Nginx config maybe - bahkified/Notes GitHub Wiki
This probably is run through a Puppet script. The variables at the end are the configurations for a local deployment for testing.
#user nobody;
worker_processes <%=NGINX_PROCESSES%>;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections <%=NGINX_CONNECTIONS%>;
}
<% if HTTPS %>
http {
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
upstream backend {
<% TOMCAT_SERVERS.each do |server| %>
server <%=server[:host]%>:<%=server[:port]%>;
<% end %>
}
# HTTP server
#
server {
listen 80;
location / {
rewrite ^(.*) https://$host/lens/login permanent;
}
}
# HTTPS server
#
server {
listen 443;
server_name localhost;
keepalive_timeout 70;
client_max_body_size 4m;
ssl on;
ssl_certificate <%=server[:ssl_cert]%>;
ssl_certificate_key <%=server[:ssl_key]%>;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
rewrite ^(.*) /lens/login permanent;
}
location /static {
alias <%=server[:home]%>/html/static;
}
error_page 502 /error.html;
location =/error.html {
root <%=server[:home]%>/html/static;
}
location /lens {
proxy_pass http://backend;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ \.nocache\. {
proxy_pass http://backend;
add_header Cache-Control no-store;
}
location ~ /css/ {
proxy_pass http://backend;
add_header Cache-Control no-store;
}
location ~ /images/ {
proxy_pass http://backend;
add_header Cache-Control no-cache;
}
location /lens/services/ {
proxy_pass http://backend;
add_header Cache-Control no-store;
}
location /lens/images/cached/ {
proxy_pass http://backend;
add_header Cache-Control "max-age=1296000, private";
add_header Expires "Wed, 31 Dec 2025 23:55:55 GMT";
}
location /lens/services/cached/ {
proxy_pass http://backend;
add_header Cache-Control "max-age=1296000, private";
add_header Expires "Wed, 31 Dec 2025 23:55:55 GMT";
}
location /lens/automation {
deny all;
}
location /lens/client/atmosphere/stream {
proxy_pass http://backend;
proxy_buffering off;
proxy_send_timeout <%=LONG_TIMEOUT%>;
proxy_read_timeout <%=LONG_TIMEOUT%>;
client_body_timeout <%=LONG_TIMEOUT%>;
send_timeout <%=LONG_TIMEOUT%>;
}
}
<% else %>
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
upstream backend {
<% TOMCAT_SERVERS.each do |server| %>
server <%=server[:host]%>:<%=server[:port]%>;
<% end %>
}
# HTTP server
#
server {
listen 80;
location / {
rewrite ^(.*) /lens/login permanent;
}
location /static {
alias <%=server[:home]%>/html/static;
}
error_page 502 /error.html;
location =/error.html {
root <%=server[:home]%>/html/static;
}
location /lens {
proxy_pass http://backend;
}
location ~ \.nocache\. {
proxy_pass http://backend;
add_header Cache-Control no-store;
}
location ~ /css/ {
proxy_pass http://backend;
add_header Cache-Control no-store;
}
location ~ /images/ {
proxy_pass http://backend;
add_header Cache-Control no-cache;
}
location /lens/services/ {
proxy_pass http://backend;
add_header Cache-Control no-store;
}
location /lens/images/cached/ {
proxy_pass http://backend;
add_header Cache-Control "max-age=1296000, private";
add_header Expires "Wed, 31 Dec 2025 23:55:55 GMT";
}
location /lens/services/cached/ {
proxy_pass http://backend;
add_header Cache-Control "max-age=1296000, private";
add_header Expires "Wed, 31 Dec 2025 23:55:55 GMT";
}
location /lens/automation {
deny all;
}
location /lens/client/atmosphere/stream {
proxy_pass http://backend;
proxy_buffering off;
proxy_send_timeout <%=LONG_TIMEOUT%>;
proxy_read_timeout <%=LONG_TIMEOUT%>;
client_body_timeout <%=LONG_TIMEOUT%>;
send_timeout <%=LONG_TIMEOUT%>;
}
}
<% end %>
}
###### NGINX SETTINGS ###############
NGINX_SERVERS = [
{
:host => "localhost",
:home => "/data1/llp/nginx",
:ssl_cert => "/data1/llp/ssl_certs/server.crt",
:ssl_key => "/data1/llp/ssl_certs/server.key"
}
]
LONG_TIMEOUT=300
NGINX_PROCESSES=1
NGINX_CONNECTIONS=1024
HTTPS=true
############## JVM SETTINGS ######
JVM_MEM_MIN="1024m"
JVM_MEM_MAX="1024m"
JVM_PERM_SIZE="256m"
APP_DYNAMICS_AGENT_PATH=""
############## APPLICATION SERVER SETTINGS ######
TOMCAT_SERVERS = [
{
:host => "localhost",
:port => "8081",
:multicast_port => "228.0.0.4",
:shutdown_port => "8006",
:home => "/data1/llp/tomcat",
:jmx_port => "8998"
},
]