| 1 | server {
|
|---|
| 2 | listen 443 ssl default_server;
|
|---|
| 3 | # listen 443 ssl http2 default_server;
|
|---|
| 4 | server_name aws1.api.vic.net;
|
|---|
| 5 |
|
|---|
| 6 | #RESTRICTIONS
|
|---|
| 7 | large_client_header_buffers 32 2k;
|
|---|
| 8 | client_max_body_size 8M;
|
|---|
| 9 | client_body_buffer_size 8M;
|
|---|
| 10 | proxy_buffering off;
|
|---|
| 11 | proxy_max_temp_file_size 0;
|
|---|
| 12 | etag off;
|
|---|
| 13 |
|
|---|
| 14 | # underscores_in_headers on;
|
|---|
| 15 | # ignore_invalid_headers off;
|
|---|
| 16 | #ssl_protocols TLSv1.3;
|
|---|
| 17 | ssl_protocols TLSv1.2 TLSv1.3;
|
|---|
| 18 |
|
|---|
| 19 | #SSL Configuration
|
|---|
| 20 | ssl_certificate "/etc/nginx/Ta6X_Server_9000.crt";
|
|---|
| 21 | ssl_certificate_key "/etc/nginx/Ta6X_Server_9000.key";
|
|---|
| 22 |
|
|---|
| 23 |
|
|---|
| 24 | #Client Certificates
|
|---|
| 25 | ssl_client_certificate "/etc/nginx/ca.crt";
|
|---|
| 26 | ssl_verify_client on;
|
|---|
| 27 |
|
|---|
| 28 | #Default nginx parameters.
|
|---|
| 29 | ssl_session_cache shared:SSL:10m;
|
|---|
| 30 | ssl_session_timeout 60m;
|
|---|
| 31 | ssl_ciphers HIGH:!aNULL:!MD5;
|
|---|
| 32 | ssl_prefer_server_ciphers on;
|
|---|
| 33 |
|
|---|
| 34 | proxy_read_timeout 75s;
|
|---|
| 35 | # proxy_set_header Host $http_host;
|
|---|
| 36 | # proxy_set_header X-Real-IP $remote_addr;
|
|---|
| 37 | # proxy_set_header X-Forwarded-Host $host;
|
|---|
| 38 | # proxy_set_header X-Forwarded-Server $host;
|
|---|
| 39 | # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|---|
| 40 | proxy_buffer_size 128k;
|
|---|
| 41 | proxy_buffers 4 256k;
|
|---|
| 42 | proxy_busy_buffers_size 256k;
|
|---|
| 43 | proxy_http_version 1.1;
|
|---|
| 44 | proxy_set_header Connection "";
|
|---|
| 45 |
|
|---|
| 46 | #Echo header
|
|---|
| 47 |
|
|---|
| 48 | add_header comm-context $http_comm_context;
|
|---|
| 49 |
|
|---|
| 50 |
|
|---|
| 51 | location / {
|
|---|
| 52 |
|
|---|
| 53 | proxy_http_version 1.1;
|
|---|
| 54 | proxy_set_header Connection "";
|
|---|
| 55 | keepalive_timeout 28800s;
|
|---|
| 56 | keepalive_requests 300000;
|
|---|
| 57 | include naxsi.rules;
|
|---|
| 58 | limit_req zone=limitreq burst=350 nodelay;
|
|---|
| 59 | proxy_read_timeout 75s;
|
|---|
| 60 | proxy_set_header asp-ip $remote_addr;
|
|---|
| 61 | proxy_pass http://haproxy;
|
|---|
| 62 | add_header cl_conn_ctx $http_cl_conn_ctx always;
|
|---|
| 63 | proxy_set_header TC_VERIFY "";
|
|---|
| 64 | proxy_redirect off;
|
|---|
| 65 | }
|
|---|
| 66 |
|
|---|
| 67 | location ~ (A|B) {
|
|---|
| 68 |
|
|---|
| 69 | proxy_http_version 1.1;
|
|---|
| 70 | proxy_set_header Connection "";
|
|---|
| 71 | keepalive_timeout 28800s;
|
|---|
| 72 | keepalive_requests 300000;
|
|---|
| 73 | include naxsi.rules;
|
|---|
| 74 | limit_req zone=limitreq burst=350 nodelay;
|
|---|
| 75 | proxy_read_timeout 75s;
|
|---|
| 76 | proxy_set_header asp-ip $remote_addr;
|
|---|
| 77 | proxy_pass http://haproxy;
|
|---|
| 78 | add_header cl_conn_ctx $http_cl_conn_ctx always;
|
|---|
| 79 | access_log /var/log/nginx/custom_access.log main buffer=10k flush=1s;
|
|---|
| 80 | access_log /var/log/nginx/custom_access_abnormal.log errors buffer=10k flush=1s if=$abnormal;
|
|---|
| 81 | error_log /var/log/nginx/custom_error.log warn;
|
|---|
| 82 | proxy_redirect off;
|
|---|
| 83 | }
|
|---|
| 84 |
|
|---|
| 85 |
|
|---|
| 86 | include /etc/nginx/errors.conf;
|
|---|
| 87 | }
|
|---|
