Benzine/Docker-Swarm-Loadbalancer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Docker-Swarm-Loadbalancer/templates/NginxTemplate.twig

88 lines
3 KiB
Twig
Raw Permalink Blame History

upstream {{ backendName }} {
least_conn;
{% for backend in backends %}
server {{ backend }};
{% endfor %}
}
server {
{% if allowNonSSL %}
# Non-SSL Traffic is allowed
listen {{ portHttp }};
listen [::]:{{ portHttp }};
{% endif %}
# SSL Traffic is allowed
listen {{ portHttps }} ssl;
listen [::]:{{ portHttps }} ssl;
server_name {{ serverName }};
access_log /var/log/bouncer/{{ name }}.access.log;
error_log /var/log/bouncer/{{ name }}.error.log;
{% if certType == 'TEMPORARY_CERT' %}
ssl_certificate /certs/example.crt;
ssl_certificate_key /certs/example.key;
{% elseif certType == 'GLOBAL_CERT' %}
ssl_certificate /certs/global.crt;
ssl_certificate_key /certs/global.key;
{% elseif certType == 'CUSTOM_CERT' %}
ssl_certificate /etc/nginx/sites-enabled/{{ customCertFile }};
ssl_certificate_key /etc/nginx/sites-enabled/{{ customCertKeyFile }};
{% elseif certType == 'LETSENCRYPT_CERT' %}
ssl_certificate /etc/letsencrypt/live/{{ name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ name }}/privkey.pem;
{% endif %}
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
{% if allowLargePayloads %}
client_max_body_size 0;
{% endif %}
location / {
{% if hasHostOverride %}
proxy_set_header Host {{ hostOverride }};
{% else %}
proxy_set_header Host $host;
{% endif %}
# Server to send the request on to
proxy_pass "http://{{ backendName }}";
# Standard headers setting origin data
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
{% if hasAuth %}
# Http Basic Auth
auth_basic "closed site";
auth_basic_user_file sites-enabled/{{ authFile }};
{% endif %}
{% if allowWebsocketSupport %}
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
proxy_set_header Origin "";
{% endif %}
{% if proxyTimeoutSeconds %}
# Proxy timeouts
proxy_read_timeout {{ proxyTimeoutSeconds }};
proxy_connect_timeout {{ proxyTimeoutSeconds }};
proxy_send_timeout {{ proxyTimeoutSeconds }};
{% endif %}
}
}
{% if not allowNonSSL %}
server {
# Redirect non-ssl to ssl
listen {{ portHttp }};
listen [::]:{{ portHttp }};
server_name {{ serverName }};
return 301 https://$host$request_uri;
}
{% endif %}
Reference in a new issue View git blame Copy permalink