| Sylvain Desbureaux | 554bc6b | 2021-02-25 18:13:19 +0100 | [diff] [blame^] | 1 | # Copyright 2020 Huawei Technologies Co., Ltd. |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | daemon off; |
| 16 | |
| 17 | #pid /run/nginx.pid; |
| 18 | |
| 19 | events { |
| 20 | worker_connections 500; |
| 21 | # multi_accept on; |
| 22 | } |
| 23 | http { |
| 24 | |
| 25 | ## |
| 26 | # Basic Settings |
| 27 | ## |
| 28 | |
| 29 | sendfile on; |
| 30 | tcp_nopush on; |
| 31 | tcp_nodelay on; |
| 32 | keepalive_timeout 65; |
| 33 | types_hash_max_size 2048; |
| 34 | |
| 35 | #Comment or disable the access_log once tested to avoid runtime logs |
| 36 | # access_log /var/log/nginx/access.log format gzip; |
| 37 | access_log off; |
| 38 | error_log /var/log/nginx/error.log; |
| 39 | |
| 40 | server { |
| 41 | listen *:8703 ssl; |
| 42 | server_name |
| 43 | ssl on; |
| 44 | ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.pem; |
| 45 | ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key; |
| 46 | ssl_session_cache builtin:1000 shared:SSL:80m; |
| 47 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
| 48 | ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; |
| 49 | ssl_prefer_server_ciphers on; |
| 50 | ssl_session_timeout 10m; |
| 51 | keepalive_timeout 70; |
| 52 | |
| 53 | location / { |
| 54 | proxy_set_header Host $host; |
| 55 | proxy_set_header X-Real-IP $remote_addr; |
| 56 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| 57 | proxy_set_header X-Forwarded-Proto $scheme; |
| 58 | proxy_pass http://localhost:8702; |
| 59 | proxy_read_timeout 90; |
| 60 | proxy_redirect off; |
| 61 | } |
| 62 | } |
| 63 | } |