ansible: Fix problem with nginx configuration.

  * When trying to access the json schema resources, the nginx
    configuration was serving those files through the backend
    proxy, resulting in 404 errors.
  * Treat the /upload API as a different location, since it cannot
    be limited to some sort of files, and treat the other API
    resources in a dedicated location (where we exclude files like
    html, json, css...).
  * Create custom nginx configuration snippets to be imported where
    necessary.

5 files changed, 76 insertions, 26 deletions

diff --git a/ansible/roles/configure-nginx/files/backend-maintenance.conf b/ansible/roles/configure-nginx/files/backend-maintenance.conf
new file mode 100644
index 0000000..9bd7065
--- /dev/null
+++ b/ansible/roles/configure-nginx/files/backend-maintenance.conf
@@ -0,0 +1,4 @@
+if (-f $document_root/maintenance.html) {
+    more_set_headers "Content-Type: application/json; charset=UTF-8";
+    return 503 '{"code": 503, "reason": "Service maintenance"}';
+}
diff --git a/ansible/roles/configure-nginx/files/backend-proxy-cache.conf b/ansible/roles/configure-nginx/files/backend-proxy-cache.conf
new file mode 100644
index 0000000..1b6e31f
--- /dev/null
+++ b/ansible/roles/configure-nginx/files/backend-proxy-cache.conf
@@ -0,0 +1,6 @@
+# Proxy cache, disabled for now.
+# proxy_cache BACKEND;
+# proxy_cache_key $proxy_host$uri$is_args$args;
+# proxy_cache_lock on;
+# proxy_cache_lock_timeout 2s;
+# proxy_cache_valid 3h;
diff --git a/ansible/roles/configure-nginx/files/backend-proxy.conf b/ansible/roles/configure-nginx/files/backend-proxy.conf
new file mode 100644
index 0000000..6acd1fe
--- /dev/null
+++ b/ansible/roles/configure-nginx/files/backend-proxy.conf
@@ -0,0 +1,13 @@
+proxy_buffers 32 8k;
+proxy_buffer_size 8k;
+proxy_busy_buffers_size 64k;
+proxy_pass_header Server;
+proxy_set_header Host $http_host;
+proxy_redirect off;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Scheme $scheme;
+proxy_connect_timeout 9s;
+proxy_send_timeout 9s;
+proxy_read_timeout 9s;
+proxy_pass http://backends;
diff --git a/ansible/roles/configure-nginx/tasks/main.yml b/ansible/roles/configure-nginx/tasks/main.yml
index 38a1e2e..78b0668 100644
--- a/ansible/roles/configure-nginx/tasks/main.yml
+++ b/ansible/roles/configure-nginx/tasks/main.yml
@@ -98,3 +98,46 @@
     - reload-nginx
   tags:
     - web-server
+
+- name: Does the nginx custom directory exists?
+  file: path=/etc/nginx/custom/
+        state=directory
+        owner=root
+        group=root
+  notify:
+    - reload-nginx
+  tags:
+    - web-server
+
+- name: Copy backend maintenance configuration
+  copy: src=backend-maintenance.conf
+        dest=/etc/nginx/custom/backend-maintenance.conf
+        owner=root
+        group=root
+        mode=0644
+  notify:
+    - reload-nginx
+  tags:
+    - web-server
+
+- name: Copy backend proxy cache configuration
+  copy: src=backend-proxy-cache.conf
+        dest=/etc/nginx/custom/backend-proxy-cache.conf
+        owner=root
+        group=root
+        mode=0644
+  notify:
+    - reload-nginx
+  tags:
+    - web-server
+
+- name: Copy backend proxy configuration
+  copy: src=backend-proxy.conf
+        dest=/etc/nginx/custom/backend-proxy.conf
+        owner=root
+        group=root
+        mode=0644
+  notify:
+    - reload-nginx
+  tags:
+    - web-server
diff --git a/ansible/roles/configure-nginx/templates/backend-nginx.conf b/ansible/roles/configure-nginx/templates/backend-nginx.conf
index 9504de4..36ea1c7 100644
--- a/ansible/roles/configure-nginx/templates/backend-nginx.conf
+++ b/ansible/roles/configure-nginx/templates/backend-nginx.conf
@@ -49,35 +49,19 @@ server {
         add_header Cache-Control "public";
     }
 
-    location ~* /(?:(count|jobs?|defconfigs?|boots?|tokens?|batch|bisect|labs?|version|reports?|send|upload|tests?|trigger)(.*)(?!(\.(html?|json|css|js|png|jpe?g|ico|svg))))$ {
+    location ~ ^/(?:upload)(.*)$ {
+        client_max_body_size 501m;
 
-        if (-f $document_root/maintenance.html) {
-            more_set_headers "Content-Type: application/json; charset=UTF-8";
-            return 503 '{"code": 503, "reason": "Service maintenance"}';
-        }
+        include /etc/nginx/custom/backend-maintenance.conf;
+        include /etc/nginx/custom/backend-proxy.conf;
+    }
 
-        client_max_body_size 501m;
+    location ~ ^/(?:count|jobs?|defconfigs?|boots?|tokens?|batch|bisect|labs?|version|reports?|send|tests?|trigger)(?!(\.(html?|json|css|js|png|jpe?g|ico|svg)))$ {
+        client_max_body_size 10m;
         expires 30m;
 
-        # Proxy cache, disabled for now.
-        # proxy_cache BACKEND;
-        # proxy_cache_key $proxy_host$uri$is_args$args;
-        # proxy_cache_lock on;
-        # proxy_cache_lock_timeout 2s;
-        # proxy_cache_valid 3h;
-
-        proxy_buffers 32 8k;
-        proxy_buffer_size 8k;
-        proxy_busy_buffers_size 64k;
-        proxy_pass_header Server;
-        proxy_set_header Host $http_host;
-        proxy_redirect off;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Scheme $scheme;
-        proxy_connect_timeout 9s;
-        proxy_send_timeout 9s;
-        proxy_read_timeout 9s;
-        proxy_pass http://backends;
+        include /etc/nginx/custom/backend-maintenance.conf;
+        include /etc/nginx/custom/backend-proxy-cache.conf;
+        include /etc/nginx/custom/backend-proxy.conf;
     }
 }