aaroncox/nginx.conf

## nginx.conf
user www-data;

worker_processes auto;
worker_rlimit_nofile 65535;

pid /run/nginx.pid;
# include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 10000;
	multi_accept off;
	use epoll;
}

http {

	client_body_timeout   32;
	client_header_timeout 32;

	keepalive_timeout 90;
	keepalive_requests 100000;
	send_timeout 120;

	reset_timedout_connection on;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;

	types_hash_max_size 2048;
	server_tokens off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;
        ssl_stapling on;
        ssl_stapling_verify on;

	access_log off;
	error_log /var/log/nginx/error.log;

	gzip on;
	gzip_min_length 10240;
	gzip_proxied expired no-cache no-store private auth;
	gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml;
	gzip_disable msie6;

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;

}

## nodeos-fullnode.conf
proxy_cache_path /ramdisk/nginx/core keys_zone=nodeos:1000m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /ramdisk/nginx/full keys_zone=fullnodeos:1000m levels=1:2 inactive=600s max_size=100m;

upstream nodeos {
    server 8.26.94.31 fail_timeout=15s;
    server 127.0.0.1:8888 badckup; # localhost backup
    server 18.231.174.29 backup; # api.eosrio.io
    server 35.190.58.19 backup; # api.eosnewyork.io
}


upstream fullnodeos {
    server 127.0.0.1:8888 fail_timeout=15s;
    server 18.231.174.29 backup; # api.eosrio.io
    server 35.190.58.19 backup; # api.eosnewyork.io
}

log_format rt_cache '$remote_addr - $upstream_cache_status $upstream_addr [$time_local]  '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent"';

log_format rt_mini '$remote_addr - $upstream_cache_status $upstream_addr [$time_local]  '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer"';

server {
    listen 80;
    #listen 443 ssl http2;
    server_name _;
    root /var/www/html/;

    #access_log off;
    #access_log /var/log/nginx/access.log;
    #access_log  /var/log/nginx/cache.log  rt_cache;
    #access_log  /var/log/nginx/cache.log  rt_mini;

    keepalive_timeout 120;
    keepalive_requests 100000;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    include /etc/nginx/proxy_headers.conf;

    location ~ /.well-known {
        allow all;
    }

    location /stub_status {
        stub_status;
        allow 127.0.0.1;
        deny all;
    }

    location / {
        include /etc/nginx/proxy_headers.conf;
        proxy_pass http://nodeos;

        proxy_http_version 1.1;
        proxy_connect_timeout 15s;
        proxy_next_upstream error timeout invalid_header http_500;

        location ~* v1\/history\/get_(actions|controlled_accounts|key_accounts|transaction)$ {
            include /etc/nginx/proxy_headers.conf;
            proxy_cache_lock on;
            proxy_cache_methods POST;
            proxy_cache fullnodeos;
            proxy_cache_key "$request_uri|$request_body";
            proxy_cache_valid 200 1s;
            proxy_cache_use_stale updating;
            proxy_pass http://fullnodeos;
        }

        location ~* v1\/chain\/get_(info|table_rows)$ {
            include /etc/nginx/proxy_headers.conf;
            proxy_cache_lock on;
            proxy_cache_methods POST;
            proxy_cache nodeos;
            proxy_cache_key "$request_uri|$request_body";
            proxy_cache_valid 200 1s;
            proxy_cache_use_stale updating;
            proxy_pass http://nodeos;
        }
    }

    #ssl_certificate /etc/letsencrypt/live/eos.greymass.com/fullchain.pem; # managed by Certbot
    #ssl_certificate_key /etc/letsencrypt/live/eos.greymass.com/privkey.pem; # managed by Certbot
}

## nodeos-node.conf
proxy_cache_path /ramdisk/nginx/core keys_zone=nodeos:1000m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /ramdisk/nginx/full keys_zone=fullnodeos:1000m levels=1:2 inactive=600s max_size=100m;

upstream nodeos {
    server 127.0.0.1:8888 fail_timeout=15s;
    server 18.231.174.29 backup; # api.eosrio.io
    server 35.190.58.19 backup; # api.eosnewyork.io
}

upstream fullnodeos {
    server 158.69.23.184 fail_timeout=15s;
    server 18.231.174.29 backup; # api.eosrio.io
    server 35.190.58.19 backup; # api.eosnewyork.io
}

log_format rt_cache '$remote_addr - $upstream_cache_status $upstream_addr [$time_local]  '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent"';

log_format rt_mini '$remote_addr - $upstream_cache_status $upstream_addr [$time_local]  '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer"';

server {
    listen 80;
    #listen 443 ssl http2;
    server_name _;
    root /var/www/html/;

    #access_log off;
    #access_log /var/log/nginx/access.log;
    #access_log  /var/log/nginx/cache.log  rt_cache;
    #access_log  /var/log/nginx/cache.log  rt_mini;

    keepalive_timeout 120;
    keepalive_requests 100000;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    include /etc/nginx/proxy_headers.conf;

    location ~ /.well-known {
        allow all;
    }

    location /stub_status {
        stub_status;
        allow 127.0.0.1;
        deny all;
    }

    location / {
        include /etc/nginx/proxy_headers.conf;
        proxy_pass http://nodeos;

        proxy_http_version 1.1;
        proxy_connect_timeout 15s;
        proxy_next_upstream error timeout invalid_header http_500;

        location ~* v1\/history\/get_(actions|controlled_accounts|key_accounts|transaction)$ {
            include /etc/nginx/proxy_headers.conf;
            proxy_cache_lock on;
            proxy_cache_methods POST;
            proxy_cache fullnodeos;
            proxy_cache_key "$request_uri|$request_body";
            proxy_cache_valid 200 1s;
            proxy_cache_use_stale updating;
            proxy_pass http://fullnodeos;
        }

        location ~* v1\/chain\/get_(info|table_rows)$ {
            include /etc/nginx/proxy_headers.conf;
            proxy_cache_lock on;
            proxy_cache_methods POST;
            proxy_cache nodeos;
            proxy_cache_key "$request_uri|$request_body";
            proxy_cache_valid 200 1s;
            proxy_cache_use_stale updating;
            proxy_pass http://nodeos;
        }

    }

    #ssl_certificate /etc/letsencrypt/live/eos.greymass.com/fullchain.pem; # managed by Certbot
    #ssl_certificate_key /etc/letsencrypt/live/eos.greymass.com/privkey.pem; # managed by Certbot
}

## proxy_headers.conf
proxy_hide_header 'Access-Control-Allow-Origin';
proxy_hide_header 'Access-Control-Allow-Headers';
proxy_hide_header 'Via';
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'X-Requested-With,Accept,Content-Type,Origin';
add_header Host $host;
add_header Upgrade $http_upgrade;
add_header X-Cached $upstream_cache_status;
	user www-data;

	worker_processes auto;
	worker_rlimit_nofile 65535;

	pid /run/nginx.pid;
	# include /etc/nginx/modules-enabled/*.conf;

	events {
	worker_connections 10000;
	multi_accept off;
	use epoll;
	}

	http {

	client_body_timeout 32;
	client_header_timeout 32;

	keepalive_timeout 90;
	keepalive_requests 100000;
	send_timeout 120;

	reset_timedout_connection on;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;

	types_hash_max_size 2048;
	server_tokens off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;
	ssl_stapling on;
	ssl_stapling_verify on;

	access_log off;
	error_log /var/log/nginx/error.log;

	gzip on;
	gzip_min_length 10240;
	gzip_proxied expired no-cache no-store private auth;
	gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml;
	gzip_disable msie6;

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;

	}
	proxy_cache_path /ramdisk/nginx/core keys_zone=nodeos:1000m levels=1:2 inactive=600s max_size=100m;
	proxy_cache_path /ramdisk/nginx/full keys_zone=fullnodeos:1000m levels=1:2 inactive=600s max_size=100m;

	upstream nodeos {
	server 8.26.94.31 fail_timeout=15s;
	server 127.0.0.1:8888 badckup; # localhost backup
	server 18.231.174.29 backup; # api.eosrio.io
	server 35.190.58.19 backup; # api.eosnewyork.io
	}


	upstream fullnodeos {
	server 127.0.0.1:8888 fail_timeout=15s;
	server 18.231.174.29 backup; # api.eosrio.io
	server 35.190.58.19 backup; # api.eosnewyork.io
	}

	log_format rt_cache '$remote_addr - $upstream_cache_status $upstream_addr [$time_local] '
	'"$request" $status $body_bytes_sent '
	'"$http_referer" "$http_user_agent"';

	log_format rt_mini '$remote_addr - $upstream_cache_status $upstream_addr [$time_local] '
	'"$request" $status $body_bytes_sent '
	'"$http_referer"';

	server {
	listen 80;
	#listen 443 ssl http2;
	server_name _;
	root /var/www/html/;

	#access_log off;
	#access_log /var/log/nginx/access.log;
	#access_log /var/log/nginx/cache.log rt_cache;
	#access_log /var/log/nginx/cache.log rt_mini;

	keepalive_timeout 120;
	keepalive_requests 100000;
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;

	include /etc/nginx/proxy_headers.conf;

	location ~ /.well-known {
	allow all;
	}

	location /stub_status {
	stub_status;
	allow 127.0.0.1;
	deny all;
	}

	location / {
	include /etc/nginx/proxy_headers.conf;
	proxy_pass http://nodeos;

	proxy_http_version 1.1;
	proxy_connect_timeout 15s;
	proxy_next_upstream error timeout invalid_header http_500;

	location ~* v1\/history\/get_(actions\|controlled_accounts\|key_accounts\|transaction)$ {
	include /etc/nginx/proxy_headers.conf;
	proxy_cache_lock on;
	proxy_cache_methods POST;
	proxy_cache fullnodeos;
	proxy_cache_key "$request_uri\|$request_body";
	proxy_cache_valid 200 1s;
	proxy_cache_use_stale updating;
	proxy_pass http://fullnodeos;
	}

	location ~* v1\/chain\/get_(info\|table_rows)$ {
	include /etc/nginx/proxy_headers.conf;
	proxy_cache_lock on;
	proxy_cache_methods POST;
	proxy_cache nodeos;
	proxy_cache_key "$request_uri\|$request_body";
	proxy_cache_valid 200 1s;
	proxy_cache_use_stale updating;
	proxy_pass http://nodeos;
	}
	}

	#ssl_certificate /etc/letsencrypt/live/eos.greymass.com/fullchain.pem; # managed by Certbot
	#ssl_certificate_key /etc/letsencrypt/live/eos.greymass.com/privkey.pem; # managed by Certbot
	}
	proxy_hide_header 'Access-Control-Allow-Origin';
	proxy_hide_header 'Access-Control-Allow-Headers';
	proxy_hide_header 'Via';
	add_header 'Access-Control-Allow-Origin' '*';
	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
	add_header 'Access-Control-Allow-Headers' 'X-Requested-With,Accept,Content-Type,Origin';
	add_header Host $host;
	add_header Upgrade $http_upgrade;
	add_header X-Cached $upstream_cache_status;