diff --git a/roles/nginxplus/files/conf/http/abid-staging.conf b/roles/nginxplus/files/conf/http/abid-staging.conf deleted file mode 100644 index aa9a6b0626..0000000000 --- a/roles/nginxplus/files/conf/http/abid-staging.conf +++ /dev/null @@ -1,57 +0,0 @@ -# Ansible managed -proxy_cache_path /data/nginx/abid-staging/NGINX_cache/ keys_zone=abid-stagingcache:10m; - -upstream abid-staging { - zone abid-staging 64k; - # server abid-staging1.princeton.edu resolve; - server abid-staging2.princeton.edu resolve; - sticky learn - create=$upstream_cookie_abidstagingcookie - lookup=$cookie_abidstagingcookie - zone=abidclient_sessions:1m; -} - -server { - listen 80; - server_name abid-staging.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name abid-staging.princeton.edu; - - ssl_certificate /etc/letsencrypt/live/abid-staging/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/abid-staging/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - - location / { - app_protect_enable on; - app_protect_security_log_enable on; - proxy_pass http://abid-staging; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_cache abid-stagingcache; - proxy_connect_timeout 2h; - proxy_send_timeout 2h; - proxy_read_timeout 2h; - # handle errors using errors.conf - proxy_intercept_errors on; - # configure health checks - health_check interval=10 fails=3 passes=2; - # allow princeton network - include /etc/nginx/conf.d/templates/restrict.conf; - # block all IPs outside the princeton network - deny all; - } - - # both staging-maintenance.conf and errors.conf define error_page - # only use one! - # include /etc/nginx/conf.d/templates/staging-maintenance.conf; - include /etc/nginx/conf.d/templates/errors.conf; - -} diff --git a/roles/nginxplus/files/conf/http/abid_prod.conf b/roles/nginxplus/files/conf/http/abid_prod.conf deleted file mode 100644 index 3839dbebf7..0000000000 --- a/roles/nginxplus/files/conf/http/abid_prod.conf +++ /dev/null @@ -1,44 +0,0 @@ -# Ansible managed -proxy_cache_path /data/nginx/abid/NGINX_cache/ keys_zone=abidcache:10m; - -upstream abid { - zone abid 64k; - server abid1.princeton.edu resolve; - sticky learn - create=$upstream_cookie_abidcookie - lookup=$cookie_abidcookie - zone=abidprodclient_sessions:1m; -} - -server { - listen 80; - server_name abid.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name abid.princeton.edu; - - ssl_certificate /etc/letsencrypt/live/abid/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/abid/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - - location / { - proxy_pass http://abid; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_cache abidcache; - proxy_connect_timeout 2h; - proxy_send_timeout 2h; - proxy_read_timeout 2h; - health_check interval=10 fails=3 passes=2; - } - - include /etc/nginx/conf.d/templates/prod-maintenance.conf; - -} diff --git a/roles/nginxplus/files/conf/http/allsearch-api_prod.conf b/roles/nginxplus/files/conf/http/allsearch-api_prod.conf deleted file mode 100644 index 9b4a1a8572..0000000000 --- a/roles/nginxplus/files/conf/http/allsearch-api_prod.conf +++ /dev/null @@ -1,53 +0,0 @@ -# Ansible managed -proxy_cache_path /data/nginx/allsearch-api/NGINX_cache/ keys_zone=allsearch-apicache:10m; - -map $limit $external_traffic { - 0 ""; - 1 $binary_remote_addr; -} - -# zone: 10mb can hold 160K IP addresses in memory -limit_req_zone $external_traffic zone=allsearch-api-prod-ratelimit:10m rate=10r/s; - -upstream allsearch-api { - zone allsearch-api 128k; - least_conn; - server allsearch-api-prod1.princeton.edu resolve; - server allsearch-api-prod2.princeton.edu resolve; - sticky learn - create=$upstream_cookie_allsearch-apicookie - lookup=$cookie_allsearch-apicookie - zone=allsearch-apiclient_sessions:1m; -} - -server { - listen 80; - server_name allsearch-api.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl; - server_name allsearch-api.princeton.edu; - - client_max_body_size 8m; - - ssl_certificate /etc/letsencrypt/live/allsearch-api/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/allsearch-api/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - - location / { - proxy_pass http://allsearch-api; - # handle errors using errors.conf - proxy_intercept_errors on; - proxy_set_header Host $host; - limit_req zone=allsearch-api-prod-ratelimit burst=20 nodelay; - proxy_cache allsearch-apicache; - } - - include /etc/nginx/conf.d/templates/errors.conf; -} diff --git a/roles/nginxplus/files/conf/http/allsearch-api_staging.conf b/roles/nginxplus/files/conf/http/allsearch-api_staging.conf deleted file mode 100644 index 627f5479d4..0000000000 --- a/roles/nginxplus/files/conf/http/allsearch-api_staging.conf +++ /dev/null @@ -1,59 +0,0 @@ -# Ansible managed -proxy_cache_path /data/nginx/allsearch-api-staging/NGINX_cache/ keys_zone=allsearch-api-stagingcache:10m; - -map $limit $external_traffic { - 0 ""; - 1 $binary_remote_addr; -} - -# zone: 10mb can hold 160K IP addresses in memory -limit_req_zone $external_traffic zone=allsearch-api-staging-ratelimit:10m rate=10r/s; - -upstream allsearch-api-staging { - zone allsearch-api-staging 64k; - least_conn; - server allsearch-api-staging1.princeton.edu resolve; - sticky learn - create=$upstream_cookie_allsearch-apistagingcookie - lookup=$cookie_allsearch-apistagingcookie - zone=allsearch-apistagingclient_sessions:1m; -} - -server { - listen 80; - server_name allsearch-api-staging.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name allsearch-api-staging.princeton.edu; - - client_max_body_size 8m; - - ssl_certificate /etc/letsencrypt/live/allsearch-api-staging/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/allsearch-api-staging/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - - location / { - app_protect_enable on; - app_protect_security_log_enable on; - proxy_pass http://allsearch-api-staging; - proxy_cache allsearch-api-stagingcache; - # handle errors using errors.conf - proxy_intercept_errors on; - proxy_set_header Host $host; - limit_req zone=allsearch-api-staging-ratelimit burst=20 nodelay; - # allow princeton network - include /etc/nginx/conf.d/templates/restrict.conf; - # block all - deny all; - } - - include /etc/nginx/conf.d/templates/errors.conf; - -} diff --git a/roles/nginxplus/files/conf/http/annotations-prod.conf b/roles/nginxplus/files/conf/http/annotations-prod.conf deleted file mode 100644 index d01d886c5f..0000000000 --- a/roles/nginxplus/files/conf/http/annotations-prod.conf +++ /dev/null @@ -1,45 +0,0 @@ -# {{ ansible_managed | comment }} -proxy_cache_path /data/nginx/annotations-prod/NGINX_cache/ keys_zone=annotations-prodcache:10m; - -upstream annotations-prod { - zone annotations-prod 64k; - least_conn; - server annotations-prod1.princeton.edu resolve; - sticky learn - create=$upstream_cookie_annotations-prodcookie - lookup=$cookie_annotations-prodcookie - zone=annotations-prodclient_sessions:1m; -} - -server { - listen 80; - server_name annotations.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name annotations.princeton.edu; - - ssl_certificate /etc/letsencrypt/live/annotations/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/annotations/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - -location / { - proxy_pass http://annotations-prod; - proxy_cache annotations-prodcache; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # handle errors using errors.conf - proxy_intercept_errors on; -} - - include /etc/nginx/conf.d/templates/errors.conf; -} \ No newline at end of file diff --git a/roles/nginxplus/files/conf/http/annotations-staging.conf b/roles/nginxplus/files/conf/http/annotations-staging.conf deleted file mode 100644 index 603eff8652..0000000000 --- a/roles/nginxplus/files/conf/http/annotations-staging.conf +++ /dev/null @@ -1,51 +0,0 @@ -# {{ ansible_managed | comment }} -proxy_cache_path /data/nginx/annotations-staging/NGINX_cache/ keys_zone=annotations-stagingcache:10m; - -upstream annotations-staging { - zone annotations-staging 64k; - least_conn; - server annotations-staging1.princeton.edu resolve; - sticky learn - create=$upstream_cookie_annotations-stagingcookie - lookup=$cookie_annotations-stagingcookie - zone=annotations-stagingclient_sessions:1m; -} - -server { - listen 80; - server_name annotations-staging.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name annotations-staging.princeton.edu; - - ssl_certificate /etc/letsencrypt/live/annotations-staging/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/annotations-staging/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - - location / { - app_protect_enable on; - app_protect_security_log_enable on; - proxy_pass http://annotations-staging; - proxy_cache annotations-stagingcache; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # handle errors using errors.conf - proxy_intercept_errors on; - # allow princeton network - include /etc/nginx/conf.d/templates/restrict.conf; - # block all - deny all; - } - - include /etc/nginx/conf.d/templates/errors.conf; -} diff --git a/roles/nginxplus/files/conf/http/ansible-tower-prod.conf b/roles/nginxplus/files/conf/http/ansible-tower-prod.conf deleted file mode 100644 index aae6f6031a..0000000000 --- a/roles/nginxplus/files/conf/http/ansible-tower-prod.conf +++ /dev/null @@ -1,42 +0,0 @@ -# Ansible managed -proxy_cache_path /data/nginx/ansible-tower/NGINX_cache/ keys_zone=ansible-towercache:10m; - -upstream ansible-tower { - zone ansible-tower 64k; - server ansible-tower1.princeton.edu:443; - sticky learn - create=$upstream_cookie_ansible-towercookie - lookup=$cookie_ansible-towercookie - zone=ansible-towerclient_sessions:1m; -} - -server { - listen 80; - server_name ansible-tower.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - - -server { - listen 443 ssl; - server_name ansible-tower.princeton.edu; - - ssl_certificate /etc/letsencrypt/live/ansible-tower/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/ansible-tower/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - - location / { - proxy_pass https://ansible-tower; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_cache ansible-towercache; - health_check interval=10 fails=3 passes=2; - } - include /etc/nginx/conf.d/templates/prod-maintenance.conf; -} diff --git a/roles/nginxplus/files/conf/http/approvals-prod.conf b/roles/nginxplus/files/conf/http/approvals-prod.conf deleted file mode 100644 index baf275b137..0000000000 --- a/roles/nginxplus/files/conf/http/approvals-prod.conf +++ /dev/null @@ -1,43 +0,0 @@ -# Ansible managed -proxy_cache_path /data/nginx/approvals-prod/NGINX_cache/ keys_zone=approvals-prodcache:10m; - -upstream approvals-prod { - zone approvals-prod 64k; - # server lib-approvals-prod1.princeton.edu resolve; - server lib-approvals-prod2.princeton.edu resolve; - sticky learn - create=$upstream_cookie_approvalsprodcookie - lookup=$cookie_approvalsprodcookie - zone=approvalsprodclient_sessions:1m; -} - -server { - listen 80; - server_name approvals.