This repository has been archived by the owner on Jul 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 11
/
nginx.conf
107 lines (83 loc) · 2.51 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
worker_processes 4;
daemon off;
error_log /dev/stderr;
events {
worker_connections 1024;
}
http {
charset utf-8;
log_format access_json '{"logType": "nginx-access", '
' "remoteHost": "$remote_addr", '
' "user": "$remote_user", '
' "time": "$time_local", '
' "request": "$request", '
' "status": $status, '
' "size": $body_bytes_sent, '
' "referer": "$http_referer", '
' "userAgent": "$http_user_agent", '
' "requestTime": $request_time, '
' "httpHost": "$http_host"}';
access_log /dev/stdout access_json;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
port_in_redirect off;
server_tokens off;
expires -1;
real_ip_header X-Forwarded-For;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 127.0.0.1/32;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
real_ip_recursive on;
server {
listen {{ port }};
server_name localhost;
satisfy any;
error_page 403 = @forbidden;
location @forbidden {
allow all;
access_log off;
default_type text/plain;
return 403 'Forbidden by {{ env "APP_NAME" }}';
}
location @check {
default_type text/plain;
return 200 'OK';
}
location = /_route-service-health {
allow all;
access_log off;
stub_status on;
access_log off;
}
location = /_route-service-check {
allow 127.0.0.1/32;
{{env "ALLOWED_IPS"}}
deny all;
try_files $uri @check;
}
location / {
allow 127.0.0.1/32;
{{env "ALLOWED_IPS"}}
deny all;
resolver 169.254.0.2;
set $cf_forwarded_host '*';
set $cf_forwarded_uri '*';
if ($http_x_cf_forwarded_url ~* ^(https?\:\/\/)(.*?)\/(.*)$) {
set $cf_forwarded_host $2;
set $cf_forwarded_uri /$3;
}
proxy_http_version 1.1;
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1.2;
proxy_set_header Connection "";
proxy_set_header Host $cf_forwarded_host;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
# Use XX-CF-APP-INSTANCE on the original request if you wish to target an instance
proxy_set_header X-CF-APP-INSTANCE $http_xx_cf_app_instance;
proxy_pass $http_x_forwarded_proto://$http_host$cf_forwarded_uri;
}
}
}