-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf
151 lines (125 loc) · 3.64 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
#user nginx;
user www-data;
pid /run/nginx.pid;
worker_processes 2;
worker_rlimit_nofile 12288;
events {
worker_connections 4096;
}
http {
log_format ltsv "status:$status"
"\ttime:$time_iso8601"
"\treqtime:$request_time"
"\tmethod:$request_method"
"\turi:$request_uri"
"\tprotocol:$server_protocol"
"\tua:$http_user_agent"
"\tforwardedfor:$http_x_forwarded_for"
"\thost:$remote_addr"
"\treferer:$http_referer"
"\tserver_name:$server_name"
"\tvhost:$host"
"\tsize:$body_bytes_sent"
"\treqsize:$request_length"
"\truntime:$upstream_http_x_runtime"
"\tapptime:$upstream_response_time"
"\tuid:$upstream_http_x_isu_userid"
"\txtime:$upstream_http_x_isu_time"
"\treqid:$upstream_http_x_isu_reqid";
access_log off;
error_log /var/log/nginx/error.log warn;
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
open_file_cache max=1024 inactive=60s;
tcp_nopush on;
#gzip on;
#gzip_min_length 1100;
#gzip_buffers 4 8k;
#gzip_types application/atom+xml text/plain text/css text/javascript application/json application/javascript;
#gzip_vary on;
#gzip_disable "MSIE [1-6]\.";
gzip_static on;
keepalive_timeout 65;
# keepalive_requests 10000;
proxy_buffers 100 32k;
proxy_buffer_size 8k;
client_body_buffer_size 2M;
client_max_body_size 20M;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE+AESGCM:DHE+AESGCM:HIGH:!aNULL:!MD5';
send_timeout 180;
upstream app {
server isu1:8888 fail_timeout=0;
server isu2:8888 fail_timeout=0;
#server isu3:8888 fail_timeout=0;
keepalive 16;
keepalive_timeout 65s;
keepalive_requests 10000;
}
upstream isu1 {
server isu1:8888 fail_timeout=0;
keepalive 16;
keepalive_requests 10000;
}
upstream isu2 {
server isu2:8888 fail_timeout=0;
keepalive 16;
keepalive_requests 10000;
}
upstream isu3 {
server isu3:8888 fail_timeout=0;
keepalive 16;
keepalive_requests 10000;
}
upstream localapp {
server unix:/run/isutrain/puma.sock fail_timeout=0;
keepalive 128;
keepalive_requests 10000;
}
server {
listen 0.0.0.0:8888 default_server;
access_log off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
location / {
proxy_pass http://localapp;
}
}
server {
listen 0.0.0.0:443 http2 ssl default_server;
access_log off;
server_name _;
ssl_certificate /etc/nginx/keys/fullchain.pem;
ssl_certificate_key /etc/nginx/keys/privkey.pem;
access_log off;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
location / {
root /home/isucon/git/isutrain/webapp/public;
try_files $uri $uri/index.html /index.html;
}
location /api {
proxy_pass http://app;
}
location /initialize {
proxy_pass http://app;
}
location /~isucon/ {
rewrite ^/~isucon/(.*)$ /$1 break;
root /home/isucon/public_html;
}
location @localapp {
proxy_pass http://localapp;
}
location @app {
proxy_pass http://app;
}
}
}