Created
January 30, 2022 18:21
-
-
Save haigopi/060490cc54735ad4bc547cb1a0b08bc7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user nginx nginx; | |
| worker_processes 2; | |
| error_log stderr warn; | |
| events { worker_connections 4096; } | |
| http { | |
| include /etc/nginx/mime.types; | |
| server_tokens off; | |
| client_max_body_size 32m; | |
| proxy_buffer_size 128k; | |
| proxy_buffers 4 256k; | |
| proxy_busy_buffers_size 256k; | |
| gzip on; | |
| gzip_vary on; | |
| gzip_comp_level 4; | |
| gzip_min_length 256; | |
| gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; | |
| gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; | |
| add_header 'Access-Control-Allow-Origin' ''; | |
| upstream gw_server { | |
| server gateway:8080; | |
| keepalive 128; | |
| } | |
| upstream auth_server { | |
| server keycloak:9080; | |
| keepalive 128; | |
| } | |
| upstream registry_server { | |
| server jhipster-registry:8761; | |
| keepalive 128; | |
| } | |
| upstream kibana_server { | |
| server kibana:5601; | |
| keepalive 128; | |
| } | |
| upstream prometheus_server { | |
| server prometheus:9090; | |
| keepalive 128; | |
| } | |
| upstream grafana_server { | |
| server grafana:3000; | |
| keepalive 128; | |
| } | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name *.mydomain.com; | |
| if ($scheme != "https") { | |
| return 301 https://$host$request_uri; | |
| } | |
| } | |
| server { | |
| server_name gateway.mydomain.com; | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; | |
| location ^~ /.well-known/acme-challenge { | |
| allow all; | |
| root /etc/letsencrypt/; | |
| } | |
| location / { | |
| proxy_pass http://gw_server; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Host $server_name; | |
| # 86400 seconds (24 hours) is the maximum a server is allowed. | |
| proxy_send_timeout 86400s; | |
| proxy_read_timeout 86400s; | |
| } | |
| } | |
| server { | |
| server_name auth.mydomain.com; | |
| location ^~ /.well-known/acme-challenge { | |
| allow all; | |
| root /etc/letsencrypt/; | |
| } | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; | |
| location / { | |
| proxy_pass http://auth_server/; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $host; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| add_header X-Frame-Options ""; | |
| } | |
| location /auth/ { | |
| proxy_pass http://auth_server/auth/; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Host $host; | |
| proxy_set_header X-Forwarded-Server $host; | |
| proxy_set_header X-Forwarded-Port $server_port; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| } | |
| } | |
| server { | |
| server_name registry.mydomain.com; | |
| location ^~ /.well-known/acme-challenge { | |
| allow all; | |
| root /etc/letsencrypt/; | |
| } | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; | |
| location / { | |
| proxy_pass http://registry_server; | |
| proxy_redirect off; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Host $server_name; | |
| # 86400 seconds (24 hours) is the maximum a server is allowed. | |
| proxy_send_timeout 86400s; | |
| proxy_read_timeout 86400s; | |
| } | |
| } | |
| server { | |
| server_name kibana.mydomain.com; | |
| location ^~ /.well-known/acme-challenge { | |
| allow all; | |
| root /etc/letsencrypt/; | |
| } | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; | |
| location / { | |
| proxy_pass http://kibana_server; | |
| proxy_redirect off; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Host $server_name; | |
| proxy_send_timeout 86400s; | |
| proxy_read_timeout 86400s; | |
| } | |
| } | |
| server { | |
| server_name grafana.mydomain.com; | |
| location ^~ /.well-known/acme-challenge { | |
| allow all; | |
| root /etc/letsencrypt/; | |
| } | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; | |
| location / { | |
| proxy_pass http://grafana_server; | |
| proxy_redirect off; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Host $server_name; | |
| proxy_send_timeout 86400s; | |
| proxy_read_timeout 86400s; | |
| } | |
| } | |
| server { | |
| server_name prometheus.mydomain.com; | |
| location ^~ /.well-known/acme-challenge { | |
| allow all; | |
| root /etc/letsencrypt/; | |
| } | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; | |
| location / { | |
| proxy_pass http://prometheus_server; | |
| proxy_redirect off; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Host $server_name; | |
| proxy_send_timeout 86400s; | |
| proxy_read_timeout 86400s; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment