add nginxplus configs for slavery-dev sites

commenting out deny rules

Co-authored-by: Alicia Cozine <[email protected]>
Co-authored-by: Beck Davis <[email protected]>
Co-authored-by: Denzil Phillips <[email protected]>
Co-authored-by: Francis Kayiwa <[email protected]>

roles/nginxplus/files/conf/http/slavery-dev.conf

@@ -0,0 +1,53 @@
+# Ansible managed
+proxy_cache_path /data/nginx/slavery-dev/NGINX_cache/ keys_zone=slavery-devcache:10m;
+
+upstream slavery-dev {
+    zone slavery-dev 64k;
+    server slavery-staging-upgrade1.lib.princeton.edu resolve;
+    server slavery-staging-upgrade2.lib.princeton.edu resolve;
+    sticky learn
+          create=$upstream_cookie_slaverydevcookie
+          lookup=$cookie_slaverydevcookie
+          zone=slaverydevclient_sessions:1m;
+}
+
+server {
+    listen 80;
+    server_name slavery-dev.princeton.edu;
+
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name slavery-dev.princeton.edu;
+
+    ssl_certificate            /etc/letsencrypt/live/slavery-dev/fullchain.pem;
+    ssl_certificate_key        /etc/letsencrypt/live/slavery-dev/privkey.pem;
+    ssl_session_cache          shared:SSL:1m;
+    ssl_prefer_server_ciphers  on;
+
+    location / {
+#        # app_protect_enable on;
+#        # app_protect_security_log_enable on;
+        proxy_pass http://slavery-dev;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_cache slavery-devcache;
+        proxy_connect_timeout      2h;
+        proxy_send_timeout         2h;
+        proxy_read_timeout         2h;
+        # handle errors using errors.conf
+        proxy_intercept_errors on;
+        # health_check interval=10 fails=3 passes=2 uri=/talkback/get-in-touch;
+        # allow princeton network
+        # include /etc/nginx/conf.d/templates/restrict.conf;
+        # block all
+        # deny all;
+    }
+
+    include /etc/nginx/conf.d/templates/errors.conf;
+
+}