nginx-prod.conf

user  www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  10000;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;

    keepalive_timeout  10;
    proxy_read_timeout 5s;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # set max upload size
    client_max_body_size 1M;

    map $http_x_forwarded_proto $proxy_x_forwarded_proto {
      default $http_x_forwarded_proto;
      ''      $scheme;
    }
    map $http_x_forwarded_port $proxy_x_forwarded_port {
      default $http_x_forwarded_port;
      ''      $server_port;
    }
    map $http_upgrade $proxy_connection {
      default upgrade;
      '' close;
    }

    server {
        listen 80;
        server_name NGINX_HOSTS;

        location /static {
          root /var/www/operator_api;
        }

        location /whitelist {
          alias  /var/www/operator_api/static/registration/;
          index index.html;
          try_files $uri $uri/ index.html =404;
        }

        location ~* "^/audit/([0-9]+/(?:0x)?[a-fA-F0-9]{40}/(?:0x)?[a-fA-F0-9]{40})/$" {
          add_header 'Access-Control-Allow-Origin' '*';
          root /var/www/operator_api/cache;
          try_files  /$1.json @app;
        }

        location / {
          try_files $uri @app;
        }

        location @app {
          proxy_set_header Host $http_host;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection $proxy_connection;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
          proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
          proxy_set_header Proxy "";
          proxy_redirect off;
          proxy_buffering off;
          proxy_read_timeout 90m;
          proxy_pass http://operator_api:3031;
        }
    }
}