Guest User

Untitled

a guest
Jul 23rd, 2012
24
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ##### File /etc/nginx/nginx.conf:
  2. user www-data;
  3. worker_processes 4;
  4. pid /var/run/nginx.pid;
  5.  
  6. events {
  7. worker_connections 768;
  8. }
  9.  
  10. http {
  11. sendfile on;
  12. tcp_nopush on;
  13. tcp_nodelay on;
  14. keepalive_timeout 65;
  15. types_hash_max_size 2048;
  16. include /etc/nginx/mime.types;
  17. default_type application/octet-stream;
  18. access_log /var/log/nginx/access.log;
  19. error_log /var/log/nginx/error.log;
  20. gzip on;
  21. gzip_disable "msie6";
  22. include /etc/nginx/conf.d/*.conf;
  23. include /etc/nginx/sites-enabled/*;
  24. }
  25.  
  26.  
  27. ##### File /etc/nginx/conf.d/portal-upstreams.conf:
  28. upstream portal-upstream {
  29. server web01 weight=10 max_fails=3 fail_timeout=30s;
  30. server web02 weight=10 max_fails=3 fail_timeout=30s;
  31. }
  32.  
  33.  
  34. ##### File /etc/nginx/sites-enabled
  35. server {
  36. listen 80;
  37. server_name portal.domain.com;
  38. rewrite ^ https://portal.domain.com$request_uri? permanent;
  39. proxy_no_cache 1;
  40. proxy_cache_bypass 1;
  41. }
  42. server {
  43. listen 443 ssl;
  44. server_name portal.domain.com;
  45. access_log /var/log/nginx/access.log vhost_proxy;
  46. ssl on;
  47. ssl_certificate /etc/ssl/certs/domain.com.chained.crt;
  48. ssl_certificate_key /etc/ssl/private/domain.com.key;
  49. ssl_session_timeout 3h;
  50. keepalive_timeout 1m;
  51. ssl_protocols SSLv3 TLSv1;
  52. ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
  53. ssl_prefer_server_ciphers on;
  54. proxy_no_cache 1;
  55. proxy_cache_bypass 1;
  56. client_max_body_size 2G;
  57. client_body_buffer_size 256k;
  58. location / {
  59. proxy_pass http://portal-upstream;
  60. proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
  61. proxy_set_header Host $host;
  62. proxy_set_header X-Real-IP $remote_addr;
  63. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  64. proxy_set_header X-Forwarded-Proto https;
  65. proxy_read_timeout 60s; #time between reads, not whole response
  66. proxy_redirect off;
  67. }
  68. location /favicon.ico {
  69. rewrite ^ http://static.domain.com/favicon.ico permanent;
  70. }
  71. }
RAW Paste Data