Created
April 2, 2015 20:07
-
-
Save bha123/12542ba6aca81d62952b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user vcap; | |
worker_processes 2; | |
daemon off; | |
error_log /var/vcap/sys/log/director/error.log; | |
pid /var/vcap/sys/run/director/nginx.pid; | |
events { | |
worker_connections 8192; | |
} | |
http { | |
include /var/vcap/jobs/director/config/mime.types; | |
default_type text/html; | |
log_format timed_combined '$remote_addr - $remote_user [$time_local] ' | |
'"$request" $status $body_bytes_sent ' | |
'"$http_referer" "$http_user_agent" ' | |
'$request_time $upstream_response_time $pipe'; | |
access_log /var/vcap/sys/log/director/access.log timed_combined; | |
server_tokens off; | |
sendfile off; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 7200; | |
client_max_body_size 10000m; | |
upstream director { | |
server 127.0.0.1:25556; | |
} | |
server { | |
listen 25555; | |
ssl on; | |
ssl_certificate /var/vcap/store/director/nginx/director.pem; | |
ssl_certificate_key /var/vcap/store/director/nginx/director.key; | |
ssl_session_timeout 7200; | |
ssl_prefer_server_ciphers On; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_read_timeout 900; | |
proxy_max_temp_file_size 0; | |
location / { | |
proxy_pass http://director; | |
if ($content_type = "application/x-compressed") { | |
more_set_input_headers "Content-Disposition: attachment"; | |
# Pass altered request body to this location | |
upload_pass @director_upload; | |
upload_resumable on; | |
# Store files to this directory | |
upload_store /var/vcap/data/tmp/director/; | |
# Allow uploaded files to be read only by user | |
upload_store_access user:r; | |
# Set specified fields in request body | |
upload_set_form_field "nginx_upload_path" $upload_tmp_path; | |
# On any error, delete uploaded files. | |
upload_cleanup 400-505; | |
} | |
} | |
location @director_upload { | |
proxy_pass http://director; | |
} | |
} | |
gzip on; | |
gzip_min_length 1250; | |
gzip_buffers 16 8k; | |
gzip_comp_level 2; | |
gzip_proxied any; | |
gzip_types text/plain text/css application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; | |
gzip_vary on; | |
gzip_disable "MSIE [1-6]\.(?!.*SV1)"; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment