Last active
August 29, 2015 14:19
-
-
Save nathansamson/ee6c209746bdababb0c1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cat << EOF > "$CERT_PATH/$(basename $etcd_path).cert" | |
-----BEGIN CERTIFICATE----- | |
MIIFTzCCBDegAwIBAgIRANJNHV5VKfWUAwkGtZV5Nf4wDQYJKoZIhvcNAQELBQAw | |
... | |
cat << EOF > "$KEY_PATH/$(basename $etcd_path).key" | |
-----BEGIN PRIVATE KEY----- | |
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDhvvHOREjOUrGJ | |
.... | |
cat << EOF > "$CERT_PATH/$(basename $etcd_path).cert" | |
-----BEGIN CERTIFICATE----- | |
MIIFTTCCBDWgAwIBAgIRAKPBuOFFqvUBFuj8GdWlx7owDQYJKoZIhvcNAQELBQAw | |
gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO | |
... | |
cat << EOF > "$KEY_PATH/$(basename $etcd_path).key" | |
-----BEGIN PRIVATE KEY----- | |
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDTXASeH1LVMFhd | |
... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# required to run in a container | |
daemon off; | |
user www-data; | |
worker_processes auto; | |
pid /run/nginx.pid; | |
events { | |
worker_connections 768; | |
# multi_accept on; | |
} | |
http { | |
# basic settings | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 65; | |
types_hash_max_size 2048; | |
server_names_hash_max_size 512; | |
server_names_hash_bucket_size 64; | |
include /opt/nginx/conf/mime.types; | |
default_type application/octet-stream; | |
gzip on; | |
gzip_comp_level 5; | |
gzip_disable "msie6"; | |
gzip_http_version 1.1; | |
gzip_min_length 256; | |
gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component; | |
gzip_proxied any; | |
gzip_vary on; | |
client_max_body_size 15M; | |
log_format upstreaminfo '[$time_local] - $remote_addr - $remote_user - $status - "$request" - $bytes_sent - "$http_referer" - "$http_user_agent" - "$server_name" - $upstream_addr - $http_host - $upstream_response_time - $request_time'; | |
# send logs to STDOUT so they can be seen using 'docker logs' | |
access_log /opt/nginx/logs/access.log upstreaminfo; | |
error_log /opt/nginx/logs/error.log; | |
map $http_upgrade $connection_upgrade { | |
default upgrade; | |
'' close; | |
} | |
# trust http_x_forwarded_proto headers correctly indicate ssl offloading | |
map $http_x_forwarded_proto $access_scheme { | |
default $http_x_forwarded_proto; | |
'' $scheme; | |
} | |
## start deis-controller | |
upstream deis-controller { | |
server 10.133.214.158:8000; | |
} | |
server { | |
server_name ~^deis\.(?<domain>.+)$; | |
include deis.conf; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_redirect off; | |
proxy_connect_timeout 10s; | |
proxy_send_timeout 20m; | |
proxy_read_timeout 20m; | |
proxy_pass http://deis-controller; | |
} | |
} | |
## end deis-controller | |
## start deis-store-gateway | |
upstream deis-store-gateway { | |
server 10.133.214.158:8888; | |
} | |
server { | |
server_name ~^deis-store\.(?<domain>.+)$; | |
include deis.conf; | |
client_max_body_size 0; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_redirect off; | |
proxy_connect_timeout 10s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_pass http://deis-store-gateway; | |
} | |
} | |
## end deis-store-gateway | |
## start service definitions for each application | |
upstream beepleapp-production { | |
server 10.133.213.117:49153; | |
server 10.133.213.117:49155; | |
} | |
## server entries for custom domains | |
server { | |
server_name redacted; | |
server_name_in_redirect off; | |
port_in_redirect off; | |
listen 80; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://beepleapp-production; | |
} | |
} | |
server { | |
server_name blits.beeple.eu; | |
server_name_in_redirect off; | |
port_in_redirect off; | |
listen 80; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://beepleapp-production; | |
} | |
} | |
server { | |
server_name care.beeple.eu; | |
server_name_in_redirect off; | |
port_in_redirect off; | |
listen 80; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://beepleapp-production; | |
} | |
} | |
server { | |
server_name crammerock.beeple.eu; | |
server_name_in_redirect off; | |
port_in_redirect off; | |
listen 80; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://beepleapp-production; | |
} | |
} | |
server { | |
server_name crew.redacted; | |
server_name_in_redirect off; | |
port_in_redirect off; | |
listen 80; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://beepleapp-production; | |
} | |
} | |
server { | |
server_name www.radarwerk.be; | |
server_name_in_redirect off; | |
port_in_redirect off; | |
listen 80; | |
listen 443 ssl spdy; | |
ssl_certificate /etc/ssl/deis/certs/www.radarwerk.be.cert; | |
ssl_certificate_key /etc/ssl/deis/keys/www.radarwerk.be.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://beepleapp-production; | |
} | |
} | |
## end entries for custom domains | |
server { | |
server_name ~^beepleapp-production\.(?<domain>.+)$; | |
include deis.conf; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://beepleapp-production; | |
} | |
} | |
upstream beepleapp-staging { | |
server 10.133.184.240:49153; | |
server 10.133.214.157:49154; | |
} | |
## server entries for custom domains | |
server { | |
server_name demo.beeple.eu; | |
server_name_in_redirect off; | |
port_in_redirect off; | |
listen 80; | |
listen 443 ssl spdy; | |
ssl_certificate /etc/ssl/deis/certs/demo.beeple.eu.cert; | |
ssl_certificate_key /etc/ssl/deis/keys/demo.beeple.eu.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://beepleapp-staging; | |
} | |
} | |
server { | |
server_name staging.radarwerk.be; | |
server_name_in_redirect off; | |
port_in_redirect off; | |
listen 80; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://beepleapp-staging; | |
} | |
} | |
## end entries for custom domains | |
server { | |
server_name ~^beepleapp-staging\.(?<domain>.+)$; | |
include deis.conf; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://beepleapp-staging; | |
} | |
} | |
upstream beepleweb-production { | |
server 10.133.184.240:49154; | |
server 10.133.184.240:49155; | |
} | |
## server entries for custom domains | |
server { | |
server_name www.beeple.eu; | |
server_name_in_redirect off; | |
port_in_redirect off; | |
listen 80; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://beepleweb-production; | |
} | |
} | |
## end entries for custom domains | |
server { | |
server_name ~^beepleweb-production\.(?<domain>.+)$; | |
include deis.conf; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://beepleweb-production; | |
} | |
} | |
upstream nakama-production { | |
server 10.133.214.158:49153; | |
server 10.133.239.109:49153; | |
} | |
## server entries for custom domains | |
server { | |
server_name www.nakama-productions.be; | |
server_name_in_redirect off; | |
port_in_redirect off; | |
listen 80; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://nakama-production; | |
} | |
} | |
## end entries for custom domains | |
server { | |
server_name ~^nakama-production\.(?<domain>.+)$; | |
include deis.conf; | |
location / { | |
proxy_buffering off; | |
proxy_set_header Host $host; | |
set $access_ssl 'off'; | |
set $access_port '80'; | |
if ($access_scheme ~ https) { | |
set $access_ssl 'on'; | |
set $access_port '443'; | |
} | |
proxy_set_header X-Forwarded-Port $access_port; | |
proxy_set_header X-Forwarded-Proto $access_scheme; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Ssl $access_ssl; | |
proxy_redirect off; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 1200s; | |
proxy_read_timeout 1200s; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
proxy_next_upstream error timeout http_502 http_503 http_504; | |
proxy_pass http://nakama-production; | |
} | |
} | |
## server entries for custom domains | |
## end entries for custom domains | |
server { | |
server_name ~^radarwerkcallcenter-production\.(?<domain>.+)$; | |
include deis.conf; | |
location / { | |
return 503; | |
} | |
} | |
## end service definitions for each application | |
# healthcheck | |
server { | |
listen 80 default_server; | |
location /health-check { | |
default_type 'text/plain'; | |
access_log off; | |
return 200; | |
} | |
location /router-nginx-status { | |
stub_status on; | |
} | |
} | |
} | |
## start builder | |
tcp { | |
access_log /opt/nginx/logs/git.log; | |
tcp_nodelay on; | |
timeout 1200000; | |
# same directive names, but these are in miliseconds... | |
proxy_connect_timeout 10000; | |
proxy_send_timeout 1200000; | |
proxy_read_timeout 1200000; | |
upstream builder { | |
server 10.133.214.158:2223; | |
} | |
server { | |
listen 2222; | |
proxy_pass builder; | |
} | |
} | |
## end builder |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment