Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##### File /etc/nginx/nginx.conf:
- user www-data;
- worker_processes 4;
- pid /var/run/nginx.pid;
- events {
- worker_connections 768;
- }
- http {
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
- gzip on;
- gzip_disable "msie6";
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
- }
- ##### File /etc/nginx/conf.d/portal-upstreams.conf:
- upstream portal-upstream {
- server web01 weight=10 max_fails=3 fail_timeout=30s;
- server web02 weight=10 max_fails=3 fail_timeout=30s;
- }
- ##### File /etc/nginx/sites-enabled
- server {
- listen 80;
- server_name portal.domain.com;
- rewrite ^ https://portal.domain.com$request_uri? permanent;
- proxy_no_cache 1;
- proxy_cache_bypass 1;
- }
- server {
- listen 443 ssl;
- server_name portal.domain.com;
- access_log /var/log/nginx/access.log vhost_proxy;
- ssl on;
- ssl_certificate /etc/ssl/certs/domain.com.chained.crt;
- ssl_certificate_key /etc/ssl/private/domain.com.key;
- ssl_session_timeout 3h;
- keepalive_timeout 1m;
- ssl_protocols SSLv3 TLSv1;
- ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
- ssl_prefer_server_ciphers on;
- proxy_no_cache 1;
- proxy_cache_bypass 1;
- client_max_body_size 2G;
- client_body_buffer_size 256k;
- location / {
- proxy_pass http://portal-upstream;
- proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_read_timeout 60s; #time between reads, not whole response
- proxy_redirect off;
- }
- location /favicon.ico {
- rewrite ^ http://static.domain.com/favicon.ico permanent;
- }
- }
RAW Paste Data
