Created
May 17, 2013 14:36
-
-
Save jlamoree/5599449 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream webapp { | |
server 192.168.104.1:8080 fail_timeout=5; | |
server 192.168.104.1:8081 fail_timeout=5 backup; | |
keepalive 10; | |
} | |
proxy_temp_path /tmp/nginx/temp; | |
proxy_cache_path /tmp/nginx/cache keys_zone=CACHE:10m levels=1:2 inactive=1h max_size=100m; | |
log_format log_access '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'; | |
log_format log_upstream '$remote_addr [$time_local] "$uri" $upstream_addr $upstream_status $upstream_cache_status $upstream_response_time'; | |
server { | |
listen 80 default_server; | |
listen 443 ssl; | |
server_name _; | |
set $webapp_hostname nginx.automatonapp.com; | |
set $ua $http_user_agent; | |
ssl_certificate ../common/ssl/server.crt; | |
ssl_certificate_key ../common/ssl/server.key; | |
ssl_protocols SSLv3 TLSv1.1 TLSv1.2; | |
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!DH:!EDH; | |
ssl_prefer_server_ciphers on; | |
ssl_session_cache shared:SSL:10m; | |
access_log logs/automatonapp.com_access.log log_access; | |
access_log logs/automatonapp.com_upstream.log log_upstream; | |
error_log logs/automatonapp.com_error.log notice; | |
rewrite_log on; | |
error_page 500 502 503 504 /50x.html; | |
error_page 400 403 404 /40x.html; | |
proxy_intercept_errors on; | |
proxy_headers_hash_bucket_size 128; | |
proxy_headers_hash_max_size 2048; | |
proxy_buffers 8 32k; | |
proxy_buffer_size 32k; | |
location = / { | |
rewrite ^ /public/index.cfm last; | |
} | |
location = /nginx-status { | |
stub_status on; | |
access_log off; | |
allow 192.168.104.0/24; | |
allow 127.0.0.1; | |
deny all; | |
} | |
location = /service-check { | |
set $ua "ServiceCheckAgent (nginx)"; | |
rewrite ^ /public/index.cfm last; | |
} | |
location = /50x.html { | |
rewrite ^ /50x.html?uri=$request_uri&err=$upstream_status break; | |
root ../common/html; | |
} | |
location = /40x.html { | |
rewrite ^ /40x.html?uri=$request_uri&err=$upstream_status break; | |
root ../common/html; | |
} | |
location = /favicon.ico { | |
expires 1y; | |
proxy_pass http://webapp; | |
} | |
location ~ ^/(css|images|js|fonts)/ { | |
expires 24h; | |
proxy_pass http://webapp; | |
proxy_cache CACHE; | |
proxy_cache_valid any 10m; | |
proxy_ignore_headers Set-Cookie; | |
proxy_cache_key "$host$request_uri"; | |
} | |
location ~* ^/(railo-context|doc|mxunit|tests?)/ { | |
rewrite /(.*) /private/$1 last; | |
} | |
location = /index.cfm { | |
rewrite ^ /public/index.cfm last; | |
} | |
# Catch all | |
location / { | |
rewrite /(.*) /public/index.cfm/$1 last; | |
} | |
# Restricted access | |
location /private { | |
internal; | |
allow 192.168.0.0/16; | |
deny all; | |
rewrite ^/private/(.*)$ /$1 break; | |
proxy_pass http://webapp; | |
proxy_redirect / /; | |
} | |
location /public { | |
internal; | |
rewrite ^/public/(.*)$ /$1 break; | |
proxy_http_version 1.1; | |
proxy_set_header Connection ""; | |
proxy_pass http://webapp; | |
proxy_redirect http://$webapp_hostname/ $scheme://$webapp_hostname/; | |
proxy_set_header Host $webapp_hostname; | |
proxy_set_header User-Agent $ua; | |
proxy_set_header X-NGINX-Host $host; | |
proxy_set_header X-NGINX-Server-IP $server_addr; | |
proxy_set_header X-NGINX-Server-Port $server_port; | |
proxy_set_header X-NGINX-Server-Scheme $scheme; | |
proxy_set_header X-NGINX-Client-IP $remote_addr; | |
proxy_connect_timeout 15; | |
proxy_read_timeout 1800; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment