Created
June 2, 2016 21:12
-
-
Save kmjones1979/f8cad5add308868883222d4ba1fb3f3d to your computer and use it in GitHub Desktop.
NGINX configuration used for MaxCDN meetup demonstration in Los Angeles 2016
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user nginx; | |
| worker_processes auto; | |
| error_log /var/log/nginx/error.log notice; | |
| pid /var/run/nginx.pid; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| include /etc/nginx/mime.types; | |
| default_type application/octet-stream; | |
| log_format main 'remote_addr="$remote_addr", remote_user="$remote_user" [time_local=$time_local] request="$request" ' | |
| 'status="$status", body_bytes_sent="$body_bytes_sent", http_referer="$http_referer" ' | |
| 'http_user_agent="$http_user_agent", http_x_forwarded_for="$http_x_forwarded_for" upstream_status="$upstream_status" ' | |
| 'upstream_cache_status="$upstream_cache_status", http_range="$http_range", slice_range="$slice_range" '; | |
| access_log /var/log/nginx/access.log main; | |
| sendfile on; | |
| #tcp_nopush on; | |
| keepalive_timeout 300; | |
| #gzip on; | |
| #include /etc/nginx/conf.d/*.conf; | |
| # global cache settings | |
| proxy_cache_bypass $cookie_nocache $arg_nocache; | |
| proxy_cache_use_stale updating; | |
| proxy_cache_revalidate on; | |
| proxy_cache_lock on; | |
| proxy_cache_methods GET HEAD; | |
| proxy_cache_min_uses 3; | |
| #proxy_cache_lock_timeout 0s; | |
| #proxy_cache_lock_age 200s; | |
| # setup map based on request method which can purge using the API | |
| map $request_method $purge_method { | |
| PURGE $purge_allowed; | |
| default 0; | |
| } | |
| # use geo to allow specific subnets to access purge API | |
| geo $purge_allowed { | |
| 127.0.0.0/24 1; # allow from localhost | |
| default 0; # deny from other | |
| } | |
| # proxy cache configuration | |
| proxy_cache_path /tmp/cache keys_zone=cache:10m max_size=100m inactive=60m; | |
| proxy_cache_key $scheme$proxy_host$request_uri; | |
| # upstreams | |
| upstream cache_pool { | |
| zone cache_pool 64k; | |
| server 192.168.0.100:443; | |
| server 192.168.0.101:443; | |
| hash $scheme$proxy_host$request_uri consistent; | |
| } | |
| #health checks | |
| match health { | |
| status 200-399; | |
| body ~ "Health = OK"; | |
| } | |
| server { | |
| listen 80 default_server; | |
| listen [::]:80 default_server; | |
| server_name www.webopsx.com; | |
| status_zone www.webopsx.com_80; | |
| return 301 https://$host$request_uri; | |
| } | |
| server { | |
| listen 443 ssl http2; | |
| server_name www.webopsx.com; | |
| status_zone www.webopsx.com_443; | |
| ssl_certificate /etc/letsencrypt/live/www.webopsx.com/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/www.webopsx.com/privkey.pem; | |
| location / { | |
| proxy_set_header Host $host; | |
| proxy_http_version 1.1; | |
| proxy_set_header Connection ""; | |
| proxy_pass https://cache_pool; | |
| proxy_cache_valid 200 301 302 1m; | |
| proxy_cache_valid 404 1m; | |
| proxy_cache_valid any 10s; | |
| proxy_cache cache; | |
| # cache purge API | |
| proxy_cache_purge $purge_method; | |
| } | |
| location ~* \.(jpg|jpeg|gif|png|tif|ico|cur|gz|svg|svgz|ogg|ogv|webm|htc) { | |
| proxy_set_header Host $host; | |
| proxy_http_version 1.1; | |
| proxy_set_header Connection ""; | |
| proxy_pass https://cache_pool; | |
| proxy_cache_valid 200 301 302 5m; | |
| proxy_cache cache; | |
| # cache purge API | |
| proxy_cache_purge $purge_method; | |
| } | |
| location ~* \.(flv|mp4|mov) { | |
| proxy_set_header Host $host; | |
| proxy_set_header Range $slice_range; | |
| proxy_http_version 1.1; | |
| proxy_set_header Connection ""; | |
| proxy_pass https://cache_pool; | |
| proxy_cache_valid 200 206 301 302 10m; | |
| proxy_cache cache; | |
| proxy_cache_key $scheme$proxy_host$request_uri$slice_range; | |
| # cache purge API | |
| proxy_cache_purge $purge_method; | |
| slice 5m; | |
| } | |
| location @hc-cache_pool { | |
| proxy_set_header Host webopsx.com; | |
| proxy_pass https://cache_pool; | |
| health_check interval=5s fails=1 passes=2 uri=/health.txt match=health; | |
| access_log /var/log/nginx/health_check.log main; | |
| } | |
| location /.well-known/acme-challenge { | |
| root /var/www/letsencrypt; | |
| } | |
| } | |
| server { | |
| listen 8080 ssl http2; | |
| server_name www.webopsx.com webopsx.com; | |
| ssl_certificate /etc/letsencrypt/live/www.webopsx.com/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/www.webopsx.com/privkey.pem; | |
| status_zone status-page; | |
| root /usr/share/nginx/html; | |
| location = /status.html { } | |
| location = /status-old.html { } | |
| location = / { | |
| return 301 /status.html; | |
| } | |
| location /status { | |
| status; | |
| status_format json; | |
| access_log off; | |
| } | |
| location /upstream_conf { | |
| upstream_conf; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment