blob: 562fc06118bf70d5f3e03ed056f721808cd7e715 [file] [log] [blame]
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_dhparam /etc/nginx/ssl/dh_params.pem;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/nginx/ssl/skia_org.pem;
ssl_certificate_key /etc/nginx/ssl/skia_org.key;
proxy_connect_timeout 5m;
proxy_send_timeout 5m;
proxy_read_timeout 5m;
send_timeout 5m;
# Prevent nginx version from being leaked.
server_tokens off;
##### skia.org ################################
server {
listen 443 default_server;
server_name skia.org www.skia.org;
ssl on;
access_log /var/log/nginx/skia.access.log;
error_log /var/log/nginx/skia.error.log error;
# Enable HSTS.
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload;";
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
if ( $host != 'skia.org' ) {
rewrite ^/(.*)$ https://skia.org/$1 permanent;
}
location / {
proxy_pass http://skia-docs:8000;
proxy_set_header Host $host;
}
}
server {
listen 80 default_server;
server_name skia.org www.skia.org "";
return 301 https://skia.org$request_uri;
}
##### contest.skia.org ###########################
server {
listen 443;
server_name contest.skia.org;
ssl on;
access_log /var/log/nginx/contest.access.log;
error_log /var/log/nginx/contest.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-docs:8001;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name contest.skia.org;
return 301 https://contest.skia.org$request_uri;
}
##### perf.skia.org ###########################
server {
listen 443;
server_name perf.skia.org;
ssl on;
access_log /var/log/nginx/perf.access.log;
error_log /var/log/nginx/perf.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-perf:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name perf.skia.org;
return 301 https://perf.skia.org$request_uri;
}
##### android-perf.skia.org ###########################
server {
listen 443;
server_name android-perf.skia.org;
ssl on;
access_log /var/log/nginx/android-perf.access.log;
error_log /var/log/nginx/android-perf.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-android-perf:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name android-perf.skia.org;
return 301 https://android-perf.skia.org$request_uri;
}
##### android-ingest.skia.org ###########################
server {
listen 443;
server_name android-ingest.skia.org;
ssl on;
access_log /var/log/nginx/android-ingest.access.log;
error_log /var/log/nginx/android-ingest.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-android-ingest:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name android-ingest.skia.org;
return 301 https://android-ingest.skia.org$request_uri;
}
##### android-master-ingest.skia.org ###########################
server {
listen 443;
server_name android-master-ingest.skia.org;
ssl on;
access_log /var/log/nginx/android-master-ingest.access.log;
error_log /var/log/nginx/android-master-ingest.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-android-ingest:8001;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name android-master-ingest.skia.org;
return 301 https://android-master-ingest.skia.org$request_uri;
}
##### android-master-perf.skia.org ###########################
server {
listen 443;
server_name android-master-perf.skia.org;
ssl on;
access_log /var/log/nginx/android-master-perf.access.log;
error_log /var/log/nginx/android-master-perf.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-android-master-perf:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name android-master-perf.skia.org;
return 301 https://android-master-perf.skia.org$request_uri;
}
##### gold.skia.org ###########################
server {
listen 443;
server_name gold.skia.org;
ssl on;
access_log /var/log/nginx/gold.access.log;
error_log /var/log/nginx/gold.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location /_/hashes {
proxy_pass https://storage.googleapis.com/skia-infra-gm/hash_files/gold-prod-hashes.txt;
}
# Serve images directly from the diff server.
location /img/ {
proxy_pass http://skia-diffserver-prod:8001;
proxy_set_header Host $host;
}
location / {
proxy_pass http://skia-gold-prod:8001;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name gold.skia.org;
return 301 https://gold.skia.org$request_uri;
}
##### pdfium-gold.skia.org #####################
server {
listen 443;
server_name pdfium-gold.skia.org;
ssl on;
access_log /var/log/nginx/pdfium-gold.access.log;
error_log /var/log/nginx/pdfium-gold.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location /_/hashes {
proxy_pass https://storage.googleapis.com/skia-infra-gm/hash_files/gold-pdfium-hashes.txt;
}
location / {
proxy_pass http://skia-gold-pdfium:8001;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name pdfium-gold.skia.org;
return 301 https://pdfium-gold.skia.org$request_uri;
}
##### alerts.skia.org ###########################
server {
listen 443;
server_name alerts.skia.org;
ssl on;
access_log /var/log/nginx/alerts.access.log;
error_log /var/log/nginx/alerts.error.log error;
rewrite ^ https://promalerts.skia.org redirect;
}
server {
listen 80;
server_name alerts.skia.org;
return 301 https://alerts.skia.org$request_uri;
}
##### autoroll.skia.org ###########################
server {
listen 443;
server_name autoroll.skia.org;
ssl on;
access_log /var/log/nginx/autoroll.access.log;
error_log /var/log/nginx/autoroll.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-autoroll:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name autoroll.skia.org;
return 301 https://autoroll.skia.org$request_uri;
}
##### android-master-roll.skia.org ###########################
server {
listen 443;
server_name android-master-roll.skia.org;
ssl on;
access_log /var/log/nginx/android-master-roll.access.log;
error_log /var/log/nginx/android-master-roll.error.log error;
# Enforce browser XSS protection
# This header is added by the proxy; adding it again causes
# it to get mangled and reset to the default by the browser.
#add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass https://android-master-autoroll-8000-proxy.skia.org;
}
location /json/status {
proxy_pass http://android-master-autoroll:8000/json/status;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name android-master-roll.skia.org;
return 301 https://android-master-roll.skia.org$request_uri;
}
##### android-o-roll.skia.org ###########################
server {
listen 443;
server_name android-o-roll.skia.org;
ssl on;
access_log /var/log/nginx/android-o-roll.access.log;
error_log /var/log/nginx/android-o-roll.error.log error;
# Enforce browser XSS protection
# This header is added by the proxy; adding it again causes
# it to get mangled and reset to the default by the browser.
#add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass https://android-o-autoroll-8000-proxy.skia.org;
}
location /json/status {
proxy_pass http://android-o-autoroll:8000/json/status;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name android-o-roll.skia.org;
return 301 https://android-o-roll.skia.org$request_uri;
}
##### catapult-roll.skia.org ###########################
server {
listen 443;
server_name catapult-roll.skia.org;
ssl on;
access_log /var/log/nginx/catapult-roll.access.log;
error_log /var/log/nginx/catapult-roll.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://catapult-autoroll:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name catapult-roll.skia.org;
return 301 https://catapult-roll.skia.org$request_uri;
}
##### nacl-roll.skia.org ###########################
server {
listen 443;
server_name nacl-roll.skia.org;
ssl on;
access_log /var/log/nginx/nacl-roll.access.log;
error_log /var/log/nginx/nacl-roll.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://nacl-autoroll:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name nacl-roll.skia.org;
return 301 https://nacl-roll.skia.org$request_uri;
}
##### pdfium-roll.skia.org ###########################
server {
listen 443;
server_name pdfium-roll.skia.org;
ssl on;
access_log /var/log/nginx/pdfium-roll.access.log;
error_log /var/log/nginx/pdfium-roll.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://pdfium-autoroll:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name pdfium-roll.skia.org;
return 301 https://pdfium-roll.skia.org$request_uri;
}
##### mon.skia.org ###########################
server {
listen 443;
server_name mon.skia.org;
ssl on;
access_log /var/log/nginx/mon.access.log;
error_log /var/log/nginx/mon.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-monitoring:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name mon.skia.org;
return 301 https://mon.skia.org$request_uri;
}
##### metrics.skia.org ###########################
# This rule allows Skolo and Golo bots to report graphite metrics over https.
server {
listen 443;
server_name metrics.skia.org;
ssl on;
access_log /var/log/nginx/metrics.access.log;
error_log /var/log/nginx/metrics.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-monitoring:10117;
proxy_set_header Host $host;
# Skolo primary public IP TODO(kjlubick) Remove after transition
allow 216.239.33.118/32;
# Skolo secondary public IP TODO(kjlubick) Remove after transition
allow 216.239.33.70/32;
# Skolo new primary public IP
allow 104.132.164.0/24;
# Golo public IP
allow 74.125.248.64/27;
deny all;
}
}
##### push.skia.org ###########################
server {
listen 443;
server_name push.skia.org;
ssl on;
access_log /var/log/nginx/push.access.log;
error_log /var/log/nginx/push.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-push:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name push.skia.org;
return 301 https://push.skia.org$request_uri;
}
##### fiddle.skia.org ###########################
server {
listen 443;
server_name fiddle.skia.org;
ssl on;
access_log /var/log/nginx/fiddle.access.log;
error_log /var/log/nginx/fiddle.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-fiddle:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name fiddle.skia.org;
return 301 https://fiddle.skia.org$request_uri;
}
##### imageinfo.skia.org ###########################
server {
listen 443;
server_name imageinfo.skia.org;
ssl on;
access_log /var/log/nginx/imageinfo.access.log;
error_log /var/log/nginx/imageinfo.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
client_max_body_size 500M;
location / {
proxy_pass http://skia-imageinfo:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name imageinfo.skia.org;
return 301 https://imageinfo.skia.org$request_uri;
}
##### fuzzer.skia.org ###########################
server {
listen 443;
server_name fuzzer.skia.org;
ssl on;
access_log /var/log/nginx/fuzzer.access.log;
error_log /var/log/nginx/fuzzer.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-fuzzer-fe:8001;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name fuzzer.skia.org;
return 301 https://fuzzer.skia.org$request_uri;
}
#### health.skia.org ################
# Just return empty 200 responses for network load balancing health checks.
# See https://cloud.google.com/compute/docs/load-balancing/health-checks
server {
listen 80;
server_name health.skia.org;
access_log /var/log/nginx/health.access.log;
error_log /var/log/nginx/health.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
return 200;
}
}
##### status.skia.org ###########################
server {
listen 443;
server_name status.skia.org;
ssl on;
access_log /var/log/nginx/status.access.log;
error_log /var/log/nginx/status.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-status:8002;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name status.skia.org;
return 301 https://status.skia.org$request_uri;
}
##### status-internal.skia.org ###########################
server {
listen 443;
server_name status-internal.skia.org;
ssl on;
access_log /var/log/nginx/status-internal.access.log;
error_log /var/log/nginx/status-internal.error.log error;
# Enforce browser XSS protection
# This header is added by the proxy; adding it again causes
# it to get mangled and reset to the default by the browser.
#add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass https://skia-status-internal-8002-proxy.skia.org;
}
}
server {
listen 80;
server_name status-internal.skia.org;
return 301 https://status-internal.skia.org$request_uri;
}
##### go.skia.org ###########################
server {
listen 443;
server_name go.skia.org;
ssl on;
access_log /var/log/nginx/go.access.log;
error_log /var/log/nginx/go.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
add_header Content-Type text/html;
return 200 '<meta name="go-import" content="go.skia.org/infra git https://skia.googlesource.com/buildbot">';
}
}
##### ct.skia.org ###########################
server {
listen 443;
server_name ct.skia.org;
ssl on;
access_log /var/log/nginx/ct.access.log;
error_log /var/log/nginx/ct.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
client_max_body_size 50M;
location / {
proxy_pass http://skia-ctfe:8002;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name ct.skia.org;
return 301 https://ct.skia.org$request_uri;
}
##### skbug.com (REDIRECT) ###########################
server {
listen 80;
server_name skbug.com;
access_log /var/log/nginx/sk-bug.access.log;
error_log /var/log/nginx/sk-bug.error.log error;
rewrite ^/([0-9]+)$ https://bugs.chromium.org/p/skia/issues/detail?id=$1 redirect;
rewrite ^ https://bugs.chromium.org/p/skia/issues/list redirect;
}
##### bug.skia.org (REDIRECT) ###########################
server {
listen 443;
server_name bug.skia.org;
ssl on;
access_log /var/log/nginx/bug.access.log;
error_log /var/log/nginx/bug.error.log error;
# Note: nginx automatically appends the incoming query parameters to the redirect URL.
rewrite ^/p/skia/issues/detail(/?)$ https://bugs.chromium.org/p/skia/issues/detail redirect;
rewrite ^/p/skia/issues/list(/?)$ https://bugs.chromium.org/p/skia/issues/list redirect;
rewrite ^/p/skia(.*) https://skia.org? redirect;
rewrite ^/([0-9]+)$ https://bugs.chromium.org/p/skia/issues/detail?id=$1 redirect;
rewrite ^ https://bugs.chromium.org/p/skia/issues/list redirect;
}
server {
listen 80;
server_name bug.skia.org;
return 301 https://bug.skia.org$request_uri;
