| # Copyright 2020 Huawei Technologies Co., Ltd. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| daemon off; |
| |
| #pid /run/nginx.pid; |
| |
| events { |
| worker_connections 500; |
| # multi_accept on; |
| } |
| http { |
| |
| ## |
| # Basic Settings |
| ## |
| |
| sendfile on; |
| tcp_nopush on; |
| tcp_nodelay on; |
| keepalive_timeout 65; |
| types_hash_max_size 2048; |
| |
| #Comment or disable the access_log once tested to avoid runtime logs |
| # access_log /var/log/nginx/access.log format gzip; |
| access_log off; |
| error_log /var/log/nginx/error.log; |
| |
| server { |
| listen *:8703 ssl; |
| server_name |
| ssl on; |
| ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.pem; |
| ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key; |
| ssl_session_cache builtin:1000 shared:SSL:80m; |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
| ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; |
| ssl_prefer_server_ciphers on; |
| ssl_session_timeout 10m; |
| keepalive_timeout 70; |
| |
| location / { |
| proxy_set_header Host $host; |
| proxy_set_header X-Real-IP $remote_addr; |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| proxy_set_header X-Forwarded-Proto $scheme; |
| proxy_pass http://localhost:8702; |
| proxy_read_timeout 90; |
| proxy_redirect off; |
| } |
| } |
| } |