pid {{ param_headless_chromium['nginx-pid-path'] }}; error_log {{ param_headless_chromium['nginx-error-log'] }}; events { worker_connections 1024; } http { access_log {{ param_headless_chromium['nginx-access-log'] }}; include {{ param_headless_chromium['nginx-mime-types'] }}; default_type application/octet-stream; types { text/html html; text/css css; application/javascript js; } server { listen {{ param_headless_chromium['proxy-address'] }} ssl; # Require username/password to access remote debugging port. auth_basic "Remote Debugging"; auth_basic_user_file {{ param_headless_chromium['nginx-htpasswd-file'] }}; # Use self-signed SSL certificate. ssl_certificate {{ param_headless_chromium['nginx-cert-file'] }}; ssl_certificate_key {{ param_headless_chromium['nginx-key-file'] }}; client_body_temp_path {{ param_headless_chromium['nginx-temp-path'] }}; proxy_temp_path {{ param_headless_chromium['nginx-temp-path'] }}; fastcgi_temp_path {{ param_headless_chromium['nginx-temp-path'] }}; uwsgi_temp_path {{ param_headless_chromium['nginx-temp-path'] }}; scgi_temp_path {{ param_headless_chromium['nginx-temp-path'] }}; # All websocket connections are served from /devtools. location /devtools { proxy_http_version 1.1; proxy_set_header Host {{ param_headless_chromium['remote-debugging-address'] }}; proxy_pass http://{{ param_headless_chromium['remote-debugging-address'] }}; proxy_set_header Upgrade "websocket"; proxy_set_header Connection "Upgrade"; } # The DevTools frontend is served from /serve_file/@{version_hash}. location ~ "^\/serve_file\/@[0-9a-f]{5,40}\/(.*)" { alias {{ param_headless_chromium['devtools-frontend-root'] }}/$1; } location / { proxy_http_version 1.1; # The proxy must set the Host header to an IP address, since the # headless Chromium shell refuses to run otherwise, for security # reasons. # See https://bugs.chromium.org/p/chromium/issues/detail?id=813540. proxy_set_header Host {{ param_headless_chromium['remote-debugging-address'] }}; proxy_pass http://{{ param_headless_chromium['remote-debugging-address'] }}; # The browser security policy will prevent us from loading the # Websocket connection without TLS, so we have to go through the # frontend CDN URL. The tricky thing is that the frontend URL is # not available yet when this file is built; what we do instead is # use the given Host header. sub_filter "ws={{ param_headless_chromium['remote-debugging-address'] }}" "wss=$host"; sub_filter_once on; sub_filter_types application/json; sub_filter "ws://{{ param_headless_chromium['remote-debugging-address'] }}" "wss://$host"; sub_filter_types application/json; # We want to use our own DevTools frontend rather than # https://chrome-devtools-frontend.appspot.com. There should be a # --custom-devtools-frontend flag for Chromium, but it doesn't # seem to work with the remote debugging port. sub_filter "chrome-devtools-frontend.appspot.com" "$host"; sub_filter_types *; } } }