github.com/amrnt/deis@v1.3.1/router/image/templates/nginx.conf (about) 1 # required to run in a container 2 daemon off; 3 4 user www-data; 5 worker_processes auto; 6 pid /run/nginx.pid; 7 8 events { 9 worker_connections 768; 10 # multi_accept on; 11 } 12 13 http { 14 # basic settings 15 sendfile on; 16 tcp_nopush on; 17 tcp_nodelay on; 18 keepalive_timeout 65; 19 20 types_hash_max_size 2048; 21 server_names_hash_max_size {{ or (.deis_router_serverNameHashMaxSize) "512" }}; 22 server_names_hash_bucket_size {{ or (.deis_router_serverNameHashBucketSize) "64" }}; 23 24 include /opt/nginx/conf/mime.types; 25 default_type application/octet-stream; 26 {{ if .deis_router_gzip }} 27 gzip {{ .deis_router_gzip }}; 28 gzip_comp_level {{ or .deis_router_gzipCompLevel "5" }}; 29 gzip_disable {{ or .deis_router_gzipDisable "\"msie6\"" }}; 30 gzip_http_version {{ or .deis_router_gzipHttpVersion "1.1" }}; 31 gzip_min_length {{ or .deis_router_gzipMinLength "256" }}; 32 gzip_types {{ or .deis_router_gzipTypes "application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component" }}; 33 gzip_proxied {{ or .deis_router_gzipProxied "any" }}; 34 gzip_vary {{ or .deis_router_gzipVary "on" }}; 35 {{ end }} 36 37 {{ $useFirewall := or .deis_router_firewall_enabled "false" }}{{ if eq $useFirewall "true" }}# include naxsi rules 38 include /opt/nginx/firewall/naxsi_core.rules; 39 include /opt/nginx/firewall/naxsi_core.rules; 40 include /opt/nginx/firewall/web_apps.rules; 41 include /opt/nginx/firewall/scanner.rules; 42 include /opt/nginx/firewall/web_server.rules;{{ end }} 43 {{ $firewallErrorCode := or (.deis_router_firewall_errorCode) "400" }} 44 45 client_max_body_size {{ or (.deis_router_bodySize) "1m" }}; 46 47 log_format upstreaminfo '[$time_local] - $remote_addr - $remote_user - $status - "$request" - $bytes_sent - "$http_referer" - "$http_user_agent" - "$server_name" - $upstream_addr'; 48 49 # send logs to STDOUT so they can be seen using 'docker logs' 50 access_log /opt/nginx/logs/access.log upstreaminfo; 51 error_log /opt/nginx/logs/error.log; 52 53 map $http_upgrade $connection_upgrade { 54 default upgrade; 55 '' close; 56 } 57 58 ## start deis-controller 59 {{ if .deis_controller_host }} 60 upstream deis-controller { 61 server {{ .deis_controller_host }}:{{ .deis_controller_port }}; 62 } 63 {{ end }} 64 65 server { 66 server_name ~^deis\.(?<domain>.+)$; 67 include deis.conf; 68 69 {{ if .deis_controller_host }} 70 location / { 71 {{ if eq $useFirewall "true" }}include /opt/nginx/firewall/active-mode.rules;{{ end }} 72 proxy_buffering off; 73 proxy_set_header Host $host; 74 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 75 proxy_redirect off; 76 proxy_connect_timeout {{ or (.deis_router_controller_timeout_connect) "10s" }}; 77 proxy_send_timeout {{ or (.deis_router_controller_timeout_send) "20m" }}; 78 proxy_read_timeout {{ or (.deis_router_controller_timeout_read) "20m" }}; 79 80 proxy_pass http://deis-controller; 81 } 82 {{ else }} 83 location / { 84 return 503; 85 } 86 {{ end }} 87 88 {{ if eq $useFirewall "true" }}location /RequestDenied { 89 return {{ $firewallErrorCode }}; 90 }{{ end }} 91 } 92 ## end deis-controller 93 94 ## start deis-store-gateway 95 {{ if .deis_store_gateway_host }} 96 upstream deis-store-gateway { 97 server {{ .deis_store_gateway_host }}:{{ .deis_store_gateway_port }}; 98 } 99 {{ end }} 100 101 server { 102 server_name ~^deis-store\.(?<domain>.+)$; 103 include deis.conf; 104 105 client_max_body_size 0; 106 107 {{ if .deis_store_gateway_host }} 108 location / { 109 {{ if eq $useFirewall "true" }}include /opt/nginx/firewall/active-mode.rules;{{ end }} 110 proxy_buffering off; 111 proxy_set_header Host $host; 112 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 113 proxy_redirect off; 114 proxy_connect_timeout 10s; 115 proxy_send_timeout 1200s; 116 proxy_read_timeout 1200s; 117 118 proxy_pass http://deis-store-gateway; 119 } 120 {{ else }} 121 location / { 122 return 503; 123 } 124 {{ end }} 125 } 126 ## end deis-store-gateway 127 128 ## start service definitions for each application 129 {{ $useSSL := or .deis_router_sslCert "false" }} 130 {{ $domains := .deis_domains }}{{ range $service := .deis_services }}{{ if $service.Nodes }} 131 upstream {{ Base $service.Key }} { 132 {{ range $upstream := $service.Nodes }}server {{ $upstream.Value }}; 133 {{ end }} 134 } 135 {{ end }} 136 137 server { 138 server_name ~^{{ Base $service.Key }}\.(?<domain>.+)${{ range $app_domains := $domains }}{{ if eq (Base $service.Key) (Base $app_domains.Key) }} {{ $app_domains.Value }}{{ end }}{{ end }}; 139 include deis.conf; 140 141 {{ if $service.Nodes }} 142 location / { 143 {{ if eq $useFirewall "true" }}include /opt/nginx/firewall/active-mode.rules;{{ end }} 144 proxy_buffering off; 145 proxy_set_header Host $host; 146 {{ if ne $useSSL "false" }} 147 proxy_set_header X-Forwarded-Proto $scheme; 148 {{ end }} 149 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 150 proxy_redirect off; 151 proxy_connect_timeout 30s; 152 proxy_send_timeout 1200s; 153 proxy_read_timeout 1200s; 154 proxy_http_version 1.1; 155 proxy_set_header Upgrade $http_upgrade; 156 proxy_set_header Connection $connection_upgrade; 157 158 proxy_next_upstream error timeout http_502 http_503 http_504; 159 160 add_header X-Deis-Upstream $upstream_addr; 161 162 proxy_pass http://{{ Base $service.Key }}; 163 } 164 {{ else }} 165 location / { 166 return 503; 167 } 168 {{ end }} 169 {{ if eq $useFirewall "true" }}location /RequestDenied { 170 return {{ $firewallErrorCode }}; 171 }{{ end }} 172 } 173 {{ end }} 174 ## end service definitions for each application 175 176 # healthcheck 177 server { 178 listen 80 default_server; 179 location /health-check { 180 default_type 'text/plain'; 181 access_log off; 182 return 200; 183 } 184 } 185 } 186 187 ## start builder 188 {{ if .deis_builder_host }} 189 tcp { 190 access_log /opt/nginx/logs/git.log; 191 tcp_nodelay on; 192 timeout {{ or (.deis_router_builder_timeout_tcp) "1200000" }}; 193 194 # same directive names, but these are in miliseconds... 195 proxy_connect_timeout {{ or (.deis_router_builder_timeout_connect) "10000" }}; 196 proxy_send_timeout {{ or (.deis_router_builder_timeout_send) "1200000" }}; 197 proxy_read_timeout {{ or (.deis_router_builder_timeout_read) "1200000" }}; 198 199 upstream builder { 200 server {{ .deis_builder_host }}:{{ .deis_builder_port }}; 201 } 202 203 server { 204 listen 2222; 205 proxy_pass builder; 206 } 207 }{{ end }} 208 ## end builder