worker_processes {{ parameter_dict['workers-processes'] }}; pid {{ parameter_dict['pid-file'] }}; error_log {{ parameter_dict['error-log'] }}; daemon off; events { worker_connections 1024; accept_mutex off; } http { # include mime.types; default_type application/octet-stream; access_log {{ parameter_dict['access-log'] }} combined; client_max_body_size 10M; map $http_upgrade $connection_upgrade { default upgrade; '' close; } sendfile on; upstream app_server { # for UNIX domain socket setups server unix:{{ parameter_dict['socket'] }} fail_timeout=0; } {% if parameter_dict['cert-file'] and parameter_dict['key-file'] -%} server { listen [{{ parameter_dict['ip'] }}]:{{ parameter_dict['https-port'] }} ssl; server_name _; ssl_certificate {{ parameter_dict['cert-file'] }}; ssl_certificate_key {{ parameter_dict['key-file'] }}; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; keepalive_timeout 90s; client_body_temp_path {{ parameter_dict['client-body-temp-path'] }}; proxy_temp_path {{ parameter_dict['proxy-temp-path'] }}; fastcgi_temp_path {{ parameter_dict['fastcgi-temp-path'] }}; uwsgi_temp_path {{ parameter_dict['uwsgi-temp-path'] }}; scgi_temp_path {{ parameter_dict['scgi-temp-path'] }}; location / { proxy_redirect off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header Host $http_host; proxy_set_header Authorization $http_authorization; proxy_pass_header Authorization; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; send_timeout 90; proxy_pass http://app_server; } } {% endif -%} server { listen [{{ parameter_dict['ip'] }}]:{{ parameter_dict['port'] }}; server_name _; keepalive_timeout 90s; client_body_temp_path {{ parameter_dict['client-body-temp-path'] }}; proxy_temp_path {{ parameter_dict['proxy-temp-path'] }}; fastcgi_temp_path {{ parameter_dict['fastcgi-temp-path'] }}; uwsgi_temp_path {{ parameter_dict['uwsgi-temp-path'] }}; scgi_temp_path {{ parameter_dict['scgi-temp-path'] }}; location ~ ^(/admin|/user) { # http is not used for /admin and /user } location / { proxy_redirect off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header Host $http_host; proxy_set_header Authorization $http_authorization; proxy_pass_header Authorization; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; send_timeout 90; proxy_pass http://app_server; } } }