map $http_upgrade $connection_upgrade { default upgrade; '' close; } upstream plantuml_server { server test.wo-da.de:8085; } upstream jenkins_server { server test.wo-da.de:8086; } upstream structr_server { server test.wo-da.de:8082; } upstream http_server { server test.wo-da.de:8080; } upstream https_server { server test.wo-da.de:8443; } # ============================================================ # Caching Proxy Settings # - everything up to point comes from default nginx Settings # ============================================================ # Specifies the cache_status log format. log_format cache_status '[$time_local] "$request" $upstream_cache_status'; # access_log /var/log/nginx/access.log cache_status; access_log /var/log/nginx/cache_access.log cache_status; # Proxy # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path # Store max 10GB for 1y of inactive resource proxy_cache_path /var/cache/nginx use_temp_path=off levels=1:2 keys_zone=cache_zone:100m max_size=10g inactive=1y; server { listen 80; server_name test.wo-da.de; server_tokens off; root /var/dev; location /.well-known/acme-challenge/ { root /var/www/certbot; } location /plantuml { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_max_temp_file_size 0; proxy_buffering off; proxy_connect_timeout 30; proxy_send_timeout 30; proxy_read_timeout 30; proxy_pass http://plantuml_server/plantuml/; } location /jenkins { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_max_temp_file_size 0; proxy_buffering off; proxy_connect_timeout 30; proxy_send_timeout 30; proxy_read_timeout 30; proxy_pass http://jenkins_server/jenkins/; } location /structr/ { proxy_pass http://structr_server/structr/; # WebSocket headers proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; # Ensure HTTP 1.1 is used proxy_http_version 1.1; # Additional headers proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Timeouts proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; send_timeout 60s; # Disable buffering proxy_cache_bypass $http_upgrade; proxy_buffering off; } location / { autoindex on; proxy_pass http://http_server; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /woda { autoindex on; expires max; proxy_cache cache_zone; proxy_cache_valid 200 302 301 1y; proxy_cache_key $scheme://$host$request_uri; proxy_pass http://http_server/woda; #proxy_pass $scheme://$host$request_uri; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header X-Cached $upstream_cache_status; add_header X-Cache-Server "nginx-cache"; proxy_ignore_headers "Set-Cookie"; } location /EAMD.ucp { autoindex on; proxy_pass http://http_server/EAMD.ucp; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /auth/ { proxy_pass http://test.wo-da.de:9080/auth/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /snet/ { proxy_pass http://test.wo-da.de:8180/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { proxy_busy_buffers_size 512k; proxy_buffers 4 512k; proxy_buffer_size 256k; # rest of nginx config # listen 443 ssl http2; listen [::]:443 ssl http2; server_name test.wo-da.de; server_tokens off; ssl_certificate /etc/letsencrypt/live/test.wo-da.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/test.wo-da.de/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location /.well-known/acme-challenge/ { root /var/www/certbot; } location / { proxy_pass http://http_server; } location /once/ws/ior { proxy_pass http://http_server/once/ws/ior; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /once/ { proxy_pass http://http_server/once/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /EAMD.ucp/ { autoindex on; proxy_pass http://http_server/EAMD.ucp/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /plantuml/ { proxy_pass http://plantuml_server/plantuml/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /jenkins/ { proxy_pass http://jenkins_server/jenkins/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /structr/ { proxy_pass http://structr_server/structr/; # WebSocket headers proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; # Ensure HTTP 1.1 is used proxy_http_version 1.1; # Additional headers proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Timeouts proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; send_timeout 60s; # Disable buffering proxy_cache_bypass $http_upgrade; proxy_buffering off; } location /auth/ { proxy_pass http://test.wo-da.de:9080/auth/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /pgadmin/ { proxy_pass http://test.wo-da.de:8099/; proxy_http_version 1.1; proxy_set_header X-Script-Name /pgadmin; proxy_set_header X-Scheme $scheme; proxy_set_header Host $host; proxy_redirect off; } location /snet/ { proxy_pass http://test.wo-da.de:8180/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; } location /api { proxy_pass http://test.wo-da.de:8180/api; } location /v2 { proxy_pass http://test.wo-da.de:8180/v2; } } server { listen 81; server_name 220.ag; server_tokens off; root /var/dev; location / { autoindex on; proxy_pass http://http_server; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }