Last active
May 22, 2016 17:34
-
-
Save jkirkby91/e6de5882f0e6df8e42adf1fb6f8e78b6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Site-enabled config for a nginx ssl reverse proxy & loadbalancer | |
# runs with nginx-naxsi secruity rules | |
# runs with ddos mitigation | |
# Greeat for balancing docker containers | |
upstream dockerswarm { | |
server 192.168.0.47:8080 weight=1 max_fails=3 fail_timeout=15s; | |
server 192.168.0.47:8080 weight=2; | |
keepalive 32; | |
} | |
limit_req_status 444; | |
limit_conn_zone $binary_remote_addr zone=addr:10m; | |
limit_req_zone $binary_remote_addr zone=one:10m rate=2r/s; | |
server { | |
listen 192.168.33.10; | |
server_name demo-site.docker; | |
ssl off; | |
client_body_timeout 5s; | |
client_header_timeout 5s; | |
error_log /var/log/nginx/error.log; | |
access_log /var/log/nginx/access.log combined; | |
location / { | |
limit_conn addr 10; | |
limit_req zone=one burst=75 nodelay; | |
proxy_bind 192.168.0.49; | |
include /etc/nginx/naxsi.rules; | |
proxy_pass http://dockerswarm; | |
proxy_buffering on; | |
proxy_buffers 256 16k; | |
proxy_buffer_size 128k; | |
proxy_read_timeout 300; | |
proxy_intercept_errors on; | |
proxy_max_temp_file_size 0; | |
proxy_busy_buffers_size 256k; | |
proxy_temp_file_write_size 256k; | |
client_max_body_size 100M; | |
client_body_buffer_size 1m; | |
proxy_set_header Host $host; | |
proxy_set_header Accept-Encoding ""; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment