dev config

1. worker_processes auto;
2. worker_rlimit_nofile 8192;
3.  
4. events {
5. worker_connections 8000;
6. multi_accept on;
7. }
8.  
9. http {
10. charset utf-8;
11. # what times to include
12. include /etc/nginx/mime.types;
13. # what is the default one
14. default_type application/octet-stream;
15.  
16. access_log /dev/stdout;
17. error_log /dev/stderr;
18.  
19. # Sets the path, format, and configuration for a buffered log write
20. # log_format trace '$remote_addr - $remote_user [$time_local] "$request" '
21. # '$status $body_bytes_sent "$http_referer" "$http_user_agent" '
22. # '"$http_x_forwarded_for" $request_id';
23.  
24.  
25. client_max_body_size 1M;
26.  
27. add_header X-Content-Type-Options nosniff;
28. add_header X-Frame-Options DENY;
29. add_header X-XSS-Protection "1; mode=block";
30. # add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; object-src 'none'";
31.  
32. gzip on;
33. gzip_static on;
34. gzip_comp_level 6;
35. gzip_vary on;
36. gzip_min_length 1024;
37. gzip_proxied any;
38. gzip_types text/plain text/html text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
39. gzip_buffers 16 8k;
40.  
41. resolver 127.0.0.11 ipv6=off valid=15s;
42. resolver_timeout 1s;
43.  
44. server {
45. listen 80 default_server;
46. listen [::]:80 default_server;
47. server_name .localhost;
48.  
49. server_tokens off;
50.  
51. location / {
52. default_type text/html;
53. return 200 'Home';
54. }
55. }
56.  
57. server {
58. listen 80;
59. listen [::]:80;
60. server_name admin.localhost;
61.  
62. server_tokens off;
63.  
64. # https://www.nginx.com/blog/dns-service-discovery-nginx-plus/
65. set $admin_api_servers admin-api;
66.  
67. location ~ ^/(.*)$ {
68. # block one workstation
69. # deny 192.168.1.1;
70. # allow anyone in 192.168.1.0/24
71. # allow 192.168.1.0/24;
72. # drop rest of the world
73. # deny all;
74.  
75. if ($request_method = 'OPTIONS') {
76. add_header 'Access-Control-Allow-Origin' "$http_origin";
77. add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS';
78. add_header 'Access-Control-Max-Age' 1728000;
79. add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
80. add_header 'Content-Type' 'text/plain; charset=utf-8';
81. add_header 'Content-Length' 0;
82. return 204;
83. }
84.  
85. if ($request_method = (GET|POST|OPTIONS|HEAD)) {
86. add_header 'Access-Control-Allow-Origin' "$http_origin";
87. add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS';
88. add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
89. add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
90. add_header 'Access-Control-Allow-Credentials' 'true';
91. }
92.  
93. proxy_pass http://$admin_api_servers:5000/$1;
94.  
95. proxy_buffering off;
96. proxy_pass_header Server;
97.  
98. proxy_set_header Upgrade $http_upgrade;
99. proxy_set_header Connection "upgrade";
100. proxy_set_header Host $http_host;
101. proxy_set_header X-NginX-Proxy true;
102. proxy_set_header X-Real-IP $remote_addr;
103. proxy_set_header X-Forwarded-Proto $scheme;
104. proxy_set_header X-Forwarded-Host $server_name;
105. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
106.  
107. proxy_connect_timeout 3000;
108. proxy_send_timeout 3000;
109. proxy_read_timeout 3000;
110. send_timeout 3000;
111.  
112. proxy_ignore_headers "Cache-Control" "Expires" "X-Accel-Expires" "Set-Cookie";
113. }
114. }
115.  
116.  
117.  
118. server {
119. listen 80;
120. listen [::]:80;
121. server_name customer.localhost;
122.  
123. server_tokens off;
124.  
125. # https://www.nginx.com/blog/dns-service-discovery-nginx-plus/
126. set $customer_api_servers customer-api;
127.  
128. location / {
129. if ($request_method = 'HEAD') {
130. return 204;
131. }
132. }
133.  
134. location ~ ^/(.*)$ {
135.  
136. if ($request_method = 'OPTIONS') {
137. add_header 'Access-Control-Allow-Origin' "$http_origin";
138. add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS';
139. add_header 'Access-Control-Max-Age' 1728000;
140. add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
141. add_header 'Content-Type' 'text/plain; charset=utf-8';
142. add_header 'Content-Length' 0;
143. return 204;
144. }
145.  
146. if ($request_method = (GET|POST|OPTIONS|HEAD)) {
147. add_header 'Access-Control-Allow-Origin' "$http_origin";
148. add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS';
149. add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
150. add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
151. add_header 'Access-Control-Allow-Credentials' 'true';
152. }
153.  
154. proxy_pass http://$customer_api_servers:5000/$1;
155.  
156. proxy_buffering off;
157. proxy_pass_header Server;
158.  
159. proxy_set_header Upgrade $http_upgrade;
160. proxy_set_header Connection "upgrade";
161. proxy_set_header Host $http_host;
162. proxy_set_header X-NginX-Proxy true;
163. proxy_set_header X-Real-IP $remote_addr;
164. proxy_set_header X-Forwarded-Proto $scheme;
165. proxy_set_header X-Forwarded-Host $server_name;
166. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
167.  
168. proxy_connect_timeout 3000;
169. proxy_send_timeout 3000;
170. proxy_read_timeout 3000;
171. send_timeout 3000;
172.  
173. proxy_ignore_headers "Cache-Control" "Expires" "X-Accel-Expires" "Set-Cookie";
174. }
175. }
176.  
177. server {
178. listen 80;
179. listen [::]:80;
180. server_name supplier.localhost;
181.  
182. server_tokens off;
183.  
184. # https://www.nginx.com/blog/dns-service-discovery-nginx-plus/
185. set $supplier_api_servers supplier-api;
186.  
187. location / {
188. if ($request_method = 'HEAD') {
189. return 204;
190. }
191. }
192.  
193. location ~ ^/(.*)$ {
194. if ($request_method = 'OPTIONS') {
195. add_header 'Access-Control-Allow-Origin' "$http_origin";
196. add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS';
197. add_header 'Access-Control-Max-Age' 1728000;
198. add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
199. add_header 'Content-Type' 'text/plain; charset=utf-8';
200. add_header 'Content-Length' 0;
201. return 204;
202. }
203.  
204. if ($request_method = (GET|POST|OPTIONS|HEAD)) {
205. add_header 'Access-Control-Allow-Origin' "$http_origin";
206. add_header 'Access-Control-Allow-Methods' 'GET, POST, HEAD, OPTIONS';
207. add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
208. add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
209. add_header 'Access-Control-Allow-Credentials' 'true';
210. }
211.  
212. proxy_pass http://$supplier_api_servers:5000/$1;
213.  
214. proxy_buffering off;
215. proxy_pass_header Server;
216.  
217. proxy_set_header Upgrade $http_upgrade;
218. proxy_set_header Connection "upgrade";
219. proxy_set_header Host $http_host;
220. proxy_set_header X-NginX-Proxy true;
221. proxy_set_header X-Real-IP $remote_addr;
222. proxy_set_header X-Forwarded-Proto $scheme;
223. proxy_set_header X-Forwarded-Host $server_name;
224. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
225.  
226. proxy_connect_timeout 3000;
227. proxy_send_timeout 3000;
228. proxy_read_timeout 3000;
229. send_timeout 3000;
230.  
231. proxy_ignore_headers "Cache-Control" "Expires" "X-Accel-Expires" "Set-Cookie";
232. }
233.  
234. }
235.  
236. }