| |
| ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; |
| ssl_dhparam /etc/nginx/ssl/dh_params.pem; |
| ssl_session_cache shared:SSL:10m; |
| |
| ssl_certificate /etc/nginx/ssl/skia_org.pem; |
| ssl_certificate_key /etc/nginx/ssl/skia_org.key; |
| |
| proxy_connect_timeout 5m; |
| proxy_send_timeout 5m; |
| proxy_read_timeout 5m; |
| send_timeout 5m; |
| |
| # Prevent nginx version from being leaked. |
| server_tokens off; |
| |
| ##### skia.org ################################ |
| server { |
| listen 443 default_server; |
| server_name skia.org www.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/skia.access.log; |
| error_log /var/log/nginx/skia.error.log error; |
| |
| # Enable HSTS. |
| add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload;"; |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| if ( $host != 'skia.org' ) { |
| rewrite ^/(.*)$ https://skia.org/$1 permanent; |
| } |
| |
| location / { |
| proxy_pass http://skia-docs:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80 default_server; |
| server_name skia.org www.skia.org ""; |
| return 301 https://skia.org$request_uri; |
| } |
| |
| ##### perf.skia.org ########################### |
| server { |
| listen 443; |
| server_name perf.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/perf.access.log; |
| error_log /var/log/nginx/perf.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-perf:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name perf.skia.org; |
| return 301 https://perf.skia.org$request_uri; |
| } |
| |
| ##### android-perf.skia.org ########################### |
| server { |
| listen 443; |
| server_name android-perf.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/android-perf.access.log; |
| error_log /var/log/nginx/android-perf.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-android-perf:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name android-perf.skia.org; |
| return 301 https://android-perf.skia.org$request_uri; |
| } |
| |
| |
| ##### android-ingest.skia.org ########################### |
| server { |
| listen 443; |
| server_name android-ingest.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/android-ingest.access.log; |
| error_log /var/log/nginx/android-ingest.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-android-ingest:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name android-ingest.skia.org; |
| return 301 https://android-ingest.skia.org$request_uri; |
| } |
| |
| ##### android-master-ingest.skia.org ########################### |
| server { |
| listen 443; |
| server_name android-master-ingest.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/android-master-ingest.access.log; |
| error_log /var/log/nginx/android-master-ingest.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-android-ingest:8001; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name android-master-ingest.skia.org; |
| return 301 https://android-master-ingest.skia.org$request_uri; |
| } |
| |
| ##### android-master-perf.skia.org ########################### |
| server { |
| listen 443; |
| server_name android-master-perf.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/android-master-perf.access.log; |
| error_log /var/log/nginx/android-master-perf.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-android-master-perf:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name android-master-perf.skia.org; |
| return 301 https://android-master-perf.skia.org$request_uri; |
| } |
| |
| ##### gold.skia.org ########################### |
| server { |
| listen 443; |
| server_name gold.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/gold.access.log; |
| error_log /var/log/nginx/gold.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-gold-prod:8001; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name gold.skia.org; |
| return 301 https://gold.skia.org$request_uri; |
| } |
| |
| ##### gold-staging.skia.org ##################### |
| server { |
| listen 443; |
| server_name gold-staging.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/gold-stage.access.log; |
| error_log /var/log/nginx/gold-stage.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-gold-stage:8001; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name gold-staging.skia.org; |
| return 301 https://gold-staging.skia.org$request_uri; |
| } |
| |
| ##### pdfium-gold.skia.org ##################### |
