github.com/amrnt/deis@v1.3.1/router/image/templates/nginx.conf (about)

     1  # required to run in a container
     2  daemon off;
     3  
     4  user www-data;
     5  worker_processes auto;
     6  pid /run/nginx.pid;
     7  
     8  events {
     9      worker_connections 768;
    10      # multi_accept on;
    11  }
    12  
    13  http {
    14      # basic settings
    15      sendfile on;
    16      tcp_nopush on;
    17      tcp_nodelay on;
    18      keepalive_timeout 65;
    19  
    20      types_hash_max_size 2048;
    21      server_names_hash_max_size {{ or (.deis_router_serverNameHashMaxSize) "512" }};
    22      server_names_hash_bucket_size {{ or (.deis_router_serverNameHashBucketSize) "64" }};
    23  
    24      include /opt/nginx/conf/mime.types;
    25      default_type application/octet-stream;
    26      {{ if .deis_router_gzip }}
    27      gzip {{ .deis_router_gzip }};
    28      gzip_comp_level {{ or .deis_router_gzipCompLevel "5" }};
    29      gzip_disable {{ or .deis_router_gzipDisable "\"msie6\"" }};
    30      gzip_http_version {{ or .deis_router_gzipHttpVersion "1.1" }};
    31      gzip_min_length {{ or .deis_router_gzipMinLength "256" }};
    32      gzip_types {{ or .deis_router_gzipTypes "application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component" }};
    33      gzip_proxied {{ or .deis_router_gzipProxied "any" }};
    34      gzip_vary {{ or .deis_router_gzipVary "on" }};
    35      {{ end }}
    36  
    37      {{ $useFirewall := or .deis_router_firewall_enabled "false" }}{{ if eq $useFirewall "true" }}# include naxsi rules
    38      include     /opt/nginx/firewall/naxsi_core.rules;
    39      include     /opt/nginx/firewall/naxsi_core.rules;
    40      include     /opt/nginx/firewall/web_apps.rules;
    41      include     /opt/nginx/firewall/scanner.rules;
    42      include     /opt/nginx/firewall/web_server.rules;{{ end }}
    43      {{ $firewallErrorCode := or (.deis_router_firewall_errorCode) "400" }}
    44  
    45      client_max_body_size {{ or (.deis_router_bodySize) "1m" }};
    46  
    47      log_format upstreaminfo '[$time_local] - $remote_addr - $remote_user - $status - "$request" - $bytes_sent - "$http_referer" - "$http_user_agent" - "$server_name" - $upstream_addr';
    48  
    49      # send logs to STDOUT so they can be seen using 'docker logs'
    50      access_log /opt/nginx/logs/access.log upstreaminfo;
    51      error_log  /opt/nginx/logs/error.log;
    52  
    53      map $http_upgrade $connection_upgrade {
    54          default upgrade;
    55          ''      close;
    56      }
    57  
    58      ## start deis-controller
    59      {{ if .deis_controller_host }}
    60      upstream deis-controller {
    61          server {{ .deis_controller_host }}:{{ .deis_controller_port }};
    62      }
    63      {{ end }}
    64  
    65      server {
    66          server_name ~^deis\.(?<domain>.+)$;
    67          include deis.conf;
    68  
    69          {{ if .deis_controller_host }}
    70          location / {
    71              {{ if eq $useFirewall "true" }}include                     /opt/nginx/firewall/active-mode.rules;{{ end }}
    72              proxy_buffering             off;
    73              proxy_set_header            Host $host;
    74              proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    75              proxy_redirect              off;
    76              proxy_connect_timeout       {{ or (.deis_router_controller_timeout_connect) "10s" }};
    77              proxy_send_timeout          {{ or (.deis_router_controller_timeout_send) "20m" }};
    78              proxy_read_timeout          {{ or (.deis_router_controller_timeout_read) "20m" }};
    79  
    80              proxy_pass                  http://deis-controller;
    81          }
    82          {{ else }}
    83          location / {
    84              return 503;
    85          }
    86          {{ end }}
    87  
    88          {{ if eq $useFirewall "true" }}location /RequestDenied {
    89              return {{ $firewallErrorCode }};
    90          }{{ end }}
    91      }
    92      ## end deis-controller
    93  
    94      ## start deis-store-gateway
    95      {{ if .deis_store_gateway_host }}
    96      upstream deis-store-gateway {
    97          server {{ .deis_store_gateway_host }}:{{ .deis_store_gateway_port }};
    98      }
    99      {{ end }}
   100  
   101      server {
   102          server_name ~^deis-store\.(?<domain>.+)$;
