74 lines
1.9 KiB
Text
74 lines
1.9 KiB
Text
|
# vim: ft=nginx
|
||
|
|
||
|
set_real_ip_from 0.0.0.0/0;
|
||
|
real_ip_recursive on;
|
||
|
log_format lb_logs '$remote_addr ($proxy_protocol_addr) '
|
||
|
'- $remote_user [$time_local] '
|
||
|
'"$request" $status $body_bytes_sent '
|
||
|
'"$http_referer" "$http_user_agent" '
|
||
|
'($request_time $request_length $upstream_response_time)';
|
||
|
|
||
|
types_hash_max_size 2048;
|
||
|
include /etc/opt/rh/rh-nginx112/nginx/mime.types;
|
||
|
|
||
|
default_type application/octet-stream;
|
||
|
|
||
|
access_log /var/log/nginx/access.log;
|
||
|
error_log /var/log/nginx/error.log;
|
||
|
client_body_temp_path /tmp/nginx 1 2;
|
||
|
proxy_temp_path /tmp/nginx-proxy;
|
||
|
fastcgi_temp_path /tmp/nginx-fastcgi;
|
||
|
uwsgi_temp_path /tmp/nginx-uwsgi;
|
||
|
scgi_temp_path /tmp/nginx-scgi;
|
||
|
|
||
|
sendfile on;
|
||
|
|
||
|
gzip on;
|
||
|
gzip_http_version 1.0;
|
||
|
gzip_proxied any;
|
||
|
gzip_min_length 500;
|
||
|
gzip_disable "MSIE [1-6]\.";
|
||
|
gzip_types text/plain text/xml text/css
|
||
|
text/javascript application/x-javascript
|
||
|
application/javascript image/svg+xml
|
||
|
application/octet-stream;
|
||
|
|
||
|
map $proxy_protocol_addr $proper_forwarded_for {
|
||
|
"" $proxy_add_x_forwarded_for;
|
||
|
default $proxy_protocol_addr;
|
||
|
}
|
||
|
|
||
|
map $http_x_forwarded_proto $proper_scheme {
|
||
|
default $scheme;
|
||
|
https https;
|
||
|
}
|
||
|
|
||
|
upstream web_app_server {
|
||
|
server unix:/tmp/gunicorn_web.sock fail_timeout=0;
|
||
|
}
|
||
|
upstream jwtproxy_secscan {
|
||
|
server unix:/tmp/jwtproxy_secscan.sock fail_timeout=0;
|
||
|
}
|
||
|
upstream verbs_app_server {
|
||
|
server unix:/tmp/gunicorn_verbs.sock fail_timeout=0;
|
||
|
}
|
||
|
upstream registry_app_server {
|
||
|
server unix:/tmp/gunicorn_registry.sock fail_timeout=0;
|
||
|
}
|
||
|
|
||
|
# NOTE: Exposed for the _internal_ping *only*. All other secscan routes *MUST* go through
|
||
|
# the jwtproxy.
|
||
|
upstream secscan_app_server {
|
||
|
server unix:/tmp/gunicorn_secscan.sock fail_timeout=0;
|
||
|
}
|
||
|
|
||
|
|
||
|
upstream build_manager_controller_server {
|
||
|
server localhost:8686;
|
||
|
}
|
||
|
|
||
|
upstream build_manager_websocket_server {
|
||
|
server localhost:8787;
|
||
|
}
|
||
|
|