| server { |
| listen 443; |
| server_name pdfium-gold.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/pdfium-gold.access.log; |
| error_log /var/log/nginx/pdfium-gold.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-gold-pdfium:8001; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name pdfium-gold.skia.org; |
| return 301 https://pdfium-gold.skia.org$request_uri; |
| } |
| |
| ##### alerts.skia.org ########################### |
| server { |
| listen 443; |
| server_name alerts.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/alerts.access.log; |
| error_log /var/log/nginx/alerts.error.log error; |
| |
| rewrite ^ https://promalerts.skia.org redirect; |
| } |
| server { |
| listen 80; |
| server_name alerts.skia.org; |
| return 301 https://alerts.skia.org$request_uri; |
| } |
| |
| ##### autoroll.skia.org ########################### |
| server { |
| listen 443; |
| server_name autoroll.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/autoroll.access.log; |
| error_log /var/log/nginx/autoroll.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-autoroll:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name autoroll.skia.org; |
| return 301 https://autoroll.skia.org$request_uri; |
| } |
| |
| ##### catapult-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name catapult-roll.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/catapult-roll.access.log; |
| error_log /var/log/nginx/catapult-roll.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://catapult-autoroll:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name catapult-roll.skia.org; |
| return 301 https://catapult-roll.skia.org$request_uri; |
| } |
| |
| ##### nacl-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name nacl-roll.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/nacl-roll.access.log; |
| error_log /var/log/nginx/nacl-roll.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://nacl-autoroll:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name nacl-roll.skia.org; |
| return 301 https://nacl-roll.skia.org$request_uri; |
| } |
| |
| ##### pdfium-roll.skia.org ########################### |
| server { |
| listen 443; |
| server_name pdfium-roll.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/pdfium-roll.access.log; |
| error_log /var/log/nginx/pdfium-roll.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://pdfium-autoroll:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name pdfium-roll.skia.org; |
| return 301 https://pdfium-roll.skia.org$request_uri; |
| } |
| |
| ##### mon.skia.org ########################### |
| server { |
| listen 443; |
| server_name mon.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/mon.access.log; |
| error_log /var/log/nginx/mon.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-monitoring:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80; |
| server_name mon.skia.org; |
| return 301 https://mon.skia.org$request_uri; |
| } |
| |
| ##### metrics.skia.org ########################### |
| # This rule allows Skolo and Golo bots to report graphite metrics over https. |
| server { |
| listen 443; |
| server_name metrics.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/metrics.access.log; |
| error_log /var/log/nginx/metrics.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-monitoring:10117; |
| proxy_set_header Host $host; |
| # Skolo primary public IP TODO(kjlubick) Remove after transition |
| allow 216.239.33.118/32; |
| # Skolo secondary public IP TODO(kjlubick) Remove after transition |
| allow 216.239.33.70/32; |
| # Skolo new primary public IP |
| allow 104.132.164.0/24; |
| # Golo public IP |
| allow 74.125.248.64/27; |
| deny all; |
| } |
| } |
| |
| |
| ##### push.skia.org ########################### |
| server { |
| listen 443; |
| server_name push.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/push.access.log; |
| error_log /var/log/nginx/push.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-push:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name push.skia.org; |
| return 301 https://push.skia.org$request_uri; |
| } |
| |
| ##### fiddle.skia.org ########################### |
| server { |
| listen 443; |
| server_name fiddle.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/fiddle.access.log; |
| error_log /var/log/nginx/fiddle.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-fiddle:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name fiddle.skia.org; |
| return 301 https://fiddle.skia.org$request_uri; |
| } |
| |
| ##### imageinfo.skia.org ########################### |
| server { |
| listen 443; |
| server_name imageinfo.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/imageinfo.access.log; |
| error_log /var/log/nginx/imageinfo.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| client_max_body_size 500M; |
| |
| location / { |
| proxy_pass http://skia-imageinfo:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name imageinfo.skia.org; |
| return 301 https://imageinfo.skia.org$request_uri; |
| } |
| |
| ##### fuzzer.skia.org ########################### |
| server { |
| listen 443; |
| server_name fuzzer.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/fuzzer.access.log; |
| error_log /var/log/nginx/fuzzer.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-fuzzer-fe:8001; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name fuzzer.skia.org; |
| return 301 https://fuzzer.skia.org$request_uri; |
| } |
| |
| #### health.skia.org ################ |
| # Just return empty 200 responses for network load balancing health checks. |
| # See https://cloud.google.com/compute/docs/load-balancing/health-checks |
| server { |
| listen 80; |
| server_name health.skia.org; |
| |
| access_log /var/log/nginx/health.access.log; |
| error_log /var/log/nginx/health.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| return 200; |
| } |
| } |
| |
| ##### status.skia.org ########################### |
| server { |
| listen 443; |
| server_name status.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/status.access.log; |
| error_log /var/log/nginx/status.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-status:8002; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name status.skia.org; |
| return 301 https://status.skia.org$request_uri; |
| } |
| |
| ##### status-internal.skia.org ########################### |
| server { |
| listen 443; |
| server_name status-internal.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/status-internal.access.log; |
| error_log /var/log/nginx/status-internal.error.log error; |
| |
| # Enforce browser XSS protection |
| # This header is added by the proxy; adding it again causes |
| # it to get mangled and reset to the default by the browser. |
| #add_header X-XSS-Protection "1; mode=block"; |
| |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass https://skia-status-internal-8002-proxy.skia.org; |
| } |
| } |
| server { |
| listen 80; |
| server_name status-internal.skia.org; |
| return 301 https://status-internal.skia.org$request_uri; |
| } |
| |
| |
| ##### go.skia.org ########################### |
| server { |
| listen 443; |
| server_name go.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/go.access.log; |
| error_log /var/log/nginx/go.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| add_header Content-Type text/html; |
| return 200 '<meta name="go-import" content="go.skia.org/infra git https://skia.googlesource.com/buildbot">'; |
| } |
| } |
| |
| ##### ct.skia.org ########################### |
| server { |
| listen 443; |
| server_name ct.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/ct.access.log; |
| error_log /var/log/nginx/ct.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| client_max_body_size 50M; |
| |
| location / { |
| proxy_pass http://skia-ctfe:8002; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name ct.skia.org; |
| return 301 https://ct.skia.org$request_uri; |
| } |
| |
| ##### skbug.com (REDIRECT) ########################### |
| server { |
| listen 80; |
| server_name skbug.com; |
| |
| access_log /var/log/nginx/sk-bug.access.log; |
| error_log /var/log/nginx/sk-bug.error.log error; |
| |
| rewrite ^/([0-9]+)$ https://bugs.chromium.org/p/skia/issues/detail?id=$1 redirect; |
| rewrite ^ https://bugs.chromium.org/p/skia/issues/list redirect; |
| } |
| |
| ##### bug.skia.org (REDIRECT) ########################### |
| server { |
| listen 443; |
| server_name bug.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/bug.access.log; |
| error_log /var/log/nginx/bug.error.log error; |
| |
| # Note: nginx automatically appends the incoming query parameters to the redirect URL. |
| rewrite ^/p/skia/issues/detail(/?)$ https://bugs.chromium.org/p/skia/issues/detail redirect; |
| rewrite ^/p/skia/issues/list(/?)$ https://bugs.chromium.org/p/skia/issues/list redirect; |