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name approvals.princeton.edu; - - ssl_certificate /etc/letsencrypt/live/approvals/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/approvals/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - - location / { - proxy_pass http://approvals-prod; - proxy_set_header X-Forwarded-Host $host; - proxy_cache approvals-prodcache; - # handle errors using errors.conf - proxy_intercept_errors on; - health_check interval=10 fails=3 passes=2; - } - - include /etc/nginx/conf.d/templates/errors.conf; - -} diff --git a/roles/nginxplus/files/conf/http/approvals-staging.conf b/roles/nginxplus/files/conf/http/approvals-staging.conf deleted file mode 100644 index 870fff53c2..0000000000 --- a/roles/nginxplus/files/conf/http/approvals-staging.conf +++ /dev/null @@ -1,49 +0,0 @@ -# Ansible managed -proxy_cache_path /data/nginx/approvals-staging/NGINX_cache/ keys_zone=approvals-stagingcache:10m; - -upstream approvals-staging { - zone approvals-staging 64k; - server lib-approvals-staging1.princeton.edu resolve; - server lib-approvals-staging2.princeton.edu resolve; - sticky learn - create=$upstream_cookie_approvalsstagingcookie - lookup=$cookie_approvalsstagingcookie - zone=approvalsstagingclient_sessions:1m; -} - -server { - listen 80; - server_name approvals-staging.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name approvals-staging.princeton.edu; - - ssl_certificate /etc/letsencrypt/live/approvals-staging/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/approvals-staging/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - - location / { - app_protect_enable on; - app_protect_security_log_enable on; - proxy_pass http://approvals-staging; - proxy_set_header X-Forwarded-Host $host; - proxy_cache approvals-stagingcache; - # handle errors using errors.conf - proxy_intercept_errors on; - health_check interval=10 fails=3 passes=2; - # allow princeton network - include /etc/nginx/conf.d/templates/restrict.conf; - # block all - deny all; - } - - include /etc/nginx/conf.d/templates/errors.conf; - -} diff --git a/roles/nginxplus/files/conf/http/bibdata-qa.conf b/roles/nginxplus/files/conf/http/bibdata-qa.conf deleted file mode 100644 index cbc2eef3e6..0000000000 --- a/roles/nginxplus/files/conf/http/bibdata-qa.conf +++ /dev/null @@ -1,54 +0,0 @@ -# Ansible managed -proxy_cache_path /data/nginx/bibdata-qa/NGINX_cache/ keys_zone=bibdata-qacache:10m; - -upstream bibdata-qa { - zone bibdata-qa 64k; - # server bibdata-qa1.princeton.edu resolve; - server bibdata-qa2.princeton.edu resolve; - sticky learn - create=$upstream_cookie_bibdataqacookie - lookup=$cookie_bibdataqacookie - zone=bibdataqaclient_sessions:1m; -} - -server { - listen 80; - server_name bibdata-qa.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name bibdata-qa.princeton.edu; - - ssl_certificate /etc/letsencrypt/live/bibdata-qa/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/bibdata-qa/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - - location / { - app_protect_enable on; - app_protect_security_log_enable on; - proxy_pass http://bibdata-qa; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_cache bibdata-qacache; - proxy_connect_timeout 2h; - proxy_send_timeout 2h; - proxy_read_timeout 2h; - # handle errors using errors.conf - proxy_intercept_errors on; - health_check interval=10 fails=3 passes=2; - # allow princeton network - include /etc/nginx/conf.d/templates/restrict.conf; - include /etc/nginx/conf.d/templates/htc_restrict.conf; - # block all - deny all; - } - - include /etc/nginx/conf.d/templates/errors.conf; - -} diff --git a/roles/nginxplus/files/conf/http/byzantine-tsp_prod.conf b/roles/nginxplus/files/conf/http/byzantine-tsp_prod.conf deleted file mode 100644 index 2b9e24c170..0000000000 --- a/roles/nginxplus/files/conf/http/byzantine-tsp_prod.conf +++ /dev/null @@ -1,42 +0,0 @@ -# Ansible managed -proxy_cache_path /data/nginx/byzantine-prod/NGINX_cache/ keys_zone=byzantine-prodcache:10m; - -upstream byzantine-tsp-prod { - zone byzantine-tsp-prod 64k; - server byzantine-tsp-prod1.princeton.edu resolve; - sticky learn - create=$upstream_cookie_byzantineprodcookie - lookup=$cookie_byzantine-prodcookie - zone=byzantine-prodclient_sessions:1m; -} - -server { - listen 80; - server_name byzantine-tsp-prod.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name byzantine-tsp-prod.princeton.edu; - - ssl_certificate /etc/letsencrypt/live/byzantine-tsp-prod/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/byzantine-tsp-prod/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - - location / { - proxy_pass http://byzantine-tsp-prod; - proxy_set_header X-Forwarded-Host $host; - proxy_cache byzantine-prodcache; - # handle errors using errors.conf - proxy_intercept_errors on; - health_check interval=10 fails=3 passes=2; - } - - include /etc/nginx/conf.d/templates/errors.conf; - -} diff --git a/roles/nginxplus/files/conf/http/byzantine-tsp_staging.conf b/roles/nginxplus/files/conf/http/byzantine-tsp_staging.conf deleted file mode 100644 index f8f01a2c79..0000000000 --- a/roles/nginxplus/files/conf/http/byzantine-tsp_staging.conf +++ /dev/null @@ -1,42 +0,0 @@ -# Ansible managed -proxy_cache_path /data/nginx/byzantine-staging/NGINX_cache/ keys_zone=byzantine-stagingcache:10m; - -upstream byzantine-tsp-staging { - zone byzantine-tsp-staging 64k; - server byzantine-tsp-staging1.princeton.edu resolve; - sticky learn - create=$upstream_cookie_byzantine-stagingcookie - lookup=$cookie_byzantine-stagingcookie - zone=byzantine-stagingclient_sessions:1m; -} - -server { - listen 80; - server_name byzantine-tsp-staging.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name byzantine-tsp-staging.princeton.edu; - - ssl_certificate /etc/letsencrypt/live/byzantine-tsp-staging/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/byzantine-tsp-staging/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - - location / { - proxy_pass http://byzantine-tsp-staging; - proxy_set_header X-Forwarded-Host $host; - proxy_cache byzantine-stagingcache; - # handle errors using errors.conf - proxy_intercept_errors on; - health_check interval=10 fails=3 passes=2; - } - - include /etc/nginx/conf.d/templates/errors.conf; - -} diff --git a/roles/nginxplus/files/conf/http/catalog-qa.conf b/roles/nginxplus/files/conf/http/catalog-qa.conf deleted file mode 100644 index 485e0a29eb..0000000000 --- a/roles/nginxplus/files/conf/http/catalog-qa.conf +++ /dev/null @@ -1,55 +0,0 @@ -# This is an ansible_managed file. Any changes made will be overwritten -# when the role is run again -proxy_cache_path /data/nginx/catalog-qa/NGINX_cache/ keys_zone=catalog-qacache:10m; - -upstream catalog-qa { - zone catalog-qa 64k; - # server catalog-qa1.princeton.edu resolve; - server catalog-qa2.princeton.edu resolve; - sticky learn - create=$upstream_cookie_catalogqacookie - lookup=$cookie_catalogqacookie - zone=catalogqaclient_sessions:1m; -} - -server { - listen 80; - server_name catalog-qa.princeton.edu; - - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name catalog-qa.princeton.edu; - - ssl_certificate /etc/letsencrypt/live/catalog-qa/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/catalog-qa/privkey.pem; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - - location / { -# app_protect_enable on; - app_protect_security_log_enable on; - proxy_pass http://catalog-qa; - proxy_set_header X-Forwarded-Host $host; - proxy_cache catalog-qacache; - proxy_connect_timeout 2h; - proxy_send_timeout 2h; - proxy_read_timeout 2h; - proxy_max_temp_file_size 0; - proxy_buffer_size 128k; - proxy_buffers 4 256k; - proxy_busy_buffers_size 256k; - # handle errors using errors.conf - proxy_intercept_errors on; - health_check interval=10 fails=3 passes=2 uri=/catalog/1234567; - # allow princeton network - include /etc/nginx/conf.d/templates/restrict.conf; - # block all - deny all; - } - include /etc/nginx/conf.d/templates/errors.conf; -}