##start k8sapps
{{range $kapp := lsdir "/registry/services/specs/default"}}
upstream {{base $kapp}} {
{{$appdir := printf "/registry/services/specs/default/%s" $kapp}}{{range gets $appdir}}
server {{$data := json .Value}}{{$data.spec.portalIP}}:80;
{{end}}
}
server {
server_name ~^{{ $kapp }}\.(?<domain>.+)$;
include deis.conf;
{{ if ne $appContainerLen 0 }}
location / {
{{ if eq $useFirewall "true" }}include /opt/nginx/firewall/active-mode.rules;{{ end }}
proxy_buffering off;
proxy_set_header Host $host;
set $access_ssl 'off';
set $access_port '80';
if ($access_scheme ~ https) {
set $access_ssl 'on';
set $access_port '443';
}
proxy_set_header X-Forwarded-Port $access_port;
proxy_set_header X-Forwarded-Proto $access_scheme;
{{ if ne $useProxyProtocol "false" }}
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
{{ else }}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
{{ end }}
proxy_set_header X-Forwarded-Ssl $access_ssl;
proxy_redirect off;
proxy_connect_timeout 30s;
proxy_send_timeout {{ $defaultTimeout }}s;
proxy_read_timeout {{ $defaultTimeout }}s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_next_upstream error timeout http_502 http_503 http_504;
{{ if eq $enforceHTTPS "true" }}
if ($access_scheme != "https") {
return 301 https://$host$request_uri;
}
{{ end }}
proxy_pass http://{{ $app }};
}
{{ else }}
location / {
return 503;
}
{{ end }}
{{ if eq $useFirewall "true" }}location /RequestDenied {
return {{ $firewallErrorCode }};
}
{{ end }}
}{{ end }}
}```
Created
June 13, 2015 00:24
-
-
Save smothiki/1c1458c137d6aafb211e to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment