## ## nginx.conf -- NGINX server configuration ## user @l_nusr@ @l_ngrp@; error_log @l_prefix@/var/nginx/log/nginx.log notice; pid @l_prefix@/var/nginx/run/nginx.pid; worker_processes 8; worker_rlimit_nofile 8192; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log @l_prefix@/var/nginx/log/nginx.access.log main; sendfile on; tcp_nopush on; keepalive_timeout 65; gzip off; map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 127.0.0.1:6644; access_log off; allow 127.0.0.0/8; deny all; location / { stub_status on; } } server { listen 127.0.0.1:8080; listen 127.0.0.1:8443 ssl http2; server_name localhost; add_header Alternate-Protocol 443:npn-spdy/2; ssl_certificate @l_prefix@/etc/x509/example-server.crt.pem; ssl_certificate_key @l_prefix@/etc/x509/example-server.key.pem; ssl_trusted_certificate @l_prefix@/etc/x509/example-ca.crt.pem; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; ssl_ecdh_curve secp384r1; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_session_timeout 10m; ssl_stapling on; ssl_stapling_verify on; proxy_http_version 1.1; location / { root @l_prefix@/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root @l_prefix@/share/nginx/html; } location ~ ^/example/ { proxy_pass http://example_backends; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_redirect off; proxy_buffering off; proxy_connect_timeout 240; proxy_send_timeout 240; proxy_read_timeout 240; error_page 301 302 307 @redir; } location @redir { set $target $upstream_http_location; proxy_pass $target; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; proxy_buffering off; proxy_connect_timeout 240; proxy_send_timeout 240; proxy_read_timeout 240; } include @l_prefix@/etc/nginx/nginx.d/*.conf; } upstream example_backends { server 127.0.0.1:8000 weight=3; server 127.0.0.1:8001; server 127.0.0.1:8002; server 127.0.0.1:8003; } }