |
| } |
| |
| ##### spirv-headers-chromium-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name spirv-headers-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/spirv-headers-chromium-autoroll; |
| } |
| server { |
| listen 80; |
| server_name spirv-headers-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/spirv-headers-chromium-autoroll; |
| } |
| |
| ##### spirv-tools-chromium-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name spirv-tools-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/spirv-tools-chromium-autoroll; |
| } |
| server { |
| listen 80; |
| server_name spirv-tools-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/spirv-tools-chromium-autoroll; |
| } |
| |
| ##### src-internal-chromium-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name src-internal-chromium-roll.skia.org; |
| return 301 https://autoroll-internal.skia.org/r/src-internal-chromium-autoroll; |
| } |
| server { |
| listen 80; |
| server_name src-internal-chromium-roll.skia.org; |
| return 301 https://autoroll-internal.skia.org/r/src-internal-chromium-autoroll; |
| } |
| |
| ##### swiftshader-skia-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name swiftshader-skia-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/swiftshader-skia-autoroll; |
| } |
| server { |
| listen 80; |
| server_name swiftshader-skia-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/swiftshader-skia-autoroll; |
| } |
| |
| ##### webrtc-chromium-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name webrtc-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/webrtc-chromium-autoroll; |
| } |
| server { |
| listen 80; |
| server_name webrtc-chromium-roll.skia.org; |
| return 301 https://autoroll.skia.org/r/webrtc-chromium-autoroll; |
| } |
| |
| ##### mon.skia.org ########################### |
| server { |
| listen 443; |
| server_name mon.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/mon.access.log; |
| error_log /var/log/nginx/mon.error.log error; |
| |
| location / { |
| proxy_pass http://skia-monitoring:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80; |
| server_name mon.skia.org; |
| return 301 https://mon.skia.org$request_uri; |
| } |
| |
| ##### metrics.skia.org ########################### |
| # This rule allows Skolo and Golo bots to report graphite metrics over https. |
| server { |
| listen 443; |
| server_name metrics.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/metrics.access.log; |
| error_log /var/log/nginx/metrics.error.log error; |
| |
| location / { |
| proxy_pass http://skia-monitoring:10117; |
| proxy_set_header Host $host; |
| # Skolo primary public IP TODO(kjlubick) Remove after transition |
| allow 216.239.33.118/32; |
| # Skolo secondary public IP TODO(kjlubick) Remove after transition |
| allow 216.239.33.70/32; |
| # Skolo new primary public IP |
| allow 104.132.164.0/24; |
| # Golo public IP |
| allow 74.125.248.64/27; |
| deny all; |
| } |
| } |
| |
| |
| ##### push.skia.org ########################### |
| server { |
| listen 443; |
| server_name push.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/push.access.log; |
| error_log /var/log/nginx/push.error.log error; |
| |
| location / { |
| proxy_pass http://skia-push:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name push.skia.org; |
| return 301 https://push.skia.org$request_uri; |
| } |
| |
| ##### fiddle.skia.org ########################### |
| server { |
| listen 443; |
| server_name fiddle.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/fiddle.access.log; |
| error_log /var/log/nginx/fiddle.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name fiddle.skia.org; |
| return 301 https://fiddle.skia.org$request_uri; |
| } |
| |
| ##### fuzzer.skia.org ########################### |
| server { |
| listen 443; |
| server_name fuzzer.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/fuzzer.access.log; |
| error_log /var/log/nginx/fuzzer.error.log error; |
| |
| location / { |
| proxy_pass http://skia-fuzzer-fe:8001; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name fuzzer.skia.org; |
| return 301 https://fuzzer.skia.org$request_uri; |
| } |
| |
| #### health.skia.org ################ |
| # Just return empty 200 responses for network load balancing health checks. |
| # See https://cloud.google.com/compute/docs/load-balancing/health-checks |
| server { |
| listen 80; |
| server_name health.skia.org; |
| |
| access_log /var/log/nginx/health.access.log; |
| error_log /var/log/nginx/health.error.log error; |
| |
| location / { |
| return 200; |
| } |
| } |
| |
| ##### status.skia.org ########################### |
| server { |
| listen 443; |
| server_name status.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/status.access.log; |
| error_log /var/log/nginx/status.error.log error; |
| |
| location / { |
| proxy_pass http://skia-status:8002; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name status.skia.org; |
| return 301 https://status.skia.org$request_uri; |
| } |
| |
| ##### status-internal.skia.org ########################### |
| server { |
| listen 443; |
| server_name status-internal.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/status-internal.access.log; |
| error_log /var/log/nginx/status-internal.error.log error; |
| |
| location / { |
| proxy_pass http://skia-proxy:8000; |
| proxy_set_header Host "skia-status-internal-8002-proxy.skia.org"; |
| } |
| } |
| server { |
| listen 80; |
| server_name status-internal.skia.org; |
| return 301 https://status-internal.skia.org$request_uri; |
| } |
| |
| ##### status-staging.skia.org ########################### |
| server { |
| listen 443; |
| server_name status-staging.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/status-staging.access.log; |
| error_log /var/log/nginx/status-staging.error.log error; |
| |
| location / { |
| proxy_pass http://skia-status-staging:8002; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name status-staging.skia.org; |
| return 301 https://status-staging.skia.org$request_uri; |
| } |
| |
| ##### go.skia.org ########################### |
| server { |
| listen 443; |
| server_name go.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/go.access.log; |
| error_log /var/log/nginx/go.error.log error; |
| |
| location / { |
| add_header Content-Type text/html; |
| return 200 '<meta name="go-import" content="go.skia.org/infra git https://skia.googlesource.com/buildbot">'; |
| } |
| } |
| |
| ##### ct.skia.org ########################### |
| server { |
| listen 443; |
| server_name ct.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/ct.access.log; |
| error_log /var/log/nginx/ct.error.log error; |
| |
| client_max_body_size 50M; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name ct.skia.org; |
| return 301 https://ct.skia.org$request_uri; |
| } |
| |
| ##### skbug.com (REDIRECT) ########################### |
| server { |
| listen 80; |
| server_name skbug.com; |
| |
| access_log /var/log/nginx/sk-bug.access.log; |
| error_log /var/log/nginx/sk-bug.error.log error; |
| |
| rewrite ^/([0-9]+)$ https://bugs.chromium.org/p/skia/issues/detail?id=$1 redirect; |
| rewrite ^ https://bugs.chromium.org/p/skia/issues/list redirect; |
| } |
| |
| ##### bug.skia.org (REDIRECT) ########################### |
| server { |
| listen 443; |
| server_name bug.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/bug.access.log; |
| error_log /var/log/nginx/bug.error.log error; |
| |
| # Note: nginx automatically appends the incoming query parameters to the redirect URL. |
| rewrite ^/p/skia/issues/detail(/?)$ https://bugs.chromium.org/p/skia/issues/detail redirect; |
| rewrite ^/p/skia/issues/list(/?)$ https://bugs.chromium.org/p/skia/issues/list redirect; |
| rewrite ^/p/skia(.*) https://skia.org? redirect; |
| rewrite ^/([0-9]+)$ https://bugs.chromium.org/p/skia/issues/detail?id=$1 redirect; |
| rewrite ^ https://bugs.chromium.org/p/skia/issues/list redirect; |
| } |
| |
| server { |
| listen 80; |
| server_name bug.skia.org; |
| return 301 https://bug.skia.org$request_uri; |
| } |
| |
| ##### bugs.skia.org (REDIRECT) ########################## |
| # (People have trouble remembering if they should type "bug" or "bugs.") |
| server { |
| listen 443; |
| server_name bugs.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/bugs.access.log; |
| error_log /var/log/nginx/bugs.error.log error; |
| |
| # Note: nginx automatically appends the incoming query parameters to the redirect URL. |
| rewrite ^/p/skia/issues/detail(/?)$ https://bugs.chromium.org/p/skia/issues/detail redirect; |
| rewrite ^/p/skia/issues/list(/?)$ https://bugs.chromium.org/p/skia/issues/list redirect; |
| rewrite ^/p/skia(.*) https://skia.org? redirect; |
| rewrite ^/([0-9]+)$ https://bugs.chromium.org/p/skia/issues/detail?id=$1 redirect; |
| rewrite ^ https://bugs.chromium.org/p/skia/issues/list redirect; |
| } |
| |
| server { |
| listen 80; |
| server_name bugs.skia.org; |
| return 301 https://bugs.skia.org$request_uri; |
| } |
| |
| ##### code.skia.org (REDIRECT) ########################### |
| server { |
| listen 443; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/code.access.log; |
| error_log /var/log/nginx/code.error.log error; |
| |
| server_name code.skia.org; |
| rewrite ^ https://skia.googlesource.com/skia redirect; |
| } |
| |
| server { |
| listen 80; |
| server_name code.skia.org; |
| rewrite ^ https://skia.googlesource.com/skia redirect; |
| } |
| |
| ##### review.skia.org (REDIRECT) ########################### |
| server { |
| listen 443; |
| server_name review.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/review.access.log; |
| error_log /var/log/nginx/review.error.log error; |
| |
| # Note: nginx automatically appends the incoming query parameters to the redirect URL. |
| rewrite ^/([0-9]+)$ https://skia-review.googlesource.com/c/$1/ redirect; |
| rewrite ^ https://skia-review.googlesource.com redirect; |
| } |
| |
| server { |
| listen 80; |
| server_name review.skia.org; |
| return 301 https://review.skia.org$request_uri; |
| } |
| |
| ##### reviews.skia.org (REDIRECT) ########################## |
| # (People have trouble remembering if they should type "review" or "reviews.") |
| server { |
| listen 443; |
| server_name reviews.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/reviews.access.log; |
| error_log /var/log/nginx/reviews.error.log error; |
| |
| # Note: nginx automatically appends the incoming query parameters to the redirect URL. |
| rewrite ^/([0-9]+)$ https://skia-review.googlesource.com/c/$1/ redirect; |
| rewrite ^ https://skia-review.googlesource.com redirect; |
| } |
| |
| server { |
| listen 80; |
| server_name reviews.skia.org; |
| return 301 https://reviews.skia.org$request_uri; |
| } |
| |
| |
| ##### cs.skia.org (REDIRECT) ########################### |
| server { |
| listen 443; |
| server_name cs.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/cs.access.log; |
| error_log /var/log/nginx/cs.error.log error; |
| |
| rewrite ^/(.+)$ https://code.google.com/p/chromium/codesearch#search/&q=$1%20file:%5Esrc/third_party/skia/&sq=package:chromium redirect; |
| rewrite ^ https://code.google.com/p/chromium/codesearch#chromium/src/third_party/skia/ redirect; |
| } |
| server { |
| listen 80; |
| server_name cs.skia.org; |
| rewrite ^/(.+)$ https://code.google.com/p/chromium/codesearch#search/&q=$1%20file:%5Esrc/third_party/skia/&sq=package:chromium redirect; |
| rewrite ^ https://code.google.com/p/chromium/codesearch#chromium/src/third_party/skia/ redirect; |
| } |
| |
| ##### task-scheduler.skia.org ########################### |
| server { |
| listen 443; |
| server_name task-scheduler.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/task-scheduler.access.log; |
| error_log /var/log/nginx/task-scheduler.error.log error; |
| |
| location / { |
| proxy_pass http://skia-task-scheduler:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name task-scheduler.skia.org; |
| return 301 https://task-scheduler.skia.org$request_uri; |
| } |
| |
| ##### task-scheduler-internal.skia.org ########################### |
| server { |
| listen 443; |
| server_name task-scheduler-internal.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/task-scheduler-internal.access.log; |
| error_log /var/log/nginx/task-scheduler-internal.error.log error; |
| |
| location / { |
| proxy_pass http://skia-proxy:8000; |
| proxy_set_header Host "skia-task-scheduler-internal-8000-proxy.skia.org"; |
| } |
| location /google2c59f97e1ced9fdc.html { |
| add_header Content-Type text/html; |
| return 200 'google-site-verification: google2c59f97e1ced9fdc.html'; |
| } |
| location /pubsub/ { |
| proxy_pass http://skia-task-scheduler-internal:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name task-scheduler-internal.skia.org; |
| return 301 https://task-scheduler-internal.skia.org$request_uri; |
| } |
| |
| ##### task-scheduler-staging.skia.org ########################### |
| server { |
| listen 443; |
| server_name task-scheduler-staging.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/task-scheduler-staging.access.log; |
| error_log /var/log/nginx/task-scheduler-staging.error.log error; |
| |
| location / { |
| proxy_pass http://skia-task-scheduler-staging:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name task-scheduler-staging.skia.org; |
| return 301 https://task-scheduler-staging.skia.org$request_uri; |
| } |
| |
| ##### prom.skia.org ########################### |
| server { |
| listen 443; |
| server_name prom.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/prom.access.log; |
| error_log /var/log/nginx/prom.error.log error; |
| |
| client_max_body_size 500M; |
| |
| location / { |
| proxy_pass http://skia-prom:8002; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80; |
| server_name prom.skia.org; |
| return 301 https://prom.skia.org$request_uri; |
| } |
| |
| ##### webhooks.skia.org ########################### |
| server { |
| listen 443; |
| server_name webhooks.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/webhooks.access.log; |
| error_log /var/log/nginx/webhooks.error.log error; |
| |
| client_max_body_size 500M; |
| |
| location / { |
| proxy_pass http://skia-prom:8005; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80; |
| server_name webhooks.skia.org; |
| return 301 https://webhooks.skia.org$request_uri; |
| } |
| |
| ##### proxy.skia.org ########################### |
| # |
| # proxy.skia.org is different than most other rules because it matches regexs |
| # on the first part of the host. |
| # |
| server { |
| listen 443; |
| server_name ~^[a-zA-Z0-9-]+proxy\.skia\.org$; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/proxy.access.log; |
| error_log /var/log/nginx/proxy.error.log error; |
| |
| client_max_body_size 500M; |
| |
| location / { |
| # If there are substantial changes the following 2 lines, be sure to |
| # duplicate those changes to the other places where we do |
| # a proxy_pass to skia-proxy. |
| proxy_pass http://skia-proxy:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80; |
| server_name ~^[a-zA-Z0-9-]+proxy\.skia\.org$; |
| return 301 https://$server_name$request_uri; |
| } |
| |
| ##### power.skia.org ########################### |
| server { |
| listen 443; |
| server_name power.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/power-controller.access.log; |
| error_log /var/log/nginx/power-controller.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name power.skia.org; |
| return 301 https://power.skia.org$request_uri; |
| } |
| |
| ##### ctpixeldiff.skia.org ########################### |
| server { |
| listen 443; |
| server_name ctpixeldiff.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/ctpixeldiff.access.log; |
| error_log /var/log/nginx/ctpixeldiff.error.log error; |
| |
| location / { |
| proxy_pass http://skia-ct-pixel-diff:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name ctpixeldiff.skia.org; |
| return 301 https://ctpixeldiff.skia.org$request_uri; |
| } |
| |
| ##### leasing.skia.org ########################### |
| server { |
| listen 443; |
| server_name leasing.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/leasing.access.log; |
| error_log /var/log/nginx/leasing.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name leasing.skia.org; |
| return 301 https://leasing.skia.org$request_uri; |
| } |
| |
| ##### jsdoc.skia.org ########################### |
| server { |
| listen 443; |
| server_name jsdoc.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/jsdoc.access.log; |
| error_log /var/log/nginx/jsdoc.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name jsdoc.skia.org; |
| return 301 https://jsdoc.skia.org$request_uri; |
| } |
| |
| # |
| # |
| # |
| # Entries below here are running on skia-public |
| # |
| # |
| # |
| |
| ##### prom2.skia.org ########################### |
| server { |
| listen 443; |
| server_name prom2.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/prom2.access.log; |
| error_log /var/log/nginx/prom2.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name prom2.skia.org; |
| return 301 https://prom2.skia.org$request_uri; |
| } |
| |
| ##### grafana2.skia.org ########################### |
| server { |
| listen 443; |
| server_name grafana2.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/grafana2.access.log; |
| error_log /var/log/nginx/grafana2.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name grafana2.skia.org; |
| return 301 https://grafana2.skia.org$request_uri; |
| } |
| |
| ##### debugger.skia.org ########################### |
| server { |
| listen 443; |
| server_name debugger.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/debugger.access.log; |
| error_log /var/log/nginx/debugger.error.log error; |
| |
| client_max_body_size 500M; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name debugger.skia.org; |
| return 301 https://debugger.skia.org$request_uri; |
| } |
| ##### debugger-assets.skia.org ########################### |
| server { |
| listen 443; |
| server_name debugger-assets.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/debugger-assets.access.log; |
| error_log /var/log/nginx/debugger-assets.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name debugger-assets.skia.org; |
| return 301 https://debugger-assets.skia.org$request_uri; |
| } |
| ##### skottie.skia.org ########################### |
| server { |
| listen 443; |
| server_name skottie.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/skottie.access.log; |
| error_log /var/log/nginx/skottie.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name skottie.skia.org; |
| return 301 https://skottie.skia.org$request_uri; |
| } |
| ##### skottie-internal.skia.org ########################### |
| server { |
| listen 443; |
| server_name skottie-internal.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/skottie-internal.access.log; |
| error_log /var/log/nginx/skottie-internal.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name skottie-internal.skia.org; |
| return 301 https://skottie-internal.skia.org$request_uri; |
| } |
| ##### status2.skia.org ########################### |
| server { |
| listen 443; |
| server_name status2.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/status2.access.log; |
| error_log /var/log/nginx/status2.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name status2.skia.org; |
| return 301 https://status2.skia.org$request_uri; |
| } |
| ##### named-fiddles.skia.org ########################### |
| server { |
| listen 443; |
| server_name named-fiddles.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/named-fiddles.access.log; |
| error_log /var/log/nginx/named-fiddles.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name named-fiddles.skia.org; |
| return 301 https://named-fiddles.skia.org$request_uri; |
| } |
| ##### am.skia.org ########################### |
| server { |
| listen 443; |
| server_name am.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/am.access.log; |
| error_log /var/log/nginx/am.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name am.skia.org; |
| return 301 https://am.skia.org$request_uri; |
| } |
| |
| ##### lottie-gold.skia.org ########################### |
| server { |
| listen 443; |
| server_name lottie-gold.skia.org; |
| ssl on; |
| access_log /var/log/nginx/lottie-gold.access.log; |
| error_log /var/log/nginx/lottie-gold.error.log error; |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name lottie-gold.skia.org; |
| return 301 https://lottie-gold.skia.org$request_uri; |
| } |
| |
| ##### chrome-gpu-gold.skia.org ########################### |
| server { |
| listen 443; |
| server_name chrome-gpu-gold.skia.org; |
| ssl on; |
| access_log /var/log/nginx/chrome-gpu-gold.access.log; |
| error_log /var/log/nginx/chrome-gpu-gold.error.log error; |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name chrome-gpu-gold.skia.org; |
| return 301 https://chrome-gpu-gold.skia.org$request_uri; |
| } |
| |
| ##### jsfiddle.skia.org ########################### |
| server { |
| listen 443; |
| server_name jsfiddle.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/jsfiddle.access.log; |
| error_log /var/log/nginx/jsfiddle.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name jsfiddle.skia.org; |
| return 301 https://jsfiddle.skia.org$request_uri; |
| } |
| |
| ##### task-driver.skia.org ########################### |
| server { |
| listen 443; |
| server_name task-driver.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/task-driver.access.log; |
| error_log /var/log/nginx/task-driver.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name task-driver.skia.org; |
| return 301 https://task-driver.skia.org$request_uri; |
| } |
| |
| ##### ct-perf.skia.org ########################### |
| server { |
| listen 443; |
| server_name ct-perf.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/ct-perf.access.log; |
| error_log /var/log/nginx/ct-perf.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name ct-perf.skia.org; |
| return 301 https://ct-perf.skia.org$request_uri; |
| } |
| |
| ##### collectd.skia.org ########################### |
| # This rule allows Skolo and Golo bots to report write_http collectd info over https. |
| server { |
| listen 443; |
| server_name collectd.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/collectd.access.log; |
| error_log /var/log/nginx/collectd.error.log error; |
| |
| location / { |
| proxy_pass https://35.201.76.220; |
| proxy_set_header Host $host; |
| # Skolo new primary public IP |
| allow 104.132.164.0/24; |
| # Golo public IP |
| allow 74.125.248.64/27; |
| deny all; |
| } |
| } |
| |