}
##### bugs.skia.org (REDIRECT) ##########################
# (People have trouble remembering if they should type "bug" or "bugs.")
server {
listen 443;
server_name bugs.skia.org;
ssl on;
access_log /var/log/nginx/bugs.access.log;
error_log /var/log/nginx/bugs.error.log error;
# Note: nginx automatically appends the incoming query parameters to the redirect URL.
rewrite ^/p/skia/issues/detail(/?)$ https://bugs.chromium.org/p/skia/issues/detail redirect;
rewrite ^/p/skia/issues/list(/?)$ https://bugs.chromium.org/p/skia/issues/list redirect;
rewrite ^/p/skia(.*) https://skia.org? redirect;
rewrite ^/([0-9]+)$ https://bugs.chromium.org/p/skia/issues/detail?id=$1 redirect;
rewrite ^ https://bugs.chromium.org/p/skia/issues/list redirect;
}
server {
listen 80;
server_name bugs.skia.org;
return 301 https://bugs.skia.org$request_uri;
}
##### code.skia.org (REDIRECT) ###########################
server {
listen 443;
ssl on;
access_log /var/log/nginx/code.access.log;
error_log /var/log/nginx/code.error.log error;
server_name code.skia.org;
rewrite ^ https://skia.googlesource.com/skia redirect;
}
server {
listen 80;
server_name code.skia.org;
rewrite ^ https://skia.googlesource.com/skia redirect;
}
##### review.skia.org (REDIRECT) ###########################
server {
listen 443;
server_name review.skia.org;
ssl on;
access_log /var/log/nginx/review.access.log;
error_log /var/log/nginx/review.error.log error;
# Note: nginx automatically appends the incoming query parameters to the redirect URL.
rewrite ^/([0-9]+)$ https://skia-review.googlesource.com/c/$1/ redirect;
rewrite ^ https://skia-review.googlesource.com redirect;
}
server {
listen 80;
server_name review.skia.org;
return 301 https://review.skia.org$request_uri;
}
##### reviews.skia.org (REDIRECT) ##########################
# (People have trouble remembering if they should type "review" or "reviews.")
server {
listen 443;
server_name reviews.skia.org;
ssl on;
access_log /var/log/nginx/reviews.access.log;
error_log /var/log/nginx/reviews.error.log error;
# Note: nginx automatically appends the incoming query parameters to the redirect URL.
rewrite ^/([0-9]+)$ https://skia-review.googlesource.com/c/$1/ redirect;
rewrite ^ https://skia-review.googlesource.com redirect;
}
server {
listen 80;
server_name reviews.skia.org;
return 301 https://reviews.skia.org$request_uri;
}
##### internal.skia.org ###########################
server {
listen 443;
server_name internal.skia.org;
ssl on;
access_log /var/log/nginx/internal.access.log;
error_log /var/log/nginx/internal.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-internal:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name internal.skia.org;
return 301 https://internal.skia.org$request_uri;
}
##### debugger.skia.org ###########################
server {
listen 443;
server_name debugger.skia.org;
ssl on;
access_log /var/log/nginx/debugger.access.log;
error_log /var/log/nginx/debugger.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
client_max_body_size 500M;
location / {
proxy_pass http://skia-debugger:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name debugger.skia.org;
return 301 https://debugger.skia.org$request_uri;
}
##### cs.skia.org (REDIRECT) ###########################
server {
listen 443;
server_name cs.skia.org;
ssl on;
access_log /var/log/nginx/cs.access.log;
error_log /var/log/nginx/cs.error.log error;
rewrite ^/(.+)$ https://code.google.com/p/chromium/codesearch#search/&q=$1%20file:%5Esrc/third_party/skia/&sq=package:chromium redirect;
rewrite ^ https://code.google.com/p/chromium/codesearch#chromium/src/third_party/skia/ redirect;
}
server {
listen 80;
server_name cs.skia.org;
rewrite ^/(.+)$ https://code.google.com/p/chromium/codesearch#search/&q=$1%20file:%5Esrc/third_party/skia/&sq=package:chromium redirect;
rewrite ^ https://code.google.com/p/chromium/codesearch#chromium/src/third_party/skia/ redirect;
}
##### task-scheduler.skia.org ###########################
server {
listen 443;
server_name task-scheduler.skia.org;
ssl on;
access_log /var/log/nginx/task-scheduler.access.log;
error_log /var/log/nginx/task-scheduler.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-task-scheduler:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name task-scheduler.skia.org;
return 301 https://task-scheduler.skia.org$request_uri;
}
##### task-scheduler-internal.skia.org ###########################
server {
listen 443;
server_name task-scheduler-internal.skia.org;
ssl on;
access_log /var/log/nginx/task-scheduler-internal.access.log;
error_log /var/log/nginx/task-scheduler-internal.error.log error;
# Enforce browser XSS protection
# This header is added by the proxy; adding it again causes
# it to get mangled and reset to the default by the browser.
#add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass https://skia-task-scheduler-internal-8000-proxy.skia.org;
}
location /google2c59f97e1ced9fdc.html {
add_header Content-Type text/html;
return 200 'google-site-verification: google2c59f97e1ced9fdc.html';
}
location /pubsub/ {
proxy_pass http://skia-task-scheduler-internal:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name task-scheduler-internal.skia.org;
return 301 https://task-scheduler-internal.skia.org$request_uri;
}
##### prom.skia.org ###########################
server {
listen 443;
server_name prom.skia.org;
ssl on;
access_log /var/log/nginx/prom.access.log;
error_log /var/log/nginx/prom.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
client_max_body_size 500M;
location / {
proxy_pass http://skia-prom:8002;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name prom.skia.org;
return 301 https://prom.skia.org$request_uri;
}
##### promalerts.skia.org ###########################
server {
listen 443;
server_name promalerts.skia.org;
ssl on;
access_log /var/log/nginx/promalerts.access.log;
error_log /var/log/nginx/promalerts.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
client_max_body_size 500M;
location / {
proxy_pass http://skia-prom:8003;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name promalerts.skia.org;
return 301 https://promalerts.skia.org$request_uri;
}
##### swarming-logger.skia.org ###########################
server {
listen 443;
server_name swarming-logger.skia.org;
ssl on;
access_log /var/log/nginx/swarming_logger.access.log;
error_log /var/log/nginx/swarming_logger.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
client_max_body_size 500M;
location / {
proxy_pass http://skia-swarming-logger:8000;
proxy_set_header Host $host;
}
location /google2c59f97e1ced9fdc.html {
add_header Content-Type text/html;
return 200 'google-site-verification: google2c59f97e1ced9fdc.html';
}
}
server {
listen 80;
server_name swarming-logger.skia.org;
return 301 https://swarming-logger.skia.org$request_uri;
}
##### webhooks.skia.org ###########################
server {
listen 443;
server_name webhooks.skia.org;
ssl on;
access_log /var/log/nginx/webhooks.access.log;
error_log /var/log/nginx/webhooks.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
client_max_body_size 500M;
location / {
proxy_pass http://skia-prom:8005;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name webhooks.skia.org;
return 301 https://webhooks.skia.org$request_uri;
}
##### proxy.skia.org ###########################
#
# proxy.skia.org is different than most other rules because it matches regexs
# on the first part of the host.
#
server {
listen 443;
server_name ~^[a-zA-Z0-9-]+proxy\.skia\.org$;
ssl on;
access_log /var/log/nginx/proxy.access.log;
error_log /var/log/nginx/proxy.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
client_max_body_size 500M;
location / {
proxy_pass http://skia-proxy:8000;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name ~^[a-zA-Z0-9-]+proxy\.skia\.org$;
return 301 https://$server_name$request_uri;
}
##### power.skia.org ###########################
server {
listen 443;
server_name power.skia.org;
ssl on;
access_log /var/log/nginx/power-controller.access.log;
error_log /var/log/nginx/power-controller.error.log error;
# Enforce browser XSS protection
add_header X-XSS-Protection "1; mode=block";
# Disable content sniffing
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://skia-power-controller:8002;
proxy_set_header Host $host;
}
}
server {
listen 80;
server_name power.skia.org;
return 301 https://power.skia.org$request_uri;
}