| rewrite ^/p/skia(.*) https://skia.org? redirect; |
| rewrite ^/([0-9]+)$ https://bugs.chromium.org/p/skia/issues/detail?id=$1 redirect; |
| rewrite ^ https://bugs.chromium.org/p/skia/issues/list redirect; |
| } |
| |
| server { |
| listen 80; |
| server_name bug.skia.org; |
| return 301 https://bug.skia.org$request_uri; |
| } |
| |
| ##### bugs.skia.org (REDIRECT) ########################## |
| # (People have trouble remembering if they should type "bug" or "bugs.") |
| server { |
| listen 443; |
| server_name bugs.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/bugs.access.log; |
| error_log /var/log/nginx/bugs.error.log error; |
| |
| # Note: nginx automatically appends the incoming query parameters to the redirect URL. |
| rewrite ^/p/skia/issues/detail(/?)$ https://bugs.chromium.org/p/skia/issues/detail redirect; |
| rewrite ^/p/skia/issues/list(/?)$ https://bugs.chromium.org/p/skia/issues/list redirect; |
| rewrite ^/p/skia(.*) https://skia.org? redirect; |
| rewrite ^/([0-9]+)$ https://bugs.chromium.org/p/skia/issues/detail?id=$1 redirect; |
| rewrite ^ https://bugs.chromium.org/p/skia/issues/list redirect; |
| } |
| |
| server { |
| listen 80; |
| server_name bugs.skia.org; |
| return 301 https://bugs.skia.org$request_uri; |
| } |
| |
| ##### code.skia.org (REDIRECT) ########################### |
| server { |
| listen 443; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/code.access.log; |
| error_log /var/log/nginx/code.error.log error; |
| |
| server_name code.skia.org; |
| rewrite ^ https://skia.googlesource.com/skia redirect; |
| } |
| |
| server { |
| listen 80; |
| server_name code.skia.org; |
| rewrite ^ https://skia.googlesource.com/skia redirect; |
| } |
| |
| ##### review.skia.org (REDIRECT) ########################### |
| server { |
| listen 443; |
| server_name review.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/review.access.log; |
| error_log /var/log/nginx/review.error.log error; |
| |
| # Note: nginx automatically appends the incoming query parameters to the redirect URL. |
| rewrite ^/([0-9]+)$ https://skia-review.googlesource.com/c/$1/ redirect; |
| rewrite ^ https://skia-review.googlesource.com redirect; |
| } |
| |
| server { |
| listen 80; |
| server_name review.skia.org; |
| return 301 https://review.skia.org$request_uri; |
| } |
| |
| ##### reviews.skia.org (REDIRECT) ########################## |
| # (People have trouble remembering if they should type "review" or "reviews.") |
| server { |
| listen 443; |
| server_name reviews.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/reviews.access.log; |
| error_log /var/log/nginx/reviews.error.log error; |
| |
| # Note: nginx automatically appends the incoming query parameters to the redirect URL. |
| rewrite ^/([0-9]+)$ https://skia-review.googlesource.com/c/$1/ redirect; |
| rewrite ^ https://skia-review.googlesource.com redirect; |
| } |
| |
| server { |
| listen 80; |
| server_name reviews.skia.org; |
| return 301 https://reviews.skia.org$request_uri; |
| } |
| |
| |
| ##### internal.skia.org ########################### |
| server { |
| listen 443; |
| server_name internal.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/internal.access.log; |
| error_log /var/log/nginx/internal.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-internal:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80; |
| server_name internal.skia.org; |
| return 301 https://internal.skia.org$request_uri; |
| } |
| |
| ##### debugger.skia.org ########################### |
| server { |
| listen 443; |
| server_name debugger.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/debugger.access.log; |
| error_log /var/log/nginx/debugger.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| client_max_body_size 500M; |
| |
| location / { |
| proxy_pass http://skia-debugger:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80; |
| server_name debugger.skia.org; |
| return 301 https://debugger.skia.org$request_uri; |
| } |
| |
| ##### cs.skia.org (REDIRECT) ########################### |
| server { |
| listen 443; |
| server_name cs.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/cs.access.log; |
| error_log /var/log/nginx/cs.error.log error; |
| |
| rewrite ^/(.+)$ https://code.google.com/p/chromium/codesearch#search/&q=$1%20file:%5Esrc/third_party/skia/&sq=package:chromium redirect; |
| rewrite ^ https://code.google.com/p/chromium/codesearch#chromium/src/third_party/skia/ redirect; |
| } |
| server { |
| listen 80; |
| server_name cs.skia.org; |
| rewrite ^/(.+)$ https://code.google.com/p/chromium/codesearch#search/&q=$1%20file:%5Esrc/third_party/skia/&sq=package:chromium redirect; |
| rewrite ^ https://code.google.com/p/chromium/codesearch#chromium/src/third_party/skia/ redirect; |
| } |
| |
| ##### task-scheduler.skia.org ########################### |
| server { |
| listen 443; |
| server_name task-scheduler.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/task-scheduler.access.log; |
| error_log /var/log/nginx/task-scheduler.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass http://skia-task-scheduler:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name task-scheduler.skia.org; |
| return 301 https://task-scheduler.skia.org$request_uri; |
| } |
| |
| ##### task-scheduler-internal.skia.org ########################### |
| server { |
| listen 443; |
| server_name task-scheduler-internal.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/task-scheduler-internal.access.log; |
| error_log /var/log/nginx/task-scheduler-internal.error.log error; |
| |
| # Enforce browser XSS protection |
| # This header is added by the proxy; adding it again causes |
| # it to get mangled and reset to the default by the browser. |
| #add_header X-XSS-Protection "1; mode=block"; |
| |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| location / { |
| proxy_pass https://skia-task-scheduler-internal-8000-proxy.skia.org; |
| } |
| location /google2c59f97e1ced9fdc.html { |
| add_header Content-Type text/html; |
| return 200 'google-site-verification: google2c59f97e1ced9fdc.html'; |
| } |
| location /pubsub/ { |
| proxy_pass http://skia-task-scheduler-internal:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| server { |
| listen 80; |
| server_name task-scheduler-internal.skia.org; |
| return 301 https://task-scheduler-internal.skia.org$request_uri; |
| } |
| |
| ##### prom.skia.org ########################### |
| server { |
| listen 443; |
| server_name prom.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/prom.access.log; |
| error_log /var/log/nginx/prom.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| client_max_body_size 500M; |
| |
| location / { |
| proxy_pass http://skia-prom:8002; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80; |
| server_name prom.skia.org; |
| return 301 https://prom.skia.org$request_uri; |
| } |
| |
| ##### promalerts.skia.org ########################### |
| server { |
| listen 443; |
| server_name promalerts.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/promalerts.access.log; |
| error_log /var/log/nginx/promalerts.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| client_max_body_size 500M; |
| |
| location / { |
| proxy_pass http://skia-prom:8003; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80; |
| server_name promalerts.skia.org; |
| return 301 https://promalerts.skia.org$request_uri; |
| } |
| |
| ##### webhooks.skia.org ########################### |
| server { |
| listen 443; |
| server_name webhooks.skia.org; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/webhooks.access.log; |
| error_log /var/log/nginx/webhooks.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| client_max_body_size 500M; |
| |
| location / { |
| proxy_pass http://skia-prom:8005; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80; |
| server_name webhooks.skia.org; |
| return 301 https://webhooks.skia.org$request_uri; |
| } |
| |
| ##### proxy.skia.org ########################### |
| # |
| # proxy.skia.org is different than most other rules because it matches regexs |
| # on the first part of the host. |
| # |
| server { |
| listen 443; |
| server_name ~^[a-zA-Z0-9-]+proxy\.skia\.org$; |
| |
| ssl on; |
| |
| access_log /var/log/nginx/proxy.access.log; |
| error_log /var/log/nginx/proxy.error.log error; |
| |
| # Enforce browser XSS protection |
| add_header X-XSS-Protection "1; mode=block"; |
| # Disable content sniffing |
| add_header X-Content-Type-Options nosniff; |
| |
| client_max_body_size 500M; |
| |
| location / { |
| proxy_pass http://skia-proxy:8000; |
| proxy_set_header Host $host; |
| } |
| } |
| |
| server { |
| listen 80; |
| server_name ~^[a-zA-Z0-9-]+proxy\.skia\.org$; |
| return 301 https://$server_name$request_uri; |
| } |
| |