|
@@ -38,6 +38,12 @@ map $http_upgrade $proxy_connection {
|
|
'' close;
|
|
'' close;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
+# Set appropriate X-Forwarded-Ssl header
|
|
|
|
+map $scheme $proxy_x_forwarded_ssl {
|
|
|
|
+ default off;
|
|
|
|
+ https on;
|
|
|
|
+}
|
|
|
|
+
|
|
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
|
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
|
|
|
|
|
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
|
|
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
|
|
@@ -58,6 +64,7 @@ proxy_set_header Connection $proxy_connection;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
|
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
|
|
|
+proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
|
|
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
|
|
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
|
|
|
|
|
|
# Mitigate httpoxy attack (see README for details)
|
|
# Mitigate httpoxy attack (see README for details)
|
|
@@ -85,8 +92,9 @@ server {
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
|
|
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
|
|
{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}
|
|
-
|
|
|
|
-upstream {{ $host }} {
|
|
|
|
|
|
+{{ $upstream_name := sha1 $host }}
|
|
|
|
+# {{ $host }}
|
|
|
|
+upstream {{ $upstream_name }} {
|
|
{{ range $container := $containers }}
|
|
{{ range $container := $containers }}
|
|
{{ $addrLen := len $container.Addresses }}
|
|
{{ $addrLen := len $container.Addresses }}
|
|
|
|
|
|
@@ -179,9 +187,9 @@ server {
|
|
location / {
|
|
location / {
|
|
{{ if eq $proto "uwsgi" }}
|
|
{{ if eq $proto "uwsgi" }}
|
|
include uwsgi_params;
|
|
include uwsgi_params;
|
|
- uwsgi_pass {{ trim $proto }}://{{ trim $host }};
|
|
|
|
|
|
+ uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
|
|
{{ else }}
|
|
{{ else }}
|
|
- proxy_pass {{ trim $proto }}://{{ trim $host }};
|
|
|
|
|
|
+ proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
|
|
{{ end }}
|
|
{{ end }}
|
|
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
|
|
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
|
|
auth_basic "Restricted {{ $host }}";
|
|
auth_basic "Restricted {{ $host }}";
|
|
@@ -213,9 +221,9 @@ server {
|
|
location / {
|
|
location / {
|
|
{{ if eq $proto "uwsgi" }}
|
|
{{ if eq $proto "uwsgi" }}
|
|
include uwsgi_params;
|
|
include uwsgi_params;
|
|
- uwsgi_pass {{ trim $proto }}://{{ trim $host }};
|
|
|
|
|
|
+ uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }};
|
|
{{ else }}
|
|
{{ else }}
|
|
- proxy_pass {{ trim $proto }}://{{ trim $host }};
|
|
|
|
|
|
+ proxy_pass {{ trim $proto }}://{{ trim $upstream_name }};
|
|
{{ end }}
|
|
{{ end }}
|
|
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
|
|
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
|
|
auth_basic "Restricted {{ $host }}";
|
|
auth_basic "Restricted {{ $host }}";
|