Skip to content

Instantly share code, notes, and snippets.

@haigopi
Created January 30, 2022 18:37
Show Gist options
  • Save haigopi/21d814166c212f94a1696cefc13b6d29 to your computer and use it in GitHub Desktop.
Save haigopi/21d814166c212f94a1696cefc13b6d29 to your computer and use it in GitHub Desktop.
user nginx nginx;
worker_processes 2;
error_log stderr warn;
events { worker_connections 4096; }
http {
include /etc/nginx/mime.types;
server_tokens off;
client_max_body_size 32m;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
add_header 'Access-Control-Allow-Origin' '';
upstream gw_server {
server gateway:8080;
keepalive 128;
}
upstream auth_server {
server keycloak:9080;
keepalive 128;
}
upstream registry_server {
server jhipster-registry:8761;
keepalive 128;
}
upstream kibana_server {
server kibana:5601;
keepalive 128;
}
upstream prometheus_server {
server prometheus:9090;
keepalive 128;
}
upstream grafana_server {
server grafana:3000;
keepalive 128;
}
server {
listen 80;
listen [::]:80;
server_name *.mydomain.com;
}
server {
server_name gateway.mydomain.com;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/letsencrypt/;
}
location / {
proxy_pass http://gw_server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
# 86400 seconds (24 hours) is the maximum a server is allowed.
proxy_send_timeout 86400s;
proxy_read_timeout 86400s;
}
}
server {
server_name auth.mydomain.com;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/letsencrypt/;
}
location / {
proxy_pass http://auth_server/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Forwarded-Proto $scheme;
add_header X-Frame-Options "";
}
location /auth/ {
proxy_pass http://auth_server/auth/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
server_name registry.mydomain.com;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/letsencrypt/;
}
location / {
proxy_pass http://registry_server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
# 86400 seconds (24 hours) is the maximum a server is allowed.
proxy_send_timeout 86400s;
proxy_read_timeout 86400s;
}
}
server {
server_name kibana.mydomain.com;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/letsencrypt/;
}
location / {
proxy_pass http://kibana_server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_send_timeout 86400s;
proxy_read_timeout 86400s;
}
}
server {
server_name grafana.mydomain.com;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/letsencrypt/;
}
location / {
proxy_pass http://grafana_server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_send_timeout 86400s;
proxy_read_timeout 86400s;
}
}
server {
server_name prometheus.mydomain.com;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/letsencrypt/;
}
location / {
proxy_pass http://prometheus_server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_send_timeout 86400s;
proxy_read_timeout 86400s;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment