chef/site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb

#
# Generated by Chef
#
upstream _<%= @app_name %> {
<% @upstream_hosts.each do |host| -%>
  server <%= host %>:<%= @upstream_port %>;
<% end -%>
}

# TODO use cookbook attribute when enabling
# variables_hash_max_size 2048;

server {
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>80;
  listen [::]:80;
  server_name <%= @server_name %>;
  # Redirect to https
  location / {
    return 301 https://<%= @server_name %>$request_uri;
  }
}

server {
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
  listen [::]:443 ssl http2;
  server_name <%= @server_name %>;

  access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log; # TODO json_liquor_cabinet;
  error_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.error.log warn;

  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";

  # TODO
  # log_by_lua_file "<%= @log_by_lua_file %>";

  # We need strong ETags, disable compression
  gzip off;
  # brotli off;
  # pagespeed off;

  # Set a large maximum upload size
  client_max_body_size <%= @max_upload_size %>m;

  # TODO
  # Use rate limiting (the zone is defined in
  # /etc/nginx/conf.d/rate_limiting.conf)
  # limit_req zone=per_ip burst=5000;

  location = / {
    return 301 <%= @root_redirect_url %>;
  }

  location / {
    try_files $uri @proxy;
  }

  location @proxy {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;

    proxy_redirect off;

    proxy_buffering on;
    # Increase number of buffers. Default is 8
    proxy_buffers 1024 8k;

    # Needed for big uploads
    proxy_read_timeout 180s;
    proxy_send_timeout 180s;

    proxy_pass http://_<%= @app_name %>;

    proxy_next_upstream error timeout http_502 http_500;
  }

  ssl_certificate <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
}