# Configuration file for the nginx service NGINX_CONF_FILE=/etc/nginx/nginx.eos.conf # User to run nginx under EOS_NGINX_USER=daemon # Hostname to use for nginx vhosts EOS_NGINX_HOSTNAME=`hostname -f` # Proxy Forwarding Target e.g. MGM URL to proxy, don't end the URL with a '/' ! EOS_NGINX_MGM_URL=http://localhost:8000 # nginx SSL configuration EOS_NGINX_SSL_CERTIFICATE=/etc/grid-security/hostcert.pem EOS_NGINX_SSL_KEY=/etc/grid-security/hostkey.pem # nginx-bundle should contain CERN CA plus all default CAs (Verisign, etc) EOS_NGINX_SSL_CLIENT_CERTIFICATE=/etc/grid-security/certificates/nginx-bundle.pem # Port to enable client certificate authentication on EOS_NGINX_CLIENT_SSL_PORT=443 # Enable openssl to use proxy certificates OPENSSL_ALLOW_PROXY_CERTS=1 # Port to enable kerberos authentication on EOS_NGINX_GSS_PORT=8443 # nginx kerberos configuration EOS_NGINX_GSS_KEYTAB=/etc/krb5.keytab EOS_NGINX_GSS_REALM=CERN.CH EOS_NGINX_GSS_SERVICE_NAME=host/$EOS_NGINX_HOSTNAME # nginx LDAP basic auth configuration EOS_NGINX_LDAP_URL="ldaps://cerndc.cern.ch/OU=Users,OU=Organic Units,DC=cern,DC=ch?samaccountname?sub?(objectClass=user)" EOS_NGINX_LDAP_BINDDN_USER="TEST" EOS_NGINX_LDAP_BINDDN_PASSWORD="TESTPWD" EOS_NGINX_LDAP_SSL_PORT=4443 # Set this to 0 to allow nginx to resolve redirects from the mgm internally, # i.e. not sending the 3xx response back to the client. This allows PUT and GET # to work with WebDAV clients who do not know how to handle the redirect. EOS_NGINX_REDIRECT_EXTERNALLY=0 # Make a copy of the template config file cp /etc/nginx/nginx.eos.conf.template /etc/nginx/nginx.eos.conf # Replace all the thing sed -i "s#EOS_NGINX_MGM_URL#$EOS_NGINX_MGM_URL#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_USER#$EOS_NGINX_USER#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_HOSTNAME#$EOS_NGINX_HOSTNAME#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_CLIENT_SSL_PORT#$EOS_NGINX_CLIENT_SSL_PORT#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_SSL_CERTIFICATE#$EOS_NGINX_SSL_CERTIFICATE#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_SSL_KEY#$EOS_NGINX_SSL_KEY#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_SSL_CLIENT_CERTIFICATE#$EOS_NGINX_SSL_CLIENT_CERTIFICATE#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_GSS_PORT#$EOS_NGINX_GSS_PORT#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_GSS_KEYTAB#$EOS_NGINX_GSS_KEYTAB#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_GSS_REALM#$EOS_NGINX_GSS_REALM#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_GSS_SERVICE_NAME#$EOS_NGINX_GSS_SERVICE_NAME#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_REDIRECT_EXTERNALLY#$EOS_NGINX_REDIRECT_EXTERNALLY#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_LDAP_SSL_PORT#$EOS_NGINX_LDAP_SSL_PORT#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_LDAP_URL#$EOS_NGINX_LDAP_URL#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_LDAP_BINDDN_USER#$EOS_NGINX_LDAP_BINDDN_USER#g" /etc/nginx/nginx.eos.conf sed -i "s#EOS_NGINX_LDAP_BINDDN_PASSWORD#$EOS_NGINX_LDAP_BINDDN_PASSWORD#g" /etc/nginx/nginx.eos.conf