[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/05: nginx/berlin: Add server configuration for Zabbix frontend.
From: |
Ricardo Wurmus |
Subject: |
03/05: nginx/berlin: Add server configuration for Zabbix frontend. |
Date: |
Sun, 15 Mar 2020 16:27:25 -0400 (EDT) |
rekado pushed a commit to branch master
in repository maintenance.
commit 0998cd100c10e7776793e2a138e0f429b9eb655e
Author: Ricardo Wurmus <address@hidden>
AuthorDate: Sun Mar 15 21:24:27 2020 +0100
nginx/berlin: Add server configuration for Zabbix frontend.
* hydra/nginx/berlin.scm (%zabbix-nginx-server): New variable.
---
hydra/nginx/berlin.scm | 34 +++++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git a/hydra/nginx/berlin.scm b/hydra/nginx/berlin.scm
index 196e11e..a73af23 100644
--- a/hydra/nginx/berlin.scm
+++ b/hydra/nginx/berlin.scm
@@ -1,7 +1,8 @@
;; Nginx configuration for ci.guix.gnu.org
(use-modules (gnu services web)
- (gnu services version-control))
+ (gnu services version-control)
+ (gnu packages monitoring))
@@ -778,3 +779,34 @@ PUBLISH-URL."
(events . ((worker_connections . 1024)))))
(extra-content
(string-join %extra-content "\n"))))
+
+(define %zabbix-nginx-server
+ (nginx-server-configuration
+ (root #~(string-append #$zabbix-server:front-end "/share/zabbix/php"))
+ (listen '("443 ssl"))
+ (server-name '("monitor.guix.gnu.org"))
+ (ssl-certificate (le "monitor.guix.gnu.org"))
+ (ssl-certificate-key (le "monitor.guix.gnu.org" 'key))
+ (index '("index.php"))
+ (raw-content
+ (append
+ %tls-settings
+ (list
+ "access_log /var/log/nginx/https.access.log;"
+ "proxy_set_header X-Forwarded-Host $host;"
+ "proxy_set_header X-Forwarded-Port $server_port;"
+ "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"
+ ;; For client cert authentication
+ "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;"
+ "ssl_crl /etc/ssl-ca/private/ca.crl;"
+ "ssl_verify_client on;")))
+ (locations
+ (let ((php-location (nginx-php-location)))
+ (list (nginx-location-configuration
+ (inherit php-location)
+ (body (cons "if ($ssl_client_verify != SUCCESS) { return 403; }"
+ (append (nginx-location-configuration-body
php-location)
+ (list "
+fastcgi_param PHP_VALUE \"post_max_size = 16M
+ max_execution_time = 300\";
+"))))))))))