1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

Merge pull request #2737 from holta/jhubfix

Lint jupyterhub-nginx.conf & nginx.conf
This commit is contained in:
A Holt 2021-04-17 07:59:14 -04:00 committed by GitHub
commit de234511b5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 82 additions and 67 deletions

View file

@ -18,7 +18,7 @@
when: not jupyterhub_enabled when: not jupyterhub_enabled
- name: 'Install from template: {{ nginx_conf_dir }}/jupyterhub-nginx.conf' - name: "Install from template: {{ nginx_conf_dir }}/jupyterhub-nginx.conf"
template: template:
src: jupyterhub-nginx.conf src: jupyterhub-nginx.conf
dest: "{{ nginx_conf_dir }}/" dest: "{{ nginx_conf_dir }}/"

View file

@ -16,11 +16,11 @@
- name: Make the directories to hold JupyterHub config - name: Make the directories to hold JupyterHub config
file: file:
state: directory state: directory
path: '{{ item }}' path: "{{ item }}"
with_items: with_items:
- '{{ jupyterhub_venv }}/etc/jupyter' - "{{ jupyterhub_venv }}/etc/jupyter"
- '{{ jupyterhub_venv }}/etc/jupyterhub' - "{{ jupyterhub_venv }}/etc/jupyterhub"
- '{{ jupyterhub_venv }}/etc/systemd' - "{{ jupyterhub_venv }}/etc/systemd"
- name: Use npm to install configurable-http-proxy - name: Use npm to install configurable-http-proxy
npm: npm:
@ -28,7 +28,7 @@
global: yes global: yes
state: latest state: latest
- name: 'Use pip to install into a virtual environment: {{ jupyterhub_venv }}' - name: "Use pip to install into a virtual environment: {{ jupyterhub_venv }}"
pip: pip:
name: name:
- pip - pip
@ -45,12 +45,12 @@
extra_args: "--no-cache-dir" extra_args: "--no-cache-dir"
when: internet_available when: internet_available
- name: 'Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py' - name: "Install from template: {{ jupyterhub_venv }}/etc/jupyterhub/jupyterhub_config.py"
template: template:
src: jupyterhub_config.py src: jupyterhub_config.py
dest: '{{ jupyterhub_venv }}/etc/jupyterhub/' dest: "{{ jupyterhub_venv }}/etc/jupyterhub/"
- name: 'Install from template: /etc/systemd/system/jupyterhub.service' - name: "Install from template: /etc/systemd/system/jupyterhub.service"
template: template:
src: jupyterhub.service src: jupyterhub.service
dest: /etc/systemd/system/ dest: /etc/systemd/system/

View file

@ -4,13 +4,20 @@ location /jupyterhub {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true; proxy_set_header X-NginX-Proxy true;
}
# websocket headers # Managing WebHook/Socket requests between hub user servers and external proxy
location ~* /(api/kernels/[^/]+/(channels|iopub|shell|stdin)|terminals/websocket)/? {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Scheme $scheme; proxy_set_header X-Scheme $scheme;
proxy_buffering off; proxy_buffering off;
} }

View file

@ -7,82 +7,90 @@ pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf; include /etc/nginx/modules-enabled/*.conf;
events { events {
worker_connections 768; worker_connections 768;
# multi_accept on; # multi_accept on;
} }
http { http {
## ##
# Basic Settings # Basic Settings
## ##
sendfile on; sendfile on;
tcp_nopush on; tcp_nopush on;
tcp_nodelay on; tcp_nodelay on;
keepalive_timeout 65; keepalive_timeout 65;
types_hash_max_size 2048; types_hash_max_size 2048;
# server_tokens off; # server_tokens off;
server_names_hash_bucket_size 64; server_names_hash_bucket_size 64;
# server_name_in_redirect off; # server_name_in_redirect off;
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type text/html; default_type text/html;
## ##
# SSL Settings # SSL Settings
## ##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
## ##
# Logging Settings # Logging Settings
## ##
log_format awstats log_format awstats
'$remote_addr - $remote_user [$time_local] "$request" ' '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "http_x_forwarded_for"'; '"$http_user_agent" "http_x_forwarded_for"';
access_log {{ nginx_log_dir }}/access.log awstats; access_log {{ nginx_log_dir }}/access.log awstats;
error_log {{ nginx_log_dir }}/error.log; error_log {{ nginx_log_dir }}/error.log;
log_format scripts '$request > $document_root$fastcgi_script_name $fastcgi_path_info'; log_format scripts '$request > $document_root$fastcgi_script_name $fastcgi_path_info';
access_log {{ nginx_log_dir }}/scripts.log scripts; access_log {{ nginx_log_dir }}/scripts.log scripts;
##
# Gzip Settings
##
## gzip on;
# Gzip Settings gzip_disable "msie6";
##
gzip on; # gzip_vary on;
gzip_disable "msie6"; # gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# gzip_vary on; # 2021-04-17: STANZA BELOW THANKS TO @georgejhunt FOR http://box/jupyterhub
# gzip_proxied any; # SEE ALSO IIAB's: roles/jupyterhub/templates/jupyterhub-nginx.conf
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
# top-level http config for websocket headers
# If Upgrade is defined, Connection = upgrade
# If Upgrade is empty, Connection = close
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# include a server file which in turn includes conf.d/* ##
include /etc/nginx/server.conf; # Virtual Host Configs
##
# include other sites
include /etc/nginx/sites-enabled/*.conf;
# include a server file which in turn includes conf.d/*
include /etc/nginx/server.conf;
# define the upstream backend fastcgi for php # include other sites
upstream php { include /etc/nginx/sites-enabled/*.conf;
server unix:/run/php/php{{ php_version }}-fpm.sock;
} # define the upstream backend fastcgi for php
upstream php {
server unix:/run/php/php{{ php_version }}-fpm.sock;
}
} }