guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

03/05: nginx/berlin: Add server configuration for Zabbix frontend.

From: Ricardo Wurmus
Subject: 03/05: nginx/berlin: Add server configuration for Zabbix frontend.
Date: Sun, 15 Mar 2020 16:27:25 -0400 (EDT) 
rekado pushed a commit to branch master
in repository maintenance.

commit 0998cd100c10e7776793e2a138e0f429b9eb655e
Author: Ricardo Wurmus <address@hidden>
AuthorDate: Sun Mar 15 21:24:27 2020 +0100

    nginx/berlin: Add server configuration for Zabbix frontend.
    
    * hydra/nginx/berlin.scm (%zabbix-nginx-server): New variable.
---
 hydra/nginx/berlin.scm | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/hydra/nginx/berlin.scm b/hydra/nginx/berlin.scm
index 196e11e..a73af23 100644
--- a/hydra/nginx/berlin.scm
+++ b/hydra/nginx/berlin.scm
@@ -1,7 +1,8 @@
 ;; Nginx configuration for ci.guix.gnu.org
 
 (use-modules (gnu services web)
-             (gnu services version-control))
+             (gnu services version-control)
+             (gnu packages monitoring))
 
 
 
@@ -778,3 +779,34 @@ PUBLISH-URL."
       (events . ((worker_connections . 1024)))))
    (extra-content
     (string-join %extra-content "\n"))))
+
+(define %zabbix-nginx-server
+  (nginx-server-configuration
+   (root #~(string-append #$zabbix-server:front-end "/share/zabbix/php"))
+   (listen '("443 ssl"))
+   (server-name '("monitor.guix.gnu.org"))
+   (ssl-certificate (le "monitor.guix.gnu.org"))
+   (ssl-certificate-key (le "monitor.guix.gnu.org" 'key))
+   (index '("index.php"))
+   (raw-content
+    (append
+     %tls-settings
+     (list
+      "access_log  /var/log/nginx/https.access.log;"
+      "proxy_set_header X-Forwarded-Host $host;"
+      "proxy_set_header X-Forwarded-Port $server_port;"
+      "proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;"
+      ;; For client cert authentication
+      "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;"
+      "ssl_crl /etc/ssl-ca/private/ca.crl;"
+      "ssl_verify_client on;")))
+   (locations
+    (let ((php-location (nginx-php-location)))
+      (list (nginx-location-configuration
+             (inherit php-location)
+             (body (cons "if ($ssl_client_verify != SUCCESS) { return 403; }"
+                         (append (nginx-location-configuration-body 
php-location)
+                                 (list "
+fastcgi_param PHP_VALUE \"post_max_size = 16M
+                          max_execution_time = 300\";
+"))))))))))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]