-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf.erb
81 lines (63 loc) · 2.13 KB
/
nginx.conf.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
daemon off;
# Heroku dynos have at least 4 cores.
worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>;
events {
use epoll;
accept_mutex on;
worker_connections <%= ENV['NGINX_WORKER_CONNECTIONS'] || 1024 %>;
}
http {
gzip on;
gzip_comp_level 2;
gzip_min_length 512;
gzip_proxied any; # Heroku router sends Via header
server_tokens off;
log_format l2met 'measure#nginx.service=$request_time request_id=$http_x_request_id';
access_log <%= ENV['NGINX_ACCESS_LOG_PATH'] || 'logs/nginx/access.log' %> l2met;
error_log <%= ENV['NGINX_ERROR_LOG_PATH'] || 'logs/nginx/error.log' %>;
include mime.types;
default_type application/octet-stream;
sendfile on;
resolver 1.1.1.1 valid=10s;
# Must read the body in 5 seconds.
client_body_timeout 5;
upstream app_server {
server unix:/tmp/nginx.socket fail_timeout=0;
}
server {
listen <%= ENV["PORT"] %>;
server_name _;
keepalive_timeout 5;
<% if ENV["EXTERNAL_AUTHENTICATION_URL"] %>
location = /_external-authentication-check {
internal;
set $external_auth_url <%= ENV["EXTERNAL_AUTHENTICATION_URL"] %>/;
client_max_body_size 200m;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
proxy_pass $external_auth_url;
}
location /_external-authentication-Sp {
internal;
set $external_auth_url <%= ENV["EXTERNAL_AUTHENTICATION_URL"] %>;
proxy_set_header X-Initial-Request $scheme://$host$request_uri;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass $external_auth_url;
}
<% end %>
location / {
<% if ENV["EXTERNAL_AUTHENTICATION_URL"] %>
auth_request /_external-authentication-check;
error_page 401 = /_external-authentication-Sp;
<% end %>
if ($http_x_forwarded_proto != "https") {
return 301 https://$host$request_uri;
}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
}