toddysm/nginx.conf

## nginx.conf
events { }


http {
    proxy_buffers 32 160k;
    proxy_buffer_size 160k;
    proxy_read_timeout 3600;
    error_log /dev/stdout info;
    access_log /dev/stdout;

    map $http_authorization $auth {
       default   $http_authorization;
       ""        "${SAS_TOKEN}";
    }

    server {
        listen ${NGINX_DEFAULT_PORT} ssl default_server;

        chunked_transfer_encoding on;

        ssl_certificate        server.crt;
        ssl_certificate_key    private_key_server.pem;
        ssl_client_certificate trustedCA.crt;
        ssl_verify_depth 7;
        ssl_verify_client optional_no_ca;

        #if_tag ${BLOB_UPLOAD_ROUTE_ADDRESS}
        if ($http_x_ms_version)
        {
            rewrite ^(.*)$ /storage$1 last;
        }
        #endif_tag ${BLOB_UPLOAD_ROUTE_ADDRESS}
        #if_tag !${BLOB_UPLOAD_ROUTE_ADDRESS}
        if ($http_x_ms_version)
        {
            rewrite ^(.*)$ /parent$1 last;
        }
        #endif_tag ${BLOB_UPLOAD_ROUTE_ADDRESS}

        #if_tag ${DOCKER_REQUEST_ROUTE_ADDRESS}
        if ($uri ~ ^/v2*.)
        {
            rewrite ^(.*)$ /registry$1 last;
        }
        #endif_tag ${DOCKER_REQUEST_ROUTE_ADDRESS}
        #if_tag !${DOCKER_REQUEST_ROUTE_ADDRESS}
        if ($uri ~ ^/v2*.)
        {
            rewrite ^(.*)$ /parent$1 last;
        }
        #endif_tag ${DOCKER_REQUEST_ROUTE_ADDRESS}

        #if_tag ${DOCKER_REQUEST_ROUTE_ADDRESS}
        location ~^/registry/(.*) {
            proxy_http_version 1.1;
            resolver 127.0.0.11;
            set $upstream_endpoint http://${DOCKER_REQUEST_ROUTE_ADDRESS}/$1$is_args$args;
            proxy_pass $upstream_endpoint;
        }
        #endif_tag ${DOCKER_REQUEST_ROUTE_ADDRESS}

        #if_tag ${BLOB_UPLOAD_ROUTE_ADDRESS}
        location ~^/storage/(.*){
            resolver 127.0.0.11;
            proxy_http_version 1.1;
            set $upstream_endpoint http://${BLOB_UPLOAD_ROUTE_ADDRESS}/$1$is_args$args;
            proxy_pass $upstream_endpoint;
        }
        #endif_tag ${BLOB_UPLOAD_ROUTE_ADDRESS}

        #if_tag ${CONNECTED_ACR_ROUTE_ADDRESS}
        location /v2 {
            resolver 127.0.0.11;
            proxy_http_version 1.1;
            proxy_pass         http://${CONNECTED_ACR_ROUTE_ADDRESS};
            proxy_set_header   X-Forwarded-Host $http_host;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }

        location /acr {
            resolver 127.0.0.11;
            proxy_http_version 1.1;
            proxy_pass         http://${CONNECTED_ACR_ROUTE_ADDRESS};
            proxy_set_header   X-Forwarded-Host $http_host;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }
        #endif_tag ${CONNECTED_ACR_ROUTE_ADDRESS}

        #if_tag ${IOTEDGE_PARENTHOSTNAME}
        location ~^/parent/(.*) {
            proxy_http_version 1.1;
            resolver 127.0.0.11;
            #proxy_ssl_certificate     identity.crt;
            #proxy_ssl_certificate_key private_key_identity.pem;
            proxy_ssl_server_name on;
            proxy_ssl_name  ${IOTEDGE_PARENTAPIPROXYNAME};
            proxy_ssl_trusted_certificate trustedCA.crt;
            proxy_ssl_verify_depth 7;
            proxy_ssl_verify       on;
            proxy_pass          https://${IOTEDGE_PARENTHOSTNAME}:${NGINX_DEFAULT_PORT}/$1$is_args$args;
        }
        #endif_tag ${IOTEDGE_PARENTHOSTNAME}

        location ~^/devices|twins/ {
            resolver 127.0.0.11;
            proxy_http_version  1.1;
            proxy_ssl_verify    off;
            proxy_set_header    x-ms-edge-clientcert    $ssl_client_escaped_cert;
            proxy_set_header    Authorization $auth;
            set $upstream_endpoint https://edgeHub;
            proxy_pass $upstream_endpoint;
        }

        location ~^/.iothub/websocket {
            resolver 127.0.0.11;
            proxy_ssl_verify off;
            proxy_set_header x-ms-edge-clientcert $ssl_client_escaped_cert;
            proxy_set_header    Authorization $auth;
            set $upstream_endpoint https://edgeHub;
            proxy_pass $upstream_endpoint;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
        }
    }
}
	events { }


	http {
	proxy_buffers 32 160k;
	proxy_buffer_size 160k;
	proxy_read_timeout 3600;
	error_log /dev/stdout info;
	access_log /dev/stdout;

	map $http_authorization $auth {
	default $http_authorization;
	"" "${SAS_TOKEN}";
	}

	server {
	listen ${NGINX_DEFAULT_PORT} ssl default_server;

	chunked_transfer_encoding on;

	ssl_certificate server.crt;
	ssl_certificate_key private_key_server.pem;
	ssl_client_certificate trustedCA.crt;
	ssl_verify_depth 7;
	ssl_verify_client optional_no_ca;

	#if_tag ${BLOB_UPLOAD_ROUTE_ADDRESS}
	if ($http_x_ms_version)
	{
	rewrite ^(.*)$ /storage$1 last;
	}
	#endif_tag ${BLOB_UPLOAD_ROUTE_ADDRESS}
	#if_tag !${BLOB_UPLOAD_ROUTE_ADDRESS}
	if ($http_x_ms_version)
	{
	rewrite ^(.*)$ /parent$1 last;
	}
	#endif_tag ${BLOB_UPLOAD_ROUTE_ADDRESS}

	#if_tag ${DOCKER_REQUEST_ROUTE_ADDRESS}
	if ($uri ~ ^/v2*.)
	{
	rewrite ^(.*)$ /registry$1 last;
	}
	#endif_tag ${DOCKER_REQUEST_ROUTE_ADDRESS}
	#if_tag !${DOCKER_REQUEST_ROUTE_ADDRESS}
	if ($uri ~ ^/v2*.)
	{
	rewrite ^(.*)$ /parent$1 last;
	}
	#endif_tag ${DOCKER_REQUEST_ROUTE_ADDRESS}

	#if_tag ${DOCKER_REQUEST_ROUTE_ADDRESS}
	location ~^/registry/(.*) {
	proxy_http_version 1.1;
	resolver 127.0.0.11;
	set $upstream_endpoint http://${DOCKER_REQUEST_ROUTE_ADDRESS}/$1$is_args$args;
	proxy_pass $upstream_endpoint;
	}
	#endif_tag ${DOCKER_REQUEST_ROUTE_ADDRESS}

	#if_tag ${BLOB_UPLOAD_ROUTE_ADDRESS}
	location ~^/storage/(.*){
	resolver 127.0.0.11;
	proxy_http_version 1.1;
	set $upstream_endpoint http://${BLOB_UPLOAD_ROUTE_ADDRESS}/$1$is_args$args;
	proxy_pass $upstream_endpoint;
	}
	#endif_tag ${BLOB_UPLOAD_ROUTE_ADDRESS}

	#if_tag ${CONNECTED_ACR_ROUTE_ADDRESS}
	location /v2 {
	resolver 127.0.0.11;
	proxy_http_version 1.1;
	proxy_pass http://${CONNECTED_ACR_ROUTE_ADDRESS};
	proxy_set_header X-Forwarded-Host $http_host;
	proxy_set_header X-Forwarded-Proto $scheme;
	}

	location /acr {
	resolver 127.0.0.11;
	proxy_http_version 1.1;
	proxy_pass http://${CONNECTED_ACR_ROUTE_ADDRESS};
	proxy_set_header X-Forwarded-Host $http_host;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	#endif_tag ${CONNECTED_ACR_ROUTE_ADDRESS}

	#if_tag ${IOTEDGE_PARENTHOSTNAME}
	location ~^/parent/(.*) {
	proxy_http_version 1.1;
	resolver 127.0.0.11;
	#proxy_ssl_certificate identity.crt;
	#proxy_ssl_certificate_key private_key_identity.pem;
	proxy_ssl_server_name on;
	proxy_ssl_name ${IOTEDGE_PARENTAPIPROXYNAME};
	proxy_ssl_trusted_certificate trustedCA.crt;
	proxy_ssl_verify_depth 7;
	proxy_ssl_verify on;
	proxy_pass https://${IOTEDGE_PARENTHOSTNAME}:${NGINX_DEFAULT_PORT}/$1$is_args$args;
	}
	#endif_tag ${IOTEDGE_PARENTHOSTNAME}

	location ~^/devices\|twins/ {
	resolver 127.0.0.11;
	proxy_http_version 1.1;
	proxy_ssl_verify off;
	proxy_set_header x-ms-edge-clientcert $ssl_client_escaped_cert;
	proxy_set_header Authorization $auth;
	set $upstream_endpoint https://edgeHub;
	proxy_pass $upstream_endpoint;
	}

	location ~^/.iothub/websocket {
	resolver 127.0.0.11;
	proxy_ssl_verify off;
	proxy_set_header x-ms-edge-clientcert $ssl_client_escaped_cert;
	proxy_set_header Authorization $auth;
	set $upstream_endpoint https://edgeHub;
	proxy_pass $upstream_endpoint;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_set_header Host $host;
	}
	}
	}