auditor-nginx.conf.j2 (1148B)
1 server { 2 3 include conf.d/listen.conf.inc; 4 5 server_name auditor.{{ domain_name }}; 6 7 ssl_certificate /etc/letsencrypt/live/auditor/fullchain.pem; 8 ssl_certificate_key /etc/letsencrypt/live/auditor/privkey.pem; 9 ssl_trusted_certificate /etc/letsencrypt/live/auditor/chain.pem; 10 11 # Bigger than default timeout to support long polling 12 proxy_read_timeout 6500s; 13 keepalive_requests 1000000; 14 keepalive_timeout 6500s; 15 16 error_log /var/log/nginx/auditor.{{ domain_name }}.err; 17 access_log /var/log/nginx/auditor.{{ domain_name }}.log; 18 19 access_log /var/log/nginx/auditor.{{ domain_name }}.tal taler if=$log_perf; 20 location / { 21 # Most of the API we will put behind simple access control for now. 22 if ($http_authorization != "Bearer {{ AUDITOR_ACCESS_TOKEN }}") { 23 return 401; 24 } 25 proxy_pass http://unix:/var/run/taler-auditor/httpd/auditor-http.sock; 26 } 27 28 # Paths without any access control 29 location = /config { 30 proxy_pass http://unix:/var/run/taler-auditor/httpd/auditor-http.sock; 31 } 32 location = /deposit-confirmation { 33 proxy_pass http://unix:/var/run/taler-auditor/httpd/auditor-http.sock; 34 } 35 36 }