Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- user www-data;
- worker_processes auto;
- worker_rlimit_nofile 1024;
- pid /run/nginx.pid;
- include /etc/nginx/modules-enabled/*.conf;
- events {
- worker_connections 768;
- multi_accept on;
- }
- http {
- ##
- # Basic Settings
- ##
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- # server_tokens off;
- # server_names_hash_bucket_size 64;
- # server_name_in_redirect off;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- ##
- # SSL Settings
- ##
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
- ssl_prefer_server_ciphers on;
- ##
- # Logging Settings
- ##
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
- ##
- # Gzip Settings
- ##
- gzip on;
- gzip_disable "msie6";
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_buffers 16 8k;
- gzip_http_version 1.1;
- gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
- upstream cws {
- ip_hash;
- keepalive 500;
- server 127.0.0.1:8888;
- # Insert other CWSs here.
- }
- # To benefit from kept-alive connections also on AdminWebServer a
- # group for it has to be created as well, even if it will contain
- # just one server.
- upstream aws {
- keepalive 5;
- server 127.0.0.1:8889;
- }
- # Group the RankingWebServers to load balance among them (useful to
- # overcome the hard limit on simultaneous open file descriptors if
- # you expect a very large number of clients).
- upstream rws {
- keepalive 500;
- server 127.0.0.1:8890;
- # Insert other RWSs here.
- }
- # Force HTTPS.
- #server {
- # listen 80;
- # server_name ioi-server;
- # location / {
- # rewrite ^/(.*)$ https://ioi-server/$1;
- # }
- #}
- server {
- listen 80;
- listen 443 default_server;
- server_name ioi-server;
- # Have the nginx server be the HTTPS endpoint, authenticating
- # and decripting the connection, forwarding plain HTTP requests
- # upstream. To learn how to generate a self-signed certificate
- # see http://wiki.nginx.org/HttpSslModule.
- # ssl on;
- # ssl_certificate /etc/nginx/ssl/server.crt;
- # ssl_certificate_key /etc/nginx/ssl/server.key;
- # Serve phppgadmin on a prefix. This assumes that you have the
- # phppgadmin and php7.2-fpm packages properly installed and
- # configured.
- location /phppgadmin/ {
- alias /usr/share/phppgadmin/;
- index index.php;
- # Protect it with an IP address whitelist.
- allow 127.0.0.1;
- # Insert other allowed IP addesses or subnets here.
- deny all;
- # Authentication will be required by phppgadmin, no need to
- # enforce it here.
- # Serve the static files with a (likely) correct MIME type.
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- try_files $uri $uri/ =404;
- location ~ \.php$ {
- fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- }
- }
- # Serve AWS on a prefix.
- location /aws/ {
- proxy_pass http://aws/;
- include proxy_params;
- proxy_redirect / /aws/;
- proxy_redirect http://$host/ /aws/;
- proxy_redirect https://$host/ /aws/;
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- # Protect it with an authentication. For more information
- # see http://wiki.nginx.org/HttpAuthBasicModule.
- #auth_basic "AdminWebServer";
- #auth_basic_user_file /etc/nginx/htpasswd_AWS;
- # Protect it with an IP address whitelist.
- allow 127.0.0.1;
- allow 10.10.188.0/24;
- # Insert other allowed IP addesses or subnets here.
- deny all;
- # Allow to upload large files (e.g. testcases).
- client_max_body_size 100M;
- }
- # Serve RWS on a prefix.
- location /rws/ {
- proxy_pass http://rws/;
- include proxy_params;
- proxy_redirect / /rws/;
- proxy_redirect http://$host/ /rws/;
- proxy_redirect https://$host/ /rws/;
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- # Buffering blocks the streaming HTTP requests used for
- # live-update.
- proxy_buffering off;
- # Protect it with an authentication. For more information
- # see http://wiki.nginx.org/HttpAuthBasicModule.
- #auth_basic "RankingWebServer";
- #auth_basic_user_file /etc/nginx/htpasswd_RWS;
- # Protect it with an IP address whitelist.
- allow 127.0.0.1;
- allow 10.10.188.0/24;
- # Insert other allowed IP addesses or subnets here.
- deny all;
- }
- # Serve CWS unprefixed.
- location / {
- proxy_pass http://cws/;
- include proxy_params;
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- # Needs to be as large as the maximum allowed submission
- # and input lengths set in cms.conf.
- client_max_body_size 50M;
- }
- }
- ##
- # Virtual Host Configs
- ##
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
- }
- #mail {
- # # See sample authentication script at:
- # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
- #
- # # auth_http localhost/auth.php;
- # # pop3_capabilities "TOP" "USER";
- # # imap_capabilities "IMAP4rev1" "UIDPLUS";
- #
- # server {
- # listen localhost:110;
- # protocol pop3;
- # proxy on;
- # }
- #
- # server {
- # listen localhost:143;
- # protocol imap;
- # proxy on;
- # }
- #}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement