Skip to content

Instantly share code, notes, and snippets.

@haigopi
Created January 30, 2022 18:21
Show Gist options
  • Save haigopi/060490cc54735ad4bc547cb1a0b08bc7 to your computer and use it in GitHub Desktop.
Save haigopi/060490cc54735ad4bc547cb1a0b08bc7 to your computer and use it in GitHub Desktop.
user nginx nginx;
worker_processes 2;
error_log stderr warn;
events { worker_connections 4096; }
http {
include /etc/nginx/mime.types;
server_tokens off;
client_max_body_size 32m;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
add_header 'Access-Control-Allow-Origin' '';
upstream gw_server {
server gateway:8080;
keepalive 128;
}
upstream auth_server {
server keycloak:9080;
keepalive 128;
}
upstream registry_server {
server jhipster-registry:8761;
keepalive 128;
}
upstream kibana_server {
server kibana:5601;
keepalive 128;
}
upstream prometheus_server {
server prometheus:9090;
keepalive 128;
}
upstream grafana_server {
server grafana:3000;
keepalive 128;
}
server {
listen 80;
listen [::]:80;
server_name *.mydomain.com;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}
server {
server_name gateway.mydomain.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/letsencrypt/;
}
location / {
proxy_pass http://gw_server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
# 86400 seconds (24 hours) is the maximum a server is allowed.
proxy_send_timeout 86400s;
proxy_read_timeout 86400s;
}
}
server {
server_name auth.mydomain.com;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/letsencrypt/;
}
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location / {
proxy_pass http://auth_server/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Forwarded-Proto $scheme;
add_header X-Frame-Options "";
}
location /auth/ {
proxy_pass http://auth_server/auth/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
server_name registry.mydomain.com;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/letsencrypt/;
}
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location / {
proxy_pass http://registry_server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
# 86400 seconds (24 hours) is the maximum a server is allowed.
proxy_send_timeout 86400s;
proxy_read_timeout 86400s;
}
}
server {
server_name kibana.mydomain.com;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/letsencrypt/;
}
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location / {
proxy_pass http://kibana_server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_send_timeout 86400s;
proxy_read_timeout 86400s;
}
}
server {
server_name grafana.mydomain.com;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/letsencrypt/;
}
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location / {
proxy_pass http://grafana_server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_send_timeout 86400s;
proxy_read_timeout 86400s;
}
}
server {
server_name prometheus.mydomain.com;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/letsencrypt/;
}
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location / {
proxy_pass http://prometheus_server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_send_timeout 86400s;
proxy_read_timeout 86400s;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment