Created
September 18, 2013 19:38
-
-
Save toastedpenguin/6614408 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
worker_processes 2; | |
events { | |
worker_connections 1024; | |
} | |
error_log /var/log/nginx/debug debug; | |
http { | |
include mime.types; | |
default_type application/octet-stream; | |
root /var/www/html; | |
ignore_invalid_headers on; | |
client_header_timeout 240; | |
client_body_timeout 240; | |
send_timeout 240; | |
client_max_body_size 100m; | |
# Basic Proxy Settings | |
proxy_buffer_size 128k; | |
proxy_buffers 8 128k; | |
proxy_cache_path /var/cache/nginx/ levels=1:2 keys_zone=tchis:250m max_size=1000m inactive=1d; | |
proxy_temp_path /var/cache/nginx/proxy_temp; | |
# Enable GZIP | |
gzip on; | |
gzip_http_version 1.1; | |
gzip_min_length 1000; | |
gzip_buffers 16 8k; | |
gzip_disable "MSIE [1-6] \."; | |
gzip_types text/css text/xml application/x-javascript application/atom+xml text/plain; | |
gzip_vary on; | |
gzip_proxied any; | |
upstream tomcat_server { | |
# Tomcat is listening on default 8081 port | |
server 10.51.10.60:8081 fail_timeout=0; | |
} | |
server { | |
listen 10.51.10.110:80; | |
server_name example.com; | |
return 301 https://example.com$uri ; | |
} | |
server { | |
server_name example.com; | |
listen 10.51.10.110:443 ssl; | |
ssl_certificate /etc/ssl/certs/entrust/wc_example.com/wc_example.com_chain.crt; | |
ssl_certificate_key /etc/ssl/certs/entrust/wc_example.com/wc_example.com.key; | |
server_tokens off; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
ssl_session_timeout 10m; | |
ssl_session_cache shared:SSL:10m; | |
#ssl_session_cache builtin:1000 shared:SSL:10m; | |
ssl_stapling on; | |
resolver 10.51.2.252; | |
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:!MD5:!aNULL; | |
keepalive_timeout 5; | |
add_header Strict-Transport-Security max-age=2592000; | |
rewrite_log on; | |
location / { | |
ModSecurityEnabled on; | |
ModSecurityConfig modsecurity.conf; | |
proxy_pass http://tomcat_server; | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header X-Forwarded-Server $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_http_version 1.1; | |
proxy_set_header Connection ""; | |
proxy_connect_timeout 240; | |
proxy_send_timeout 240; | |
proxy_read_timeout 240; | |
proxy_cache tchis; | |
proxy_cache_valid 200 302 60m; | |
proxy_cache_valid 404 1m; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment