kmjones1979/nginx.conf

## nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  'remote_addr="$remote_addr", remote_user="$remote_user" [time_local=$time_local] request="$request" '
                      'status="$status", body_bytes_sent="$body_bytes_sent", http_referer="$http_referer" '
                      'http_user_agent="$http_user_agent", http_x_forwarded_for="$http_x_forwarded_for" upstream_status="$upstream_status" '
                      'upstream_cache_status="$upstream_cache_status", http_range="$http_range", slice_range="$slice_range" ';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  300;

    #gzip  on;

    #include /etc/nginx/conf.d/*.conf;

    # global cache settings
    proxy_cache_bypass $cookie_nocache $arg_nocache;
    proxy_cache_use_stale updating;
    proxy_cache_revalidate on;
    proxy_cache_lock on;
    proxy_cache_methods GET HEAD;
    proxy_cache_min_uses 3;
    #proxy_cache_lock_timeout 0s;
    #proxy_cache_lock_age 200s;

    # setup map based on request method which can purge using the API
    map $request_method $purge_method {
        PURGE       $purge_allowed;
        default     0;
    }

    # use geo to allow specific subnets to access purge API
    geo $purge_allowed {
        127.0.0.0/24    1; # allow from localhost
        default         0; # deny from other
    }

    # proxy cache configuration
    proxy_cache_path /tmp/cache keys_zone=cache:10m max_size=100m inactive=60m;
    proxy_cache_key $scheme$proxy_host$request_uri;


    # upstreams
    upstream cache_pool {
        zone cache_pool 64k;

        server 192.168.0.100:443;
        server 192.168.0.101:443;

        hash $scheme$proxy_host$request_uri consistent;
    }


    #health checks
    match health {
        status 200-399;
        body ~ "Health = OK";
    }

    server {

        listen 80 default_server;
        listen [::]:80 default_server;

        server_name www.webopsx.com;
        status_zone www.webopsx.com_80;

        return 301 https://$host$request_uri;

    }

    server {

        listen 443 ssl http2;

        server_name www.webopsx.com;
        status_zone www.webopsx.com_443;

        ssl_certificate /etc/letsencrypt/live/www.webopsx.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.webopsx.com/privkey.pem;

        location / {
            proxy_set_header Host $host;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_pass https://cache_pool;

            proxy_cache_valid 200 301 302 1m;
            proxy_cache_valid 404 1m;
            proxy_cache_valid any 10s;
            proxy_cache cache;

            # cache purge API
            proxy_cache_purge $purge_method;
        }

        location ~* \.(jpg|jpeg|gif|png|tif|ico|cur|gz|svg|svgz|ogg|ogv|webm|htc) {
            proxy_set_header Host $host;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_pass https://cache_pool;

            proxy_cache_valid 200 301 302 5m;
            proxy_cache cache;

            # cache purge API
            proxy_cache_purge $purge_method;
        }

        location ~* \.(flv|mp4|mov) {
            proxy_set_header Host $host;
            proxy_set_header Range $slice_range;

            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_pass https://cache_pool;

            proxy_cache_valid 200 206 301 302 10m;
            proxy_cache cache;
            proxy_cache_key $scheme$proxy_host$request_uri$slice_range;

            # cache purge API
            proxy_cache_purge $purge_method;

            slice 5m;
        }

        location @hc-cache_pool {
            proxy_set_header Host webopsx.com;
            proxy_pass https://cache_pool;

            health_check interval=5s fails=1 passes=2 uri=/health.txt match=health;
            access_log  /var/log/nginx/health_check.log  main;
        }

        location /.well-known/acme-challenge {
            root /var/www/letsencrypt;
        }

    }

    server {
        listen 8080 ssl http2;
        server_name www.webopsx.com webopsx.com;

        ssl_certificate /etc/letsencrypt/live/www.webopsx.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.webopsx.com/privkey.pem;

        status_zone status-page;
        root /usr/share/nginx/html;
        location = /status.html { }
        location = /status-old.html { }
        location = / {
            return 301 /status.html;
        }
        location /status {
             status;
             status_format json;
             access_log off;
        }
        location /upstream_conf {
             upstream_conf;
        }
    }
}

	user nginx;
	worker_processes auto;

	error_log /var/log/nginx/error.log notice;
	pid /var/run/nginx.pid;


	events {
	worker_connections 1024;
	}


	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main 'remote_addr="$remote_addr", remote_user="$remote_user" [time_local=$time_local] request="$request" '
	'status="$status", body_bytes_sent="$body_bytes_sent", http_referer="$http_referer" '
	'http_user_agent="$http_user_agent", http_x_forwarded_for="$http_x_forwarded_for" upstream_status="$upstream_status" '
	'upstream_cache_status="$upstream_cache_status", http_range="$http_range", slice_range="$slice_range" ';

	access_log /var/log/nginx/access.log main;

	sendfile on;
	#tcp_nopush on;

	keepalive_timeout 300;

	#gzip on;

	#include /etc/nginx/conf.d/*.conf;

	# global cache settings
	proxy_cache_bypass $cookie_nocache $arg_nocache;
	proxy_cache_use_stale updating;
	proxy_cache_revalidate on;
	proxy_cache_lock on;
	proxy_cache_methods GET HEAD;
	proxy_cache_min_uses 3;
	#proxy_cache_lock_timeout 0s;
	#proxy_cache_lock_age 200s;

	# setup map based on request method which can purge using the API
	map $request_method $purge_method {
	PURGE $purge_allowed;
	default 0;
	}

	# use geo to allow specific subnets to access purge API
	geo $purge_allowed {
	127.0.0.0/24 1; # allow from localhost
	default 0; # deny from other
	}

	# proxy cache configuration
	proxy_cache_path /tmp/cache keys_zone=cache:10m max_size=100m inactive=60m;
	proxy_cache_key $scheme$proxy_host$request_uri;


	# upstreams
	upstream cache_pool {
	zone cache_pool 64k;

	server 192.168.0.100:443;
	server 192.168.0.101:443;

	hash $scheme$proxy_host$request_uri consistent;
	}


	#health checks
	match health {
	status 200-399;
	body ~ "Health = OK";
	}

	server {

	listen 80 default_server;
	listen [::]:80 default_server;

	server_name www.webopsx.com;
	status_zone www.webopsx.com_80;

	return 301 https://$host$request_uri;

	}

	server {

	listen 443 ssl http2;

	server_name www.webopsx.com;
	status_zone www.webopsx.com_443;

	ssl_certificate /etc/letsencrypt/live/www.webopsx.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/www.webopsx.com/privkey.pem;

	location / {
	proxy_set_header Host $host;
	proxy_http_version 1.1;
	proxy_set_header Connection "";
	proxy_pass https://cache_pool;

	proxy_cache_valid 200 301 302 1m;
	proxy_cache_valid 404 1m;
	proxy_cache_valid any 10s;
	proxy_cache cache;

	# cache purge API
	proxy_cache_purge $purge_method;
	}

	location ~* \.(jpg\|jpeg\|gif\|png\|tif\|ico\|cur\|gz\|svg\|svgz\|ogg\|ogv\|webm\|htc) {
	proxy_set_header Host $host;
	proxy_http_version 1.1;
	proxy_set_header Connection "";
	proxy_pass https://cache_pool;

	proxy_cache_valid 200 301 302 5m;
	proxy_cache cache;

	# cache purge API
	proxy_cache_purge $purge_method;
	}

	location ~* \.(flv\|mp4\|mov) {
	proxy_set_header Host $host;
	proxy_set_header Range $slice_range;

	proxy_http_version 1.1;
	proxy_set_header Connection "";
	proxy_pass https://cache_pool;

	proxy_cache_valid 200 206 301 302 10m;
	proxy_cache cache;
	proxy_cache_key $scheme$proxy_host$request_uri$slice_range;

	# cache purge API
	proxy_cache_purge $purge_method;

	slice 5m;
	}

	location @hc-cache_pool {
	proxy_set_header Host webopsx.com;
	proxy_pass https://cache_pool;

	health_check interval=5s fails=1 passes=2 uri=/health.txt match=health;
	access_log /var/log/nginx/health_check.log main;
	}

	location /.well-known/acme-challenge {
	root /var/www/letsencrypt;
	}

	}

	server {
	listen 8080 ssl http2;
	server_name www.webopsx.com webopsx.com;

	ssl_certificate /etc/letsencrypt/live/www.webopsx.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/www.webopsx.com/privkey.pem;

	status_zone status-page;
	root /usr/share/nginx/html;
	location = /status.html { }
	location = /status-old.html { }
	location = / {
	return 301 /status.html;
	}
	location /status {
	status;
	status_format json;
	access_log off;
	}
	location /upstream_conf {
	upstream_conf;
	}
	}
	}