80 lines
1.9 KiB
Plaintext
80 lines
1.9 KiB
Plaintext
#
|
|
# Generated by Chef
|
|
#
|
|
upstream _<%= @app_name %> {
|
|
<% @upstream_hosts.each do |host| -%>
|
|
server <%= host %>:<%= @upstream_port %>;
|
|
<% end -%>
|
|
}
|
|
|
|
# TODO use cookbook attribute when enabling
|
|
# variables_hash_max_size 2048;
|
|
|
|
server {
|
|
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>80;
|
|
listen [::]:80;
|
|
server_name <%= @server_name %>;
|
|
# Redirect to https
|
|
location / {
|
|
return 301 https://<%= @server_name %>$request_uri;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name <%= @server_name %>;
|
|
|
|
access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log; # TODO json_liquor_cabinet;
|
|
error_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.error.log warn;
|
|
|
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
|
|
|
|
# TODO
|
|
# log_by_lua_file "<%= @log_by_lua_file %>";
|
|
|
|
# We need strong ETags, disable compression
|
|
gzip off;
|
|
# brotli off;
|
|
# pagespeed off;
|
|
|
|
# Set a large maximum upload size
|
|
client_max_body_size <%= @max_upload_size %>m;
|
|
|
|
# TODO
|
|
# Use rate limiting (the zone is defined in
|
|
# /etc/nginx/conf.d/rate_limiting.conf)
|
|
# limit_req zone=per_ip burst=5000;
|
|
|
|
location = / {
|
|
return 301 <%= @root_redirect_url %>;
|
|
}
|
|
|
|
location / {
|
|
try_files $uri @proxy;
|
|
}
|
|
|
|
location @proxy {
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_set_header Host $http_host;
|
|
|
|
proxy_redirect off;
|
|
|
|
proxy_buffering on;
|
|
# Increase number of buffers. Default is 8
|
|
proxy_buffers 1024 8k;
|
|
|
|
# Needed for big uploads
|
|
proxy_read_timeout 180s;
|
|
proxy_send_timeout 180s;
|
|
|
|
proxy_pass http://_<%= @app_name %>;
|
|
|
|
proxy_next_upstream error timeout http_502 http_500;
|
|
}
|
|
|
|
ssl_certificate <%= @ssl_cert %>;
|
|
ssl_certificate_key <%= @ssl_key %>;
|
|
}
|