nginx http upstream with fallback if upstream return http error page

nginx http upstream with fallback

### nginx http upstream with fallback if upstream return http error page ###
### https://www.digitalocean.com/community/tools/nginx

# upstream members of soa
upstream soa {
        server					11.22.33.41:1234	max_fails=1  fail_timeout=1m;
        server					11.22.33.42:1234	max_fails=1  fail_timeout=1m;
        server					11.22.33.43:1234	max_fails=1  fail_timeout=1m backup;
        server					11.22.33.44:1234	max_fails=1  fail_timeout=1m backup;
}

# map upstream members into $x_app_server
map 	$upstream_addr 				$x_app_server {
        11.22.33.41:1234			'soa/soa_41';
        11.22.33.42:1234			'soa/soa_42';
        11.22.33.43:1234			'soa/soa_43';
        11.22.33.44:1234			'soa/soa_44';
}

# map http status code into $soa_loggable
# no logging for http status code 2* and 3*
map     $status                         	$soa_loggable {
        ~^[23]                          	0;
        default                         	1;
}

# access log format for soa_log with $soa_loggable condition
log_format 	soa_log                      	'[$time_iso8601] [srv:$x_app_server] [conn:$connection_requests] '
                                        	'[httpCode:$status] [ipAddr:$remote_addr] [bytes:$body_bytes_sent] '
                                        	'[$request $args] [requests:$request_length] [referer:$http_referer] '
                                        	'[time:$request_time] [is:$request_completion] [ua:$http_user_agent]; ';

# http proxy of soa
server {
        listen					1234;
        server_name				soa.example.com;
        client_max_body_size			0;
	
	# add some http headers
	add_header				X-Content-Type-Options 	'nosniff';
        add_header				X-Frame-Options 	'SAMEORIGIN';
        add_header				X-Xss-Protection 	'1; mode=block';
	add_header				X-App-Server 		'$x_app_server';
	add_header				Cache-Control 		'private, max-age=7200, must-revalidate';
        add_header				Set-Cookie 		'SameSite=Lax; HttpOnly; Expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/';

        location / {
		# keepalive & gzip
                keepalive_time			0;
                keepalive_timeout		0;
                gzip_comp_level			9;

                # hide proxy header
                proxy_hide_header		Server;
                proxy_hide_header		X-Powered-By;

                # add proxy header
                proxy_set_header		Host			$host;
                proxy_set_header		X-Real-IP		$remote_addr;
                proxy_set_header		X-Forwarded-For		$remote_addr;

                # prevents http 502
                proxy_buffers			8 32k;
                proxy_buffer_size		64k;

                # proxy timeouts
                proxy_connect_timeout		30m;
                proxy_read_timeout		30m;
                proxy_send_timeout		30m;
		send_timeout            	30m;
                client_body_timeout     	30m;

                # proxy caching
                proxy_cache_valid		200 2h;
                proxy_cache_revalidate		on;

                proxy_pass			http://soa;

                # find & replace string
                sub_filter			'http://$host:80/'	'http://$host:$server_port/';
                sub_filter_types		'*';
                sub_filter_once			off;

                # prevent return error with @fallback
                proxy_intercept_errors		on;
		error_page              	404 502 503 504     	= @fallback;
		access_log              	/var/log/nginx/soa.log 	soa_log if=$soa_loggable;
        }

        # return http 307 and redirect until http 200
        location @fallback {
                return				307 			http://$host:$server_port$request_uri;
        }
	
	# block all apache .ht* files
	location ~ /\.ht {
                deny                    	all;
        }

	# block all iis web.config files
        location ~ /\web.config {
                deny                    	all;
        }
}