#/etc/nginx/nginx.conf:
################################################################################
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $request_id';

    access_log  /var/log/nginx/access.log  main;
    error_log  /var/log/nginx/error.log  error;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    client_body_buffer_size     32k;
    client_header_buffer_size   32k;
    large_client_header_buffers 4 32k;

    proxy_buffer_size   128k;
    proxy_buffers   4 256k;
    proxy_busy_buffers_size   256k;

    server_tokens off;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

}

#/etc/nginx/conf.d/domain.conf
################################################################################
server {
    listen               80;
    server_name          .domain.com;

    return 301 https://$host$request_uri;
}

server {
    listen               443 ssl;
    server_name         .domain.com;

    ssl                 on;
    ssl_certificate     /ssl/domain_com.chained.crt;
    ssl_certificate_key /ssl/domain_com.key;

    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;

    add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Xss-Protection "1; mode=block" always;

    ssl_dhparam         /ssl/dh_param.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;

    ssl_stapling            on;
    ssl_stapling_verify     on;
    ssl_trusted_certificate /ssl/ca-cert.pem;

    access_log /var/log/nginx/access_443.log  main;
    error_log  /var/log/nginx/error_443.log  error;

    include /etc/nginx/location.d/*.conf;

}

#/etc/nginx/location.d/authorization.conf
################################################################################
location /uaa/ {

    access_log /var/log/nginx/auth/access.log  main;
    error_log  /var/log/nginx/auth/error.log  error;

    proxy_pass            http://localhost:9999/uaa/;
    proxy_http_version    1.1;
    proxy_read_timeout    1200;
    proxy_connect_timeout 240;

    proxy_set_header      Host              $host;
    proxy_set_header      X-Real-IP         $remote_addr;
    proxy_set_header      X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header      X-Forwarded-Host  $host;
    proxy_set_header      X-Forwarded-Proto $scheme;


    proxy_set_header      InteractionID     $request_id;


    client_max_body_size  100M;
}
