nginx: advanced configuration

1. charset UTF-8;
2. error_log logs/error.log ${{LOG_LEVEL}};
3. > if anonymous_reports then
4. ${{SYSLOG_REPORTS}}
5. > end
6. > if nginx_optimizations then
7. >-- send_timeout 60s; # default value
8. >-- keepalive_timeout 75s; # default value
9. >-- client_body_timeout 60s; # default value
10. >-- client_header_timeout 60s; # default value
11. >-- tcp_nopush on; # disabled until benchmarked
12. >-- proxy_buffer_size 128k; # disabled until benchmarked
13. >-- proxy_buffers 4 256k; # disabled until benchmarked
14. >-- proxy_busy_buffers_size 256k; # disabled until benchmarked
15. >-- reset_timedout_connection on; # disabled until benchmarked
16. > end
17. client_max_body_size 1m;
18. proxy_ssl_server_name on;
19. underscores_in_headers on;
20. real_ip_header X-Forwarded-For;
21. set_real_ip_from 0.0.0.0/0;
22. real_ip_recursive on;
23. lua_package_path '${{LUA_PACKAGE_PATH}};;';
24. lua_package_cpath '${{LUA_PACKAGE_CPATH}};;';
25. lua_code_cache ${{LUA_CODE_CACHE}};
26. lua_socket_pool_size ${{LUA_SOCKET_POOL_SIZE}};
27. lua_max_running_timers 4096;
28. lua_max_pending_timers 16384;
29. lua_shared_dict kong 4m;
30. lua_shared_dict cache ${{MEM_CACHE_SIZE}};
31. lua_shared_dict cache_locks 100k;
32. lua_shared_dict process_events 1m;
33. lua_shared_dict cassandra 5m;
34. lua_socket_log_errors off;
35. > if lua_ssl_trusted_certificate then
36. lua_ssl_trusted_certificate '${{LUA_SSL_TRUSTED_CERTIFICATE}}';
37. lua_ssl_verify_depth ${{LUA_SSL_VERIFY_DEPTH}};
38. > end
39. init_by_lua_block {
40. require 'resty.core'
41. kong = require 'kong'
42. kong.init()
43. }
44. init_worker_by_lua_block {
45. kong.init_worker()
46. }
47. proxy_next_upstream_tries 999;
48. upstream kong_upstream {
49. server 0.0.0.1;
50. balancer_by_lua_block {
51. kong.balancer()
52. }
53. keepalive ${{UPSTREAM_KEEPALIVE}};
54. }
55. map $http_upgrade $upstream_connection {
56. default keep-alive;
57. websocket upgrade;
58. }
59. map $http_upgrade $upstream_upgrade {
60. default '';
61. websocket websocket;
62. }
63. server {
64. server_name kong;
65. listen ${{PROXY_LISTEN}};
66. error_page 404 408 411 412 413 414 417 /kong_error_handler;
67. error_page 500 502 503 504 /kong_error_handler;
68. access_log logs/access.log;
69. > if ssl then
70. listen ${{PROXY_LISTEN_SSL}} ssl;
71. ssl_certificate ${{SSL_CERT}};
72. ssl_certificate_key ${{SSL_CERT_KEY}};
73. ssl_protocols TLSv1.1 TLSv1.2;
74. ssl_certificate_by_lua_block {
75. kong.ssl_certificate()
76. }
77. > end
78. location / {
79. set $upstream_host nil;
80. set $upstream_scheme nil;
81. access_by_lua_block {
82. kong.access()
83. }
84. proxy_http_version 1.1;
85. proxy_set_header X-Real-IP $remote_addr;
86. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
87. proxy_set_header X-Forwarded-Proto $scheme;
88. proxy_set_header Host $upstream_host;
89. proxy_set_header Upgrade $upstream_upgrade;
90. proxy_set_header Connection $upstream_connection;
91. proxy_pass_header Server;
92. proxy_pass $upstream_scheme://kong_upstream;
93. header_filter_by_lua_block {
94. kong.header_filter()
95. }
96. body_filter_by_lua_block {
97. kong.body_filter()
98. }
99. log_by_lua_block {
100. kong.log()
101. }
102. }
103. location = /kong_error_handler {
104. internal;
105. content_by_lua_block {
106. require('kong.core.error_handlers')(ngx)
107. }
108. }
109. }
110. server {
111. server_name kong_admin;
112. listen ${{ADMIN_LISTEN}};
113. access_log logs/admin_access.log;
114. client_max_body_size 10m;
115. client_body_buffer_size 10m;
116. > if admin_ssl then
117. listen ${{ADMIN_LISTEN_SSL}} ssl;
118. ssl_certificate ${{ADMIN_SSL_CERT}};
119. ssl_certificate_key ${{ADMIN_SSL_CERT_KEY}};
120. ssl_protocols TLSv1.1 TLSv1.2;
121. > end
122. location / {
123. default_type application/json;
124. content_by_lua_block {
125. ngx.header['Access-Control-Allow-Origin'] = '*'
126. ngx.header['Access-Control-Allow-Credentials'] = 'false'
127. if ngx.req.get_method() == 'OPTIONS' then
128. ngx.header['Access-Control-Allow-Methods'] = 'GET,HEAD,PUT,PATCH,POST,DELETE'
129. ngx.header['Access-Control-Allow-Headers'] = 'Content-Type'
130. ngx.exit(204)
131. end
132. require('lapis').serve('kong.api')
133. }
134. }
135. location /nginx_status {
136. internal;
137. access_log off;
138. stub_status;
139. }
140. location /robots.txt {
141. return 200 'User-agent: *\nDisallow: /';
142. }
143. }