templates/nginx/config/rubber/role/web_tools/nginx-tools.conf in rubber-2.0.8 vs templates/nginx/config/rubber/role/web_tools/nginx-tools.conf in rubber-2.1.0

@@ -11,9 +11,50 @@
   root /var/www;
 
   rewrite (.*) https://$host:<%= rubber_env.web_tools_ssl_port %>$1 break;
 }
 
+# Web Tools Proxies
+<%
+  Array(rubber_env.web_tools_proxies).each do |name, settings|
+    proxy_host = rubber_instances.for_role(settings.role).first.full_name rescue nil
+    next unless proxy_host
+
+    host = "#{name}-#{rubber_env.full_host}"
+    host_and_port = "#{host}:#{rubber_env.web_tools_ssl_port}"
+
+    # don't use settings.path here - mapping the host/port is sufficient,
+    # and path can be done in tools-index.html.  This allows admin sites
+    # that hit other paths on same host/port to still function, e.g. elasticsearch
+    proxy_url = "http://#{proxy_host}:#{settings.port}/"
+%>
+server
+  {
+    listen <%= rubber_env.web_tools_ssl_port %>;
+    server_name <%= host %>;
+
+    ssl                  on;
+    <% if rubber_env.use_ssl_key %>
+      ssl_certificate <%= Rubber.root %>/config/<%= rubber_env.domain %>.crt;
+      ssl_certificate_key <%= Rubber.root %>/config/<%= rubber_env.domain %>.key;
+    <% else %>
+      ssl_certificate  /etc/ssl/certs/ssl-cert-snakeoil.pem;
+      ssl_certificate_key  /etc/ssl/private/ssl-cert-snakeoil.key;
+    <% end %>
+
+    auth_basic            "Rubber Admin Tools";
+    auth_basic_user_file  <%= Rubber.root %>/config/<%= rubber_env.app_name %>.auth;
+
+    client_max_body_size 10M;
+    root /var/www;
+
+    location /
+    {
+      proxy_pass <%= proxy_url %>;
+    }
+  }
+<% end %>
+
 # This server is setup to serve https.
 server
 {
   listen <%= rubber_env.web_tools_ssl_port %>;
   server_name <%= rubber_env.full_host %>;