github.com/nginxinc/kubernetes-ingress@v1.12.5/internal/configs/version1/nginx.ingress.tmpl

# configuration for {{.Ingress.Namespace}}/{{.Ingress.Name}}
{{range $upstream := .Upstreams}}
upstream {{$upstream.Name}} {
	{{if ne $upstream.UpstreamZoneSize "0"}}zone {{$upstream.Name}} {{$upstream.UpstreamZoneSize}};{{end}}
	{{if $upstream.LBMethod }}{{$upstream.LBMethod}};{{end}}
	{{range $server := $upstream.UpstreamServers}}
	server {{$server.Address}}:{{$server.Port}} max_fails={{$server.MaxFails}} fail_timeout={{$server.FailTimeout}} max_conns={{$server.MaxConns}};{{end}}
	{{if $.Keepalive}}keepalive {{$.Keepalive}};{{end}}
}{{end}}

{{range $server := .Servers}}
server {
	{{if not $server.GRPCOnly}}
	{{range $port := $server.Ports}}
	listen {{$port}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};
	{{- end}}
	{{end}}

	{{if $server.SSL}}
	{{if $server.TLSPassthrough}}
	listen unix:/var/lib/nginx/passthrough-https.sock ssl{{if $server.HTTP2}} http2{{end}} proxy_protocol;
	set_real_ip_from unix:;
	real_ip_header proxy_protocol;
	{{else}}
	{{- range $port := $server.SSLPorts}}
	listen {{$port}} ssl{{if $server.HTTP2}} http2{{end}}{{if $server.ProxyProtocol}} proxy_protocol{{end}};
	{{- end}}
	{{end}}
	{{if $server.SSLRejectHandshake}}
	ssl_reject_handshake on;
	{{else}}
	ssl_certificate {{$server.SSLCertificate}};
	ssl_certificate_key {{$server.SSLCertificateKey}};
	{{end}}
	{{end}}

	{{range $setRealIPFrom := $server.SetRealIPFrom}}
	set_real_ip_from {{$setRealIPFrom}};{{end}}
	{{if $server.RealIPHeader}}real_ip_header {{$server.RealIPHeader}};{{end}}
	{{if $server.RealIPRecursive}}real_ip_recursive on;{{end}}

	server_tokens {{$server.ServerTokens}};

	server_name {{$server.Name}};

	set $resource_type "ingress";
	set $resource_name "{{$.Ingress.Name}}";
	set $resource_namespace "{{$.Ingress.Namespace}}";

	{{range $proxyHideHeader := $server.ProxyHideHeaders}}
	proxy_hide_header {{$proxyHideHeader}};{{end}}
	{{range $proxyPassHeader := $server.ProxyPassHeaders}}
	proxy_pass_header {{$proxyPassHeader}};{{end}}

	{{- if and $server.HSTS (or $server.SSL $server.HSTSBehindProxy)}}
	set $hsts_header_val "";
	proxy_hide_header Strict-Transport-Security;
	{{- if $server.HSTSBehindProxy}}
	if ($http_x_forwarded_proto = 'https') {
	{{else}}
	if ($https = on) {
	{{- end}}
		set $hsts_header_val "max-age={{$server.HSTSMaxAge}}; {{if $server.HSTSIncludeSubdomains}}includeSubDomains; {{end}}preload";
	}

	add_header Strict-Transport-Security "$hsts_header_val" always;
	{{end}}

	{{if $server.SSL}}
	{{if not $server.GRPCOnly}}
	{{- if $server.SSLRedirect}}
	if ($scheme = http) {
		return 301 https://$host:{{index $server.SSLPorts 0}}$request_uri;
	}
	{{- end}}
	{{end}}
	{{- end}}

	{{- if $server.RedirectToHTTPS}}
	if ($http_x_forwarded_proto = 'http') {
		return 301 https://$host$request_uri;
	}
	{{- end}}

	{{- if $server.ServerSnippets}}
	{{range $value := $server.ServerSnippets}}
	{{$value}}{{end}}
	{{- end}}

	{{range $location := $server.Locations}}
	location {{$location.Path}} {
		set $service "{{$location.ServiceName}}"; 
		{{with $location.MinionIngress}}
		# location for minion {{$location.MinionIngress.Namespace}}/{{$location.MinionIngress.Name}}
		set $resource_name "{{$location.MinionIngress.Name}}";
		set $resource_namespace "{{$location.MinionIngress.Namespace}}";
		{{end}}
		{{if $location.GRPC}}
		{{if not $server.GRPCOnly}}
		error_page 400 @grpcerror400;
		error_page 401 @grpcerror401;
		error_page 403 @grpcerror403;
		error_page 404 @grpcerror404;
		error_page 405 @grpcerror405;
		error_page 408 @grpcerror408;
		error_page 414 @grpcerror414;
		error_page 426 @grpcerror426;
		error_page 500 @grpcerror500;
		error_page 501 @grpcerror501;
		error_page 502 @grpcerror502;
		error_page 503 @grpcerror503;
		error_page 504 @grpcerror504;
		{{end}}

		{{- if $location.LocationSnippets}}
		{{range $value := $location.LocationSnippets}}
		{{$value}}{{end}}
		{{- end}}

		grpc_connect_timeout {{$location.ProxyConnectTimeout}};
		grpc_read_timeout {{$location.ProxyReadTimeout}};
		grpc_send_timeout {{$location.ProxySendTimeout}};
		grpc_set_header Host $host;
		grpc_set_header X-Real-IP $remote_addr;
		grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		grpc_set_header X-Forwarded-Host $host;
		grpc_set_header X-Forwarded-Port $server_port;
		grpc_set_header X-Forwarded-Proto {{if $server.RedirectToHTTPS}}https{{else}}$scheme{{end}};

		{{- if $location.ProxyBufferSize}}
		grpc_buffer_size {{$location.ProxyBufferSize}};
		{{- end}}
		{{if $location.SSL}}
		grpc_pass grpcs://{{$location.Upstream.Name}}{{$location.Rewrite}};
		{{else}}
		grpc_pass grpc://{{$location.Upstream.Name}}{{$location.Rewrite}};
		{{end}}
		{{else}}
		proxy_http_version 1.1;
		{{if $location.Websocket}}
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
		{{- else}}
		{{- if $.Keepalive}}proxy_set_header Connection "";{{end}}
		{{- end}}

		{{- if $location.LocationSnippets}}
		{{range $value := $location.LocationSnippets}}
		{{$value}}{{end}}
		{{- end}}

		proxy_connect_timeout {{$location.ProxyConnectTimeout}};
		proxy_read_timeout {{$location.ProxyReadTimeout}};
		proxy_send_timeout {{$location.ProxySendTimeout}};
		client_max_body_size {{$location.ClientMaxBodySize}};
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header X-Forwarded-Port $server_port;
		proxy_set_header X-Forwarded-Proto {{if $server.RedirectToHTTPS}}https{{else}}$scheme{{end}};
		proxy_buffering {{if $location.ProxyBuffering}}on{{else}}off{{end}};

		{{- if $location.ProxyBuffers}}
		proxy_buffers {{$location.ProxyBuffers}};
		{{- end}}
		{{- if $location.ProxyBufferSize}}
		proxy_buffer_size {{$location.ProxyBufferSize}};
		{{- end}}
		{{- if $location.ProxyMaxTempFileSize}}
		proxy_max_temp_file_size {{$location.ProxyMaxTempFileSize}};
		{{- end}}
		{{if $location.SSL}}
		proxy_pass https://{{$location.Upstream.Name}}{{$location.Rewrite}};
		{{else}}
		proxy_pass http://{{$location.Upstream.Name}}{{$location.Rewrite}};
		{{end}}
		{{end}}
	}{{end}}
	{{if $server.GRPCOnly}}
	error_page 400 @grpcerror400;
	error_page 401 @grpcerror401;
	error_page 403 @grpcerror403;
	error_page 404 @grpcerror404;
	error_page 405 @grpcerror405;
	error_page 408 @grpcerror408;
	error_page 414 @grpcerror414;
	error_page 426 @grpcerror426;
	error_page 500 @grpcerror500;
	error_page 501 @grpcerror501;
	error_page 502 @grpcerror502;
	error_page 503 @grpcerror503;
	error_page 504 @grpcerror504;
	{{end}}
	{{if $server.HTTP2}}
	location @grpcerror400 { default_type application/grpc; return 400 "\n"; }
	location @grpcerror401 { default_type application/grpc; return 401 "\n"; }
	location @grpcerror403 { default_type application/grpc; return 403 "\n"; }
	location @grpcerror404 { default_type application/grpc; return 404 "\n"; }
	location @grpcerror405 { default_type application/grpc; return 405 "\n"; }
	location @grpcerror408 { default_type application/grpc; return 408 "\n"; }
	location @grpcerror414 { default_type application/grpc; return 414 "\n"; }
	location @grpcerror426 { default_type application/grpc; return 426 "\n"; }
	location @grpcerror500 { default_type application/grpc; return 500 "\n"; }
	location @grpcerror501 { default_type application/grpc; return 501 "\n"; }
	location @grpcerror502 { default_type application/grpc; return 502 "\n"; }
	location @grpcerror503 { default_type application/grpc; return 503 "\n"; }
	location @grpcerror504 { default_type application/grpc; return 504 "\n"; }
	{{end}}
}{{end}}