daemon off; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 1024; multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; client_max_body_size 0; types_hash_max_size 2048; proxy_request_buffering off; server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; {% if skyline_ssl_certfile and skyline_ssl_keyfile %} ## # SSL Settings ## ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; # Self signed certs generated by the ssl-cert package # Don't use them in a production server! ssl_certificate {{ skyline_ssl_certfile }}; ssl_certificate_key {{ skyline_ssl_keyfile }}; {% endif %} ## # Logging Settings ## log_format main '$remote_addr - $remote_user [$time_local] "$request_time" ' '"$upstream_response_time" "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-access.log main; error_log {{ log_dir | default('/var/log/skyline') }}/skyline-nginx-error.log; ## # Gzip Settings ## gzip on; gzip_static on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; # gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## server { listen {{ api_interface_address | put_address_in_context('url') }}:{{ skyline_console_listen_port }}{% if skyline_ssl_certfile and skyline_ssl_keyfile %} ssl http2{% endif %} default_server; root /var/lib/kolla/venv/lib/python{{ distro_python_version }}/site-packages/skyline_console/static; # Add index.php to the list if you are using PHP index index.html; server_name _; error_page 497 https://$http_host$request_uri; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.html; expires 1d; add_header Cache-Control "public"; } # Service: skyline location {{ skyline_nginx_prefix }}/skyline/ { proxy_pass {{ internal_protocol }}://{{ skyline_internal_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}/; proxy_redirect {{ internal_protocol }}://{{ skyline_internal_fqdn | put_address_in_context('url') }}:{{ skyline_apiserver_port }}/ {{ skyline_nginx_prefix }}/skyline/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% if enable_keystone | bool %}# Region: {{ openstack_region_name }}, Service: keystone location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone { proxy_pass {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}/; proxy_redirect {{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/keystone/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} {% if enable_glance | bool %}# Region: {{ openstack_region_name }}, Service: glance location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/glance { proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}/; proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/glance/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} {% if enable_neutron | bool %}# Region: {{ openstack_region_name }}, Service: neutron location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/neutron { proxy_pass {{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}/; proxy_redirect {{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/neutron/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} {% if enable_nova | bool %}# Region: {{ openstack_region_name }}, Service: nova location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/nova { proxy_pass {{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/; proxy_redirect {{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/nova/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} {% if enable_placement | bool %}# Region: {{ openstack_region_name }}, Service: placement location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/placement { proxy_pass {{ internal_protocol }}://{{ placement_internal_fqdn | put_address_in_context('url') }}:{{ placement_api_port }}/; proxy_redirect {{ internal_protocol }}://{{ placement_internal_fqdn | put_address_in_context('url') }}:{{ placement_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/placement/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} {% if enable_cinder | bool %}# Region: {{ openstack_region_name }}, Service: cinder location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/cinder { proxy_pass {{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/; proxy_redirect {{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/cinder/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} {% if enable_heat | bool %}# Region: {{ openstack_region_name }}, Service: heat location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/heat { proxy_pass {{ internal_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/; proxy_redirect {{ internal_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/heat/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} {% if enable_octavia | bool %}# Region: {{ openstack_region_name }}, Service: octavia location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/octavia { proxy_pass {{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}/; proxy_redirect {{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/octavia/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} {% if enable_manila | bool %}# Region: {{ openstack_region_name }}, Service: manilav2 location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/manilav2 { proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/; proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/manilav2/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} {% if enable_ironic | bool %}# Region: {{ openstack_region_name }}, Service: ironic location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/ironic { proxy_pass {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}/; proxy_redirect {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/ironic/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} {% if enable_zun | bool %}# Region: {{ openstack_region_name }}, Service: zun location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/zun { proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ zun_api_port }}/; proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ zun_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/zun/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} {% if enable_magnum | bool %}# Region: {{ openstack_region_name }}, Service: magnum location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/magnum { proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ magnum_api_port }}/; proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ magnum_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/magnum/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} {% if enable_trove | bool %}# Region: {{ openstack_region_name }}, Service: trove location {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/trove { proxy_pass {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ trove_api_port }}/; proxy_redirect {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ trove_api_port }}/ {{ skyline_nginx_prefix }}/{{ openstack_region_name | lower }}/trove/; proxy_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $http_host; } {% endif %} } }