ericandrewlewis/nginx-application-router.conf

## nginx-application-router.conf
# Borrowed some configuration from
# https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf

# Default: nobody nobody
user  nginx;

# Sets the worker threads to the number of CPU cores available in the system for best performance.
# Should be > the number of CPU cores.
# Maximum number of connections = worker_processes * worker_connections
# Default: 1
worker_processes auto;

# Log errors and warnings to standard output
# This is only used when you don't override it on a server{} level
# Default: logs/error.log error
error_log /dev/stdout info;

# The file storing the process ID of the main process
# Default: nginx.pid
pid /var/run/nginx.pid;

events {
  # If you need more connections than this, you start optimizing your OS.
  # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests.
  # Should be < worker_rlimit_nofile.
  # Default: 512
  worker_connections 8000;
}

http {
    # Hide nginx version information.
    # Default: on
    server_tokens off;

    # Specify MIME types for files.
    include       /etc/nginx/mime.types;

    # Default: text/plain
    default_type  application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';


    # Log access.
    # This is only used when you don't override it on a server{} level
    # Default: logs/access.log combined
    access_log /var/log/nginx/access.log main;
    error_log /var/log/nginx/error.log warn;

    # Speed up file transfers by using sendfile() to copy directly
    # between descriptors rather than using read()/write().
    # For performance reasons, on FreeBSD systems w/ ZFS
    # this option should be disabled as ZFS's ARC caches
    # frequently used files in RAM by default.
    # Default: off
    sendfile        on;

    # How long to allow each connection to stay idle.
    # Longer values are better for each individual client, particularly for SSL,
    # but means that worker connections are tied up longer.
    # Default: 75s
    keepalive_timeout 20s;

    # Enable gzip compression.
    # Default: off
    gzip on;

    # Compression level (1-9).
    # 5 is a perfect compromise between size and CPU usage, offering about
    # 75% reduction for most ASCII files (almost identical to level 9).
    # Default: 1
    gzip_comp_level    5;

    # Don't compress anything that's already small and unlikely to shrink much
    # if at all (the default is 20 bytes, which is bad as that usually leads to
    # larger files after gzipping).
    # Default: 20
    gzip_min_length    256;

    # Compress data even for clients that are connecting to us via proxies,
    # identified by the "Via" header (required for CloudFront).
    # Default: off
    gzip_proxied       any;

    # Tell proxies to cache both the gzipped and regular version of a resource
    # whenever the client's Accept-Encoding capabilities header varies;
    # Avoids the issue where a non-gzip capable client (which is extremely rare
    # today) would display gibberish if their proxy gave them the gzipped version.
    # Default: off
    gzip_vary          on;

    # Improve HTTPS performance with session resumption
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;

    ssl_certificate      /etc/letsencrypt/live/curious-directory.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/curious-directory.com/privkey.pem;

    # Enable server-side protection against BEAST attacks
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    # Disable SSLv3
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    # Redirect all HTTP traffic to HTTPS
    server {
        listen 80;
        server_name www.curious-directory.com curious-directory.com;
        return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl;
        server_name  app1.curious-directory.com;

        location / {
            proxy_pass http://192.168.1.100:8000;
        }
    }

    server {
        listen 443 ssl;
        server_name  app2.curious-directory.com;

        location / {
            proxy_pass http://192.168.1.100:8001;
        }
    }
}
	# Borrowed some configuration from
	# https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf

	# Default: nobody nobody
	user nginx;

	# Sets the worker threads to the number of CPU cores available in the system for best performance.
	# Should be > the number of CPU cores.
	# Maximum number of connections = worker_processes * worker_connections
	# Default: 1
	worker_processes auto;

	# Log errors and warnings to standard output
	# This is only used when you don't override it on a server{} level
	# Default: logs/error.log error
	error_log /dev/stdout info;

	# The file storing the process ID of the main process
	# Default: nginx.pid
	pid /var/run/nginx.pid;

	events {
	# If you need more connections than this, you start optimizing your OS.
	# That's probably the point at which you hire people who are smarter than you as this is a lot of requests.
	# Should be < worker_rlimit_nofile.
	# Default: 512
	worker_connections 8000;
	}

	http {
	# Hide nginx version information.
	# Default: on
	server_tokens off;

	# Specify MIME types for files.
	include /etc/nginx/mime.types;

	# Default: text/plain
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';


	# Log access.
	# This is only used when you don't override it on a server{} level
	# Default: logs/access.log combined
	access_log /var/log/nginx/access.log main;
	error_log /var/log/nginx/error.log warn;

	# Speed up file transfers by using sendfile() to copy directly
	# between descriptors rather than using read()/write().
	# For performance reasons, on FreeBSD systems w/ ZFS
	# this option should be disabled as ZFS's ARC caches
	# frequently used files in RAM by default.
	# Default: off
	sendfile on;

	# How long to allow each connection to stay idle.
	# Longer values are better for each individual client, particularly for SSL,
	# but means that worker connections are tied up longer.
	# Default: 75s
	keepalive_timeout 20s;

	# Enable gzip compression.
	# Default: off
	gzip on;

	# Compression level (1-9).
	# 5 is a perfect compromise between size and CPU usage, offering about
	# 75% reduction for most ASCII files (almost identical to level 9).
	# Default: 1
	gzip_comp_level 5;

	# Don't compress anything that's already small and unlikely to shrink much
	# if at all (the default is 20 bytes, which is bad as that usually leads to
	# larger files after gzipping).
	# Default: 20
	gzip_min_length 256;

	# Compress data even for clients that are connecting to us via proxies,
	# identified by the "Via" header (required for CloudFront).
	# Default: off
	gzip_proxied any;

	# Tell proxies to cache both the gzipped and regular version of a resource
	# whenever the client's Accept-Encoding capabilities header varies;
	# Avoids the issue where a non-gzip capable client (which is extremely rare
	# today) would display gibberish if their proxy gave them the gzipped version.
	# Default: off
	gzip_vary on;

	# Improve HTTPS performance with session resumption
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;

	ssl_certificate /etc/letsencrypt/live/curious-directory.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/curious-directory.com/privkey.pem;

	# Enable server-side protection against BEAST attacks
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

	# Disable SSLv3
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	# Redirect all HTTP traffic to HTTPS
	server {
	listen 80;
	server_name www.curious-directory.com curious-directory.com;
	return 301 https://$host$request_uri;
	}

	server {
	listen 443 ssl;
	server_name app1.curious-directory.com;

	location / {
	proxy_pass http://192.168.1.100:8000;
	}
	}

	server {
	listen 443 ssl;
	server_name app2.curious-directory.com;

	location / {
	proxy_pass http://192.168.1.100:8001;
	}
	}
	}