   103          include deis.conf;
   104  
   105          client_max_body_size            0;
   106  
   107          {{ if .deis_store_gateway_host }}
   108          location / {
   109              {{ if eq $useFirewall "true" }}include                     /opt/nginx/firewall/active-mode.rules;{{ end }}
   110              proxy_buffering             off;
   111              proxy_set_header            Host $host;
   112              proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
   113              proxy_redirect              off;
   114              proxy_connect_timeout       10s;
   115              proxy_send_timeout          1200s;
   116              proxy_read_timeout          1200s;
   117  
   118              proxy_pass                  http://deis-store-gateway;
   119          }
   120          {{ else }}
   121          location / {
   122              return 503;
   123          }
   124          {{ end }}
   125      }
   126      ## end deis-store-gateway
   127  
   128      ## start service definitions for each application
   129      {{ $useSSL := or .deis_router_sslCert "false" }}
   130      {{ $domains := .deis_domains }}{{ range $service := .deis_services }}{{ if $service.Nodes }}
   131      upstream {{ Base $service.Key }} {
   132          {{ range $upstream := $service.Nodes }}server {{ $upstream.Value }};
   133          {{ end }}
   134      }
   135      {{ end }}
   136  
   137      server {
   138          server_name ~^{{ Base $service.Key }}\.(?<domain>.+)${{ range $app_domains := $domains }}{{ if eq (Base $service.Key) (Base $app_domains.Key) }} {{ $app_domains.Value }}{{ end }}{{ end }};
   139          include deis.conf;
   140  
   141          {{ if $service.Nodes }}
   142          location / {
   143              {{ if eq $useFirewall "true" }}include                     /opt/nginx/firewall/active-mode.rules;{{ end }}
   144              proxy_buffering             off;
   145              proxy_set_header            Host $host;
   146              {{ if ne $useSSL "false" }}
   147              proxy_set_header            X-Forwarded-Proto $scheme;
   148              {{ end }}
   149              proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
   150              proxy_redirect              off;
   151              proxy_connect_timeout       30s;
   152              proxy_send_timeout          1200s;
   153              proxy_read_timeout          1200s;
   154              proxy_http_version          1.1;
   155              proxy_set_header            Upgrade           $http_upgrade;
   156              proxy_set_header            Connection        $connection_upgrade;
   157  
   158              proxy_next_upstream         error timeout http_502 http_503 http_504;
   159  
   160              add_header                  X-Deis-Upstream   $upstream_addr;
   161  
   162              proxy_pass                  http://{{ Base $service.Key }};
   163          }
   164          {{ else }}
   165          location / {
   166              return 503;
   167          }
   168          {{ end }}
   169          {{ if eq $useFirewall "true" }}location /RequestDenied {
   170              return {{ $firewallErrorCode }};
   171          }{{ end }}
   172      }
   173      {{ end }}
   174      ## end service definitions for each application
   175  
   176      # healthcheck
   177      server {
   178          listen 80 default_server;
   179          location /health-check {
   180              default_type 'text/plain';
   181              access_log off;
   182              return 200;
   183          }
   184      }
   185  }
   186  
   187  ## start builder
   188  {{ if .deis_builder_host }}
   189  tcp {
   190      access_log /opt/nginx/logs/git.log;
   191      tcp_nodelay on;
   192      timeout {{ or (.deis_router_builder_timeout_tcp) "1200000" }};
   193  
   194      # same directive names, but these are in miliseconds...
   195      proxy_connect_timeout       {{ or (.deis_router_builder_timeout_connect) "10000" }};
   196      proxy_send_timeout          {{ or (.deis_router_builder_timeout_send) "1200000" }};
   197      proxy_read_timeout          {{ or (.deis_router_builder_timeout_read) "1200000" }};
   198  
   199      upstream builder {
   200          server {{ .deis_builder_host }}:{{ .deis_builder_port }};
   201      }
   202  
   203      server {
   204          listen 2222;
   205          proxy_pass builder;
   206      }
   207  }{{ end }}
   208  ## end builder