-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf
161 lines (126 loc) · 3.91 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
user nginx;
worker_processes 4;
pid /run/nginx.pid;
daemon off;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
worker_rlimit_nofile 40000;
thread_pool default threads=32 max_queue=65536;
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
proxy_buffer_size 64k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
client_body_buffer_size 64K;
client_body_timeout 10;
client_header_buffer_size 64k;
client_header_timeout 60;
client_max_body_size 100m;
keepalive_timeout 60;
large_client_header_buffers 4 64k;
send_timeout 60;
proxy_http_version 1.1;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_static on;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_proxied any;
gzip_vary on;
gzip_comp_level 6;
gzip_buffers 16 16k;
gzip_http_version 1.1;
aio threads;
#http to https 301 redirect for all domains
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket_ws {
server websocket:8089;
}
upstream webapp_fpm {
server webapp:9000;
}
upstream vault_fpm {
server vault:9000;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
add_header X-Content-Type-Options nosniff;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers off;
ssl_certificate /etc/nginx/app.pem;
ssl_certificate_key /etc/nginx/app.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:25m;
ssl_session_tickets off;
resolver 1.1.1.1;
real_ip_recursive on;
set_real_ip_from 0.0.0.0/0;
set_real_ip_from ::/128;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
location @vault {
include fastcgi_params;
fastcgi_pass vault_fpm;
fastcgi_param DOCUMENT_ROOT /var/www/public;
fastcgi_param SCRIPT_FILENAME /var/www/public/index.php;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param REQUEST_URI /$uri?$args;
fastcgi_buffering off;
}
root /var/www/public;
index index.php;
location /vault {
rewrite ^/vault/(.*)$ $1 break;
try_files $uri @vault;
}
location / {
include /etc/nginx/proxy.conf;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET';
location /socketserver {
proxy_pass http://websocket_ws;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
# Docker healthcheck
location /nginx-health {
access_log off;
return 200 "healthy\n";
}
try_files $uri /index.php$is_args$args;
location ~ \.php(/|$) {
include fastcgi_params;
fastcgi_pass webapp_fpm;
fastcgi_param DOCUMENT_ROOT /var/www/public;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
internal;
}
}
}
include /etc/nginx/localhost.conf;
}