github.com/uber/kraken@v0.1.4/nginx/config/base.go

github.com/uber/kraken@v0.1.4/nginx/config/base.go (about)

     1  // Copyright (c) 2016-2019 Uber Technologies, Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  package config
    15  
    16  // BaseTemplate defines the nginx template which all components share.
    17  const BaseTemplate = `
    18  worker_processes 4;
    19  worker_rlimit_nofile 4096;
    20  pid /tmp/nginx.pid;
    21  user root root;
    22  
    23  events {
    24    worker_connections 2048;
    25    # multi_accept on;
    26  }
    27  
    28  http {
    29  
    30    ##
    31    # Basic Settings
    32    ##
    33  
    34    sendfile on;
    35    tcp_nopush on;
    36    tcp_nodelay on;
    37    keepalive_timeout 65;
    38    types_hash_max_size 2048;
    39    # server_tokens off;
    40  
    41    # server_names_hash_bucket_size 64;
    42    # server_name_in_redirect off;
    43  
    44    include /etc/nginx/mime.types;
    45    default_type application/octet-stream;
    46  
    47    ##
    48    # Proxy Settings
    49    ##
    50  
    51    proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
    52    proxy_set_header  X-Forwarded-Proto $http_x_forwarded_proto;
    53    proxy_set_header  X-Real-IP         $remote_addr;
    54    proxy_set_header  X-Original-URI    $request_uri;
    55  
    56    # Overwrites http with $scheme if Location header is set to http by upstream.
    57    proxy_redirect ~^http://[^:]+:\d+(/.+)$ $1;
    58  
    59    ##
    60    # SSL Settings
    61    ##
    62  
    63    {{if .ssl_enabled}}
    64      ssl on;
    65      ssl_certificate {{.ssl_certificate}};
    66      ssl_certificate_key {{.ssl_certificate_key}};
    67      {{if .ssl_password_file}}
    68        ssl_password_file {{.ssl_password_file}};
    69      {{end}}
    70  
    71      # This is important to enforce client to use certificate.
    72      # The client of nginx cannot use a self-signed cert.
    73      ssl_verify_client on;
    74      ssl_client_certificate {{.ssl_client_certificate}};
    75    {{end}}
    76    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    77    ssl_prefer_server_ciphers on;
    78    ssl_ciphers ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5@SECLEVEL=1;
    79  
    80    ##
    81    # Logging Settings
    82    ##
    83  
    84    # access_log /var/log/nginx/access.log;
    85    error_log /var/log/nginx/error.log;
    86  
    87    # JSON log_format
    88    log_format json '{'
    89         '"verb":"$request_method",'
    90         '"path":"$request_uri",'
    91         '"bytes":$request_length,'
    92         '"request_scheme":"$scheme",'
    93         '"request_port":$server_port,'
    94         '"request_host":"$http_host",'
    95         '"clientip":"$remote_addr",'
    96         '"agent":"$http_user_agent",'
    97         '"response_redirect_location":"$sent_http_location",'
    98         '"response_length":$bytes_sent,'
    99         '"response_body_length":$body_bytes_sent,'
   100         '"responseStatusCode":"$status",'
   101         '"responseTime":$request_time,'
   102         '"esStatusCode":"$status",'
   103         '"content_type":"$content_type",'
   104         '"email":"$http_x_auth_params_email",'
   105         '"uberSource":"$http_x_uber_source",'
   106         '"callsite":"$http_x_uber_callsite",'
   107         '"app":"$http_x_uber_app",'
   108         '"request":"$request_uri",'
   109         '"connection":"$connection",'
   110         '"connection_requests":$connection_requests,'
   111         '"@timestamp":"$time_iso8601",'
   112         '"@source_host":"$hostname",'
   113         '"referer":"$http_referer",'
   114         '"service_name":"kraken",'
   115         '"message":"access log",'
   116         '"logtype":"access_log",'
   117         '"proxy_type":"nginx",'
   118         '"server_protocol":"$server_protocol",'
   119         '"proxy_host": "$proxy_host",'
   120         '"upstream_address":"$upstream_addr",'
   121         '"upstream_response_time":"$upstream_response_time"'
   122       '}';
   123  
   124    ##
   125    # Gzip Settings
   126    ##
   127  
   128    gzip off;
   129    gzip_disable "msie6";
   130  
   131    # gzip_vary on;
   132    # gzip_proxied any;
   133    # gzip_comp_level 6;
   134    # gzip_buffers 16 8k;
   135    # gzip_http_version 1.1;
   136  
   137    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
   138  
   139    ##
   140    # Virtual Host Configs
   141    ##
   142  
   143    include /etc/nginx/conf.d/*.conf;
   144  
   145    {{.site}}
   146  }
   147  `