near-rt-ric-simulator/nginx.conf - oransc/sim/a1-interface - Gitiles

 #  ============LICENSE_START===============================================
 #  Copyright (C) 2023 Nordix Foundation. All rights reserved.
 #  ========================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
 #  You may obtain a copy of the License at
 #
 #       http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 #  ============LICENSE_END=================================================
 #

 worker_processes auto;
 pid /run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;
 load_module /usr/lib/nginx/modules/ndk_http_module.so;
 load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;

 env ALLOW_HTTP;

 events {
     worker_connections 768;
 }

 http {

     ##
     # Basic Settings
     ##

     sendfile on;
     tcp_nopush on;
     tcp_nodelay on;
     keepalive_timeout 65;
     types_hash_max_size 2048;

     include /etc/nginx/mime.types;
     default_type application/octet-stream;


     server { # simple reverse-proxy
         set_by_lua $allow_http 'return os.getenv("ALLOW_HTTP")';
         listen      8085;
         listen      [::]:8085;
         server_name  localhost;
         if ($allow_http != true) {
             return 444;
         }

 	# serve dynamic requests
         location / {
             proxy_set_header   Host                 $host;
             proxy_set_header   X-Real-IP            $remote_addr;
             proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
             proxy_pass      http://localhost:2222;
         }
     }

     server { # simple reverse-proxy
         listen      8185 ssl;
         listen      [::]:8185 ssl;
         server_name  localhost;
         ssl_certificate     /usr/src/app/cert/cert.crt;
         ssl_certificate_key /usr/src/app/cert/key.crt;
         ssl_password_file   /usr/src/app/cert/pass;

         # serve dynamic requests
         location / {
             proxy_set_header   Host                 $host;
             proxy_set_header   X-Real-IP            $remote_addr;
             proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
             proxy_pass      http://localhost:2222;
         }
     }
     ##
     # SSL Settings
     ##

     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
     ssl_prefer_server_ciphers on;

     ##
     # Logging Settings
     ##

     access_log /var/log/nginx/access.log;
     error_log /var/log/nginx/error.log;

     ##
     # Gzip Settings
     ##

     gzip on;

 }
	# ============LICENSE_START===============================================
	# Copyright (C) 2023 Nordix Foundation. All rights reserved.
	# ========================================================================
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	# ============LICENSE_END=================================================
	#

	worker_processes auto;
	pid /run/nginx.pid;
	include /etc/nginx/modules-enabled/*.conf;
	load_module /usr/lib/nginx/modules/ndk_http_module.so;
	load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;

	env ALLOW_HTTP;

	events {
	worker_connections 768;
	}

	http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;



	server { # simple reverse-proxy
	set_by_lua $allow_http 'return os.getenv("ALLOW_HTTP")';
	listen 8085;
	listen [::]:8085;
	server_name localhost;
	if ($allow_http != true) {
	return 444;
	}

	# serve dynamic requests
	location / {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_pass http://localhost:2222;
	}
	}

	server { # simple reverse-proxy
	listen 8185 ssl;
	listen [::]:8185 ssl;
	server_name localhost;
	ssl_certificate /usr/src/app/cert/cert.crt;
	ssl_certificate_key /usr/src/app/cert/key.crt;
	ssl_password_file /usr/src/app/cert/pass;

	# serve dynamic requests
	location / {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_pass http://localhost:2222;
	}
	}
	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	}