nathansamson/nginx.conf

## gistfile1.txt
    cat << EOF > "$CERT_PATH/$(basename $etcd_path).cert"
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIRANJNHV5VKfWUAwkGtZV5Nf4wDQYJKoZIhvcNAQELBQAw

...

    cat << EOF > "$KEY_PATH/$(basename $etcd_path).key"
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDhvvHOREjOUrGJ

....
    cat << EOF > "$CERT_PATH/$(basename $etcd_path).cert"
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgIRAKPBuOFFqvUBFuj8GdWlx7owDQYJKoZIhvcNAQELBQAw
gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO

...

    cat << EOF > "$KEY_PATH/$(basename $etcd_path).key"
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDTXASeH1LVMFhd

...

## nginx.conf
# required to run in a container
daemon off;

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http {
    # basic settings
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;

    types_hash_max_size 2048;
    server_names_hash_max_size 512;
    server_names_hash_bucket_size 64;

    include /opt/nginx/conf/mime.types;
    default_type application/octet-stream;

    gzip on;
    gzip_comp_level 5;
    gzip_disable "msie6";
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;
    gzip_proxied any;
    gzip_vary on;


    client_max_body_size 15M;

    log_format upstreaminfo '[$time_local] - $remote_addr - $remote_user - $status - "$request" - $bytes_sent - "$http_referer" - "$http_user_agent" - "$server_name" - $upstream_addr - $http_host - $upstream_response_time - $request_time';

    # send logs to STDOUT so they can be seen using 'docker logs'
    access_log /opt/nginx/logs/access.log upstreaminfo;
    error_log  /opt/nginx/logs/error.log;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    # trust http_x_forwarded_proto headers correctly indicate ssl offloading
    map $http_x_forwarded_proto $access_scheme {
      default $http_x_forwarded_proto;
      ''      $scheme;
    }


    ## start deis-controller

    upstream deis-controller {
        server 10.133.214.158:8000;
    }


    server {
        server_name ~^deis\.(?<domain>.+)$;
        include deis.conf;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_redirect              off;
            proxy_connect_timeout       10s;
            proxy_send_timeout          20m;
            proxy_read_timeout          20m;

            proxy_pass                  http://deis-controller;
        }


    }
    ## end deis-controller

    ## start deis-store-gateway

    upstream deis-store-gateway {
        server 10.133.214.158:8888;
    }


    server {
        server_name ~^deis-store\.(?<domain>.+)$;
        include deis.conf;

        client_max_body_size            0;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_redirect              off;
            proxy_connect_timeout       10s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;

            proxy_pass                  http://deis-store-gateway;
        }

    }
    ## end deis-store-gateway

    ## start service definitions for each application


    upstream beepleapp-production {

        server 10.133.213.117:49153;
        server 10.133.213.117:49155;

    }


    ## server entries for custom domains

    server {
        server_name redacted;
        server_name_in_redirect off;
        port_in_redirect off;
        listen 80;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://beepleapp-production;
        }


    }

    server {
        server_name blits.beeple.eu;
        server_name_in_redirect off;
        port_in_redirect off;
        listen 80;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://beepleapp-production;
        }


    }

    server {
        server_name care.beeple.eu;
        server_name_in_redirect off;
        port_in_redirect off;
        listen 80;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://beepleapp-production;
        }


    }

    server {
        server_name crammerock.beeple.eu;
        server_name_in_redirect off;
        port_in_redirect off;
        listen 80;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://beepleapp-production;
        }


    }

    server {
        server_name crew.redacted;
        server_name_in_redirect off;
        port_in_redirect off;
        listen 80;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://beepleapp-production;
        }


    }

    server {
        server_name www.radarwerk.be;
        server_name_in_redirect off;
        port_in_redirect off;
        listen 80;


        listen 443 ssl spdy;
        ssl_certificate /etc/ssl/deis/certs/www.radarwerk.be.cert;
        ssl_certificate_key /etc/ssl/deis/keys/www.radarwerk.be.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://beepleapp-production;
        }


    }

    ## end entries for custom domains

    server {
        server_name ~^beepleapp-production\.(?<domain>.+)$;
        include deis.conf;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://beepleapp-production;
        }


    }

    upstream beepleapp-staging {

        server 10.133.184.240:49153;
        server 10.133.214.157:49154;

    }


    ## server entries for custom domains

    server {
        server_name demo.beeple.eu;
        server_name_in_redirect off;
        port_in_redirect off;
        listen 80;


        listen 443 ssl spdy;
        ssl_certificate /etc/ssl/deis/certs/demo.beeple.eu.cert;
        ssl_certificate_key /etc/ssl/deis/keys/demo.beeple.eu.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://beepleapp-staging;
        }


    }

    server {
        server_name staging.radarwerk.be;
        server_name_in_redirect off;
        port_in_redirect off;
        listen 80;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://beepleapp-staging;
        }


    }

    ## end entries for custom domains

    server {
        server_name ~^beepleapp-staging\.(?<domain>.+)$;
        include deis.conf;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://beepleapp-staging;
        }


    }

    upstream beepleweb-production {

        server 10.133.184.240:49154;
        server 10.133.184.240:49155;

    }


    ## server entries for custom domains

    server {
        server_name www.beeple.eu;
        server_name_in_redirect off;
        port_in_redirect off;
        listen 80;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://beepleweb-production;
        }


    }

    ## end entries for custom domains

    server {
        server_name ~^beepleweb-production\.(?<domain>.+)$;
        include deis.conf;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://beepleweb-production;
        }


    }

    upstream nakama-production {

        server 10.133.214.158:49153;
        server 10.133.239.109:49153;

    }


    ## server entries for custom domains

    server {
        server_name www.nakama-productions.be;
        server_name_in_redirect off;
        port_in_redirect off;
        listen 80;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://nakama-production;
        }


    }

    ## end entries for custom domains

    server {
        server_name ~^nakama-production\.(?<domain>.+)$;
        include deis.conf;


        location / {

            proxy_buffering             off;
            proxy_set_header            Host $host;
            set $access_ssl 'off';
            set $access_port '80';
            if ($access_scheme ~ https) {
                set $access_ssl 'on';
                set $access_port '443';
            }
            proxy_set_header            X-Forwarded-Port  $access_port;
            proxy_set_header            X-Forwarded-Proto $access_scheme;
            proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header            X-Forwarded-Ssl   $access_ssl;
            proxy_redirect              off;
            proxy_connect_timeout       30s;
            proxy_send_timeout          1200s;
            proxy_read_timeout          1200s;
            proxy_http_version          1.1;
            proxy_set_header            Upgrade           $http_upgrade;
            proxy_set_header            Connection        $connection_upgrade;

            proxy_next_upstream         error timeout http_502 http_503 http_504;


            proxy_pass                  http://nakama-production;
        }


    }


    ## server entries for custom domains

    ## end entries for custom domains

    server {
        server_name ~^radarwerkcallcenter-production\.(?<domain>.+)$;
        include deis.conf;


        location / {
            return 503;
        }


    }

    ## end service definitions for each application

    # healthcheck
    server {
        listen 80 default_server;
        location /health-check {
            default_type 'text/plain';
            access_log off;
            return 200;
        }
        location /router-nginx-status {
            stub_status on;
        }
    }
}

## start builder

tcp {
    access_log /opt/nginx/logs/git.log;
    tcp_nodelay on;
    timeout 1200000;

    # same directive names, but these are in miliseconds...
    proxy_connect_timeout       10000;
    proxy_send_timeout          1200000;
    proxy_read_timeout          1200000;

    upstream builder {
        server 10.133.214.158:2223;
    }

    server {
        listen 2222;
        proxy_pass builder;
    }
}
## end builder
	cat << EOF > "$CERT_PATH/$(basename $etcd_path).cert"
	-----BEGIN CERTIFICATE-----
	MIIFTzCCBDegAwIBAgIRANJNHV5VKfWUAwkGtZV5Nf4wDQYJKoZIhvcNAQELBQAw

	...

	cat << EOF > "$KEY_PATH/$(basename $etcd_path).key"
	-----BEGIN PRIVATE KEY-----
	MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDhvvHOREjOUrGJ

	....
	cat << EOF > "$CERT_PATH/$(basename $etcd_path).cert"
	-----BEGIN CERTIFICATE-----
	MIIFTTCCBDWgAwIBAgIRAKPBuOFFqvUBFuj8GdWlx7owDQYJKoZIhvcNAQELBQAw
	gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO

	...

	cat << EOF > "$KEY_PATH/$(basename $etcd_path).key"
	-----BEGIN PRIVATE KEY-----
	MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDTXASeH1LVMFhd

	...
	# required to run in a container
	daemon off;

	user www-data;
	worker_processes auto;
	pid /run/nginx.pid;

	events {
	worker_connections 768;
	# multi_accept on;
	}

	http {
	# basic settings
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;

	types_hash_max_size 2048;
	server_names_hash_max_size 512;
	server_names_hash_bucket_size 64;

	include /opt/nginx/conf/mime.types;
	default_type application/octet-stream;

	gzip on;
	gzip_comp_level 5;
	gzip_disable "msie6";
	gzip_http_version 1.1;
	gzip_min_length 256;
	gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;
	gzip_proxied any;
	gzip_vary on;





	client_max_body_size 15M;

	log_format upstreaminfo '[$time_local] - $remote_addr - $remote_user - $status - "$request" - $bytes_sent - "$http_referer" - "$http_user_agent" - "$server_name" - $upstream_addr - $http_host - $upstream_response_time - $request_time';

	# send logs to STDOUT so they can be seen using 'docker logs'
	access_log /opt/nginx/logs/access.log upstreaminfo;
	error_log /opt/nginx/logs/error.log;

	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	# trust http_x_forwarded_proto headers correctly indicate ssl offloading
	map $http_x_forwarded_proto $access_scheme {
	default $http_x_forwarded_proto;
	'' $scheme;
	}



	## start deis-controller

	upstream deis-controller {
	server 10.133.214.158:8000;
	}


	server {
	server_name ~^deis\.(?<domain>.+)$;
	include deis.conf;


	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_redirect off;
	proxy_connect_timeout 10s;
	proxy_send_timeout 20m;
	proxy_read_timeout 20m;

	proxy_pass http://deis-controller;
	}





	}
	## end deis-controller

	## start deis-store-gateway

	upstream deis-store-gateway {
	server 10.133.214.158:8888;
	}


	server {
	server_name ~^deis-store\.(?<domain>.+)$;
	include deis.conf;

	client_max_body_size 0;


	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_redirect off;
	proxy_connect_timeout 10s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;

	proxy_pass http://deis-store-gateway;
	}

	}
	## end deis-store-gateway

	## start service definitions for each application




	upstream beepleapp-production {

	server 10.133.213.117:49153;
	server 10.133.213.117:49155;

	}


	## server entries for custom domains

	server {
	server_name redacted;
	server_name_in_redirect off;
	port_in_redirect off;
	listen 80;






	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://beepleapp-production;
	}



	}

	server {
	server_name blits.beeple.eu;
	server_name_in_redirect off;
	port_in_redirect off;
	listen 80;






	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://beepleapp-production;
	}



	}

	server {
	server_name care.beeple.eu;
	server_name_in_redirect off;
	port_in_redirect off;
	listen 80;






	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://beepleapp-production;
	}



	}

	server {
	server_name crammerock.beeple.eu;
	server_name_in_redirect off;
	port_in_redirect off;
	listen 80;






	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://beepleapp-production;
	}



	}

	server {
	server_name crew.redacted;
	server_name_in_redirect off;
	port_in_redirect off;
	listen 80;






	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://beepleapp-production;
	}



	}

	server {
	server_name www.radarwerk.be;
	server_name_in_redirect off;
	port_in_redirect off;
	listen 80;




	listen 443 ssl spdy;
	ssl_certificate /etc/ssl/deis/certs/www.radarwerk.be.cert;
	ssl_certificate_key /etc/ssl/deis/keys/www.radarwerk.be.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;



	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://beepleapp-production;
	}



	}

	## end entries for custom domains

	server {
	server_name ~^beepleapp-production\.(?<domain>.+)$;
	include deis.conf;


	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://beepleapp-production;
	}


	}

	upstream beepleapp-staging {

	server 10.133.184.240:49153;
	server 10.133.214.157:49154;

	}


	## server entries for custom domains

	server {
	server_name demo.beeple.eu;
	server_name_in_redirect off;
	port_in_redirect off;
	listen 80;




	listen 443 ssl spdy;
	ssl_certificate /etc/ssl/deis/certs/demo.beeple.eu.cert;
	ssl_certificate_key /etc/ssl/deis/keys/demo.beeple.eu.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;



	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://beepleapp-staging;
	}



	}

	server {
	server_name staging.radarwerk.be;
	server_name_in_redirect off;
	port_in_redirect off;
	listen 80;






	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://beepleapp-staging;
	}



	}

	## end entries for custom domains

	server {
	server_name ~^beepleapp-staging\.(?<domain>.+)$;
	include deis.conf;


	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://beepleapp-staging;
	}


	}

	upstream beepleweb-production {

	server 10.133.184.240:49154;
	server 10.133.184.240:49155;

	}


	## server entries for custom domains

	server {
	server_name www.beeple.eu;
	server_name_in_redirect off;
	port_in_redirect off;
	listen 80;






	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://beepleweb-production;
	}



	}

	## end entries for custom domains

	server {
	server_name ~^beepleweb-production\.(?<domain>.+)$;
	include deis.conf;


	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://beepleweb-production;
	}


	}

	upstream nakama-production {

	server 10.133.214.158:49153;
	server 10.133.239.109:49153;

	}


	## server entries for custom domains

	server {
	server_name www.nakama-productions.be;
	server_name_in_redirect off;
	port_in_redirect off;
	listen 80;






	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://nakama-production;
	}



	}

	## end entries for custom domains

	server {
	server_name ~^nakama-production\.(?<domain>.+)$;
	include deis.conf;


	location / {

	proxy_buffering off;
	proxy_set_header Host $host;
	set $access_ssl 'off';
	set $access_port '80';
	if ($access_scheme ~ https) {
	set $access_ssl 'on';
	set $access_port '443';
	}
	proxy_set_header X-Forwarded-Port $access_port;
	proxy_set_header X-Forwarded-Proto $access_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Ssl $access_ssl;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_send_timeout 1200s;
	proxy_read_timeout 1200s;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	proxy_next_upstream error timeout http_502 http_503 http_504;



	proxy_pass http://nakama-production;
	}


	}


	## server entries for custom domains

	## end entries for custom domains

	server {
	server_name ~^radarwerkcallcenter-production\.(?<domain>.+)$;
	include deis.conf;


	location / {
	return 503;
	}


	}

	## end service definitions for each application

	# healthcheck
	server {
	listen 80 default_server;
	location /health-check {
	default_type 'text/plain';
	access_log off;
	return 200;
	}
	location /router-nginx-status {
	stub_status on;
	}
	}
	}

	## start builder

	tcp {
	access_log /opt/nginx/logs/git.log;
	tcp_nodelay on;
	timeout 1200000;

	# same directive names, but these are in miliseconds...
	proxy_connect_timeout 10000;
	proxy_send_timeout 1200000;
	proxy_read_timeout 1200000;

	upstream builder {
	server 10.133.214.158:2223;
	}

	server {
	listen 2222;
	proxy_pass builder;
	}
	}
	## end builder