bcoe/ibm-nginx.conf Secret

## ibm-nginx.conf
user root;
worker_processes 1;
pid /var/run/nginx.pid;
worker_rlimit_nofile 30000;
events {
    # After increasing this value You probably should increase limit
    # of file descriptors (for example in start_precmd in startup script)
    worker_connections  4096;
}
http {
    upstream website {
        server 127.0.0.1:8081;
    }
    upstream registry {
        # 8080 direct 6081 varnish
        server 127.0.0.1:6081;
    }
    client_max_body_size 200M;
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    keepalive_timeout  65;
    # npm Enterprise on HTTPS.
    server {
        listen       443;
        server_name  npm.whitewater.ibm.com;
        ssl                  on;
        ssl_certificate      /etc/nginx/wildcard.pem;
        ssl_certificate_key  /etc/nginx/wildcard.pem;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
        location / {
            proxy_pass       http://website;
              proxy_pass_request_headers on;
        }
    }
    server {
        listen       443;
        server_name  npm-registry.whitewater.ibm.com;
        ssl                  on;
        ssl_certificate      /etc/nginx/wildcard.pem;
        ssl_certificate_key  /etc/nginx/wildcard.pem;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
        location / {
            proxy_pass       http://registry;
            proxy_pass_request_headers on;
        }
    }
    # npm Enterprise on HTTPS.
    server {
        listen       4443;
        server_name  npm.whitewater.ibm.com;
        ssl                  on;
        ssl_certificate      /etc/nginx/wildcard.pem;
        ssl_certificate_key  /etc/nginx/wildcard.pem;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
        location / {
            proxy_pass       http://registry;
              proxy_pass_request_headers on;
        }
    }
    # npm Enterprise on HTTP.
    server {
        listen      80;
        server_name npm.whitewater.ibm.com;
        rewrite     ^ https://$server_name$request_uri? permanent;
    }
}
	user root;
	worker_processes 1;
	pid /var/run/nginx.pid;
	worker_rlimit_nofile 30000;
	events {
	# After increasing this value You probably should increase limit
	# of file descriptors (for example in start_precmd in startup script)
	worker_connections 4096;
	}
	http {
	upstream website {
	server 127.0.0.1:8081;
	}
	upstream registry {
	# 8080 direct 6081 varnish
	server 127.0.0.1:6081;
	}
	client_max_body_size 200M;
	include /etc/nginx/mime.types;
	default_type application/octet-stream;
	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';
	access_log /var/log/nginx/access.log main;
	sendfile on;
	keepalive_timeout 65;
	# npm Enterprise on HTTPS.
	server {
	listen 443;
	server_name npm.whitewater.ibm.com;
	ssl on;
	ssl_certificate /etc/nginx/wildcard.pem;
	ssl_certificate_key /etc/nginx/wildcard.pem;
	ssl_session_timeout 5m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
	location / {
	proxy_pass http://website;
	proxy_pass_request_headers on;
	}
	}
	server {
	listen 443;
	server_name npm-registry.whitewater.ibm.com;
	ssl on;
	ssl_certificate /etc/nginx/wildcard.pem;
	ssl_certificate_key /etc/nginx/wildcard.pem;
	ssl_session_timeout 5m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
	location / {
	proxy_pass http://registry;
	proxy_pass_request_headers on;
	}
	}
	# npm Enterprise on HTTPS.
	server {
	listen 4443;
	server_name npm.whitewater.ibm.com;
	ssl on;
	ssl_certificate /etc/nginx/wildcard.pem;
	ssl_certificate_key /etc/nginx/wildcard.pem;
	ssl_session_timeout 5m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
	location / {
	proxy_pass http://registry;
	proxy_pass_request_headers on;
	}
	}
	# npm Enterprise on HTTP.
	server {
	listen 80;
	server_name npm.whitewater.ibm.com;
	rewrite ^ https://$server_name$request_uri? permanent;
	}
	}