From 22e3deb5f736fb5ae408d4927f2aeeacfc89d793 Mon Sep 17 00:00:00 2001
From: Vickie Karasic <vmkarasic@gmail.com>
Date: Fri, 20 Sep 2024 14:50:16 -0400
Subject: [PATCH] add nginxplus configs for slavery-dev sites

commenting out deny rules

Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com>
Co-authored-by: Denzil Phillips <dphillips-39@users.noreply.github.com>
Co-authored-by: Francis Kayiwa <kayiwa@users.noreply.github.com>
---
 .../files/conf/http/slavery-dev.conf          | 53 +++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 roles/nginxplus/files/conf/http/slavery-dev.conf

diff --git a/roles/nginxplus/files/conf/http/slavery-dev.conf b/roles/nginxplus/files/conf/http/slavery-dev.conf
new file mode 100644
index 000000000..74268cdf3
--- /dev/null
+++ b/roles/nginxplus/files/conf/http/slavery-dev.conf
@@ -0,0 +1,53 @@
+# Ansible managed
+proxy_cache_path /data/nginx/slavery-dev/NGINX_cache/ keys_zone=slavery-devcache:10m;
+
+upstream slavery-dev {
+    zone slavery-dev 64k;
+    server slavery-staging-upgrade1.lib.princeton.edu resolve;
+    server slavery-staging-upgrade2.lib.princeton.edu resolve;
+    sticky learn
+          create=$upstream_cookie_slaverydevcookie
+          lookup=$cookie_slaverydevcookie
+          zone=slaverydevclient_sessions:1m;
+}
+
+server {
+    listen 80;
+    server_name slavery-dev.princeton.edu;
+
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name slavery-dev.princeton.edu;
+
+    ssl_certificate            /etc/letsencrypt/live/slavery-dev/fullchain.pem;
+    ssl_certificate_key        /etc/letsencrypt/live/slavery-dev/privkey.pem;
+    ssl_session_cache          shared:SSL:1m;
+    ssl_prefer_server_ciphers  on;
+
+    location / {
+#        # app_protect_enable on;
+#        # app_protect_security_log_enable on;
+        proxy_pass http://slavery-dev;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_cache slavery-devcache;
+        proxy_connect_timeout      2h;
+        proxy_send_timeout         2h;
+        proxy_read_timeout         2h;
+        # handle errors using errors.conf
+        proxy_intercept_errors on;
+        # health_check interval=10 fails=3 passes=2 uri=/talkback/get-in-touch;
+        # allow princeton network
+        # include /etc/nginx/conf.d/templates/restrict.conf;
+        # block all
+        # deny all;
+    }
+
+    include /etc/nginx/conf.d/templates/errors.conf;
+
+}