90 lines
2.5 KiB
Cheetah
90 lines
2.5 KiB
Cheetah
server {
|
|
listen 80 default_server;
|
|
server_name _; # This is just an invalid value which will never trigger on a real hostname.
|
|
error_log /proc/self/fd/2;
|
|
access_log /proc/self/fd/1;
|
|
return 503;
|
|
}
|
|
|
|
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
|
|
upstream {{ $host }} {
|
|
|
|
{{ range $index, $value := $containers }}
|
|
|
|
{{ $addrLen := len $value.Addresses }}
|
|
{{/* If only 1 port exposed, use that */}}
|
|
{{ if eq $addrLen 1 }}
|
|
{{ with $address := index $value.Addresses 0 }}
|
|
# {{$value.Name}}
|
|
server {{ $address.IP }}:{{ $address.Port }};
|
|
{{ end }}
|
|
|
|
{{/* If more than one port exposed, use the one matching VIRTUAL_PORT env var */}}
|
|
{{ else if $value.Env.VIRTUAL_PORT }}
|
|
{{ range $i, $address := $value.Addresses }}
|
|
{{ if eq $address.Port $value.Env.VIRTUAL_PORT }}
|
|
# {{$value.Name}}
|
|
server {{ $address.IP }}:{{ $address.Port }};
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
{{/* Else default to standard web port 80 */}}
|
|
{{ else }}
|
|
{{ range $i, $address := $value.Addresses }}
|
|
{{ if eq $address.Port "80" }}
|
|
# {{$value.Name}}
|
|
server {{ $address.IP }}:{{ $address.Port }};
|
|
{{ end }}
|
|
{{ end }}
|
|
{{ end }}
|
|
{{ end }}
|
|
}
|
|
|
|
server {
|
|
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
|
|
|
server_name {{ $host }};
|
|
proxy_buffering off;
|
|
error_log /proc/self/fd/2;
|
|
access_log /proc/self/fd/1;
|
|
|
|
location / {
|
|
proxy_pass http://{{ $host }};
|
|
include /etc/nginx/proxy_params;
|
|
|
|
# HTTP 1.1 support
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
}
|
|
}
|
|
|
|
server {
|
|
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
|
|
|
listen 443;
|
|
server_name {{ $host }};
|
|
proxy_buffering off;
|
|
error_log /proc/self/fd/2;
|
|
access_log /proc/self/fd/1;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/nginx/certificates/server.crt;
|
|
ssl_certificate_key /etc/nginx/certificates/server.key;
|
|
ssl_session_timeout 5m;
|
|
ssl_protocols SSLv3 TLSv1;
|
|
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
location / {
|
|
proxy_pass http://{{ $host }};
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_set_header Connection "";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https; # help the backend application differenciate between HTTP/HTTPS
|
|
proxy_set_header HTTPS on;
|
|
}
|
|
}
|
|
{{ end }}
|