This repository has been archived by the owner on Mar 21, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
nginx.conf
192 lines (160 loc) · 4.77 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
user nginx;
worker_processes 1;
daemon off;
# Default nginx image symlinks:
# ln -sf /dev/stdout /var/log/nginx/access.log
# ln -sf /dev/stderr /var/log/nginx/error.log
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
charset_types
text/css
text/plain
text/vnd.wap.wml
application/javascript
application/json
application/rss+xml
application/xml;
server_tokens off;
log_format json_combined escape=json
'{'
'"time_local":"$time_local",'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"request":"$request",'
'"status": "$status",'
'"body_bytes_sent":"$body_bytes_sent",'
'"request_time":"$request_time",'
'"http_referrer":"$http_referer",'
'"http_user_agent":"$http_user_agent"'
'}';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip on;
gzip_min_length 50;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/x-javascript
application/xml
application/vnd.ms-fontobject
application/x-font-ttf
font/opentype
image/svg+xml
image/x-icon;
keepalive_timeout 65;
resolver 127.0.0.11 valid=30s;
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
default off;
https on;
}
proxy_redirect off;
proxy_pass_request_headers on;
proxy_http_version 1.1;
proxy_set_header Proxy "";
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
## 80 -- Redirect almost everything to SSL
server {
listen 80 default;
location /health {
access_log off;
error_log off;
default_type application/json;
return 200 '{"status":"UP"}';
}
location / {
return 301 https://$host$request_uri;
}
}
## 443 == proxy everything elsewhere
server {
listen 443 ssl;
access_log /var/log/nginx/access.log json_combined;
server_name $host;
ssl_certificate /etc/cert/server.pem;
ssl_certificate_key /etc/cert/private.pem;
location / {
set $upstream_webapp http://webapp:8080;
proxy_pass $upstream_webapp;
}
location /auth/ {
set $upstream_auth http://auth:9080;
proxy_pass $upstream_auth$request_uri;
}
location /couchdb {
set $upstream_couchdb http://couchdb:5984;
rewrite ^/couchdb(?:/(.*))? /$1 break;
proxy_pass $upstream_couchdb;
}
location /interactivemap {
set $upstream_interactivemap http://interactivemap:9080;
proxy_pass $upstream_interactivemap$request_uri;
}
location /map/ {
set $upstream_map http://map:9080;
proxy_pass $upstream_map$request_uri;
}
location /mediator/ {
set $upstream_mediator http://mediator:9080;
proxy_pass $upstream_mediator$request_uri;
}
location /players/ {
set $upstream_player http://player:9080;
proxy_pass $upstream_player$request_uri;
}
location /rooms/ {
set $upstream_room http://room:9080;
proxy_pass $upstream_room$request_uri;
}
location /slackin {
set $upstream_slackin http://slackin:3000;
rewrite ^/slackin(?:/(.*))? /$1 break;
proxy_pass $upstream_slackin;
}
location /swagger {
set $upstream_swagger http://swagger:8080;
proxy_pass $upstream_swagger$request_uri;
}
}
}