nginx.conf.in 1.74 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
pid {{ parameter_dict['pid-file'] }};
error_log {{ parameter_dict['error-log'] }};

daemon off;

events {
  worker_connections 1024;
  accept_mutex off;
}

http {
     default_type application/octet-stream;
     access_log {{ parameter_dict['access-log'] }} combined;
     client_max_body_size 10M;
     map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
     }

     server {
21
        listen [{{ parameter_dict['ipv6'] }}]:{{ parameter_dict['ssl-port'] }} ssl;
22 23 24 25 26 27 28 29
        server_name _;
        ssl_certificate     {{ parameter_dict['ssl-certificate'] }};
        ssl_certificate_key {{ parameter_dict['ssl-key'] }};
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        keepalive_timeout 90s;

30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
        location / {
            proxy_redirect off;
            proxy_set_header   X-Forwarded-Proto $scheme;
            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host  $http_host;
            proxy_connect_timeout 200;

            proxy_pass {{ parameter_dict['repman-secure-url'] }};
        }
    }

    server {
        listen [{{ parameter_dict['ipv6'] }}]:{{ parameter_dict['port'] }};
        server_name _;

45 46 47 48 49 50 51 52 53 54 55
        location / {
            proxy_redirect off;
            proxy_set_header   X-Forwarded-Proto $scheme;
            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host  $http_host;
            proxy_connect_timeout 200;

            proxy_pass {{ parameter_dict['repman-url'] }};
        }
    }
}