staging log server loadbalancer configuration

The configuration for our staging loadbalancer This was built "the hard way" related to #5479
pulibrary · Dec 5, 2024 · d498451 · d498451
1 parent dee158a
commit d498451
Showing 1 changed file with 51 additions and 0 deletions.
diff --git a/roles/nginxplus/files/conf/http/dev/kennyloggin_staging.conf b/roles/nginxplus/files/conf/http/dev/kennyloggin_staging.conf
@@ -0,0 +1,51 @@
+# {{ ansible_managed | comment }}
+proxy_cache_path /var/cache/nginx/kennyloggin-staging/ keys_zone=kennyloggin-stagingcache:10m;
+
+# This is required to proxy Grafana Live WebSocket connections.
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}
+
+upstream grafana {
+  server kennyloggin-staging1.lib.princeton.edu:3000;
+  server kennyloggin-staging2.lib.princeton.edu:3000;
+}
+
+server {
+    listen 80;
+    server_name kennylogging-staging.lib.princeton.edu;
+
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+server {
+  listen 443 ssl;
+  http2 on;
+  server_name kennyloggin-staging.lib.princeton.edu;
+    ssl_certificate            /etc/letsencrypt/live/kennyloggin-staging.lib/fullchain.pem;
+    ssl_certificate_key        /etc/letsencrypt/live/kennyloggin-staging.lib/privkey.pem;
+    ssl_session_cache          shared:SSL:1m;
+    ssl_prefer_server_ciphers  on;
+
+
+  location / {
+    app_protect_enable off;
+    app_protect_security_log_enable on;
+    proxy_set_header Host $host;
+    proxy_pass http://grafana;
+  }
+
+  # Proxy Grafana Live WebSocket connections.
+  location /api/live/ {
+    app_protect_enable off;
+    app_protect_security_log_enable on;
+    proxy_pass http://grafana;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_set_header Host $host;
+  }
+}