/
envoy.istio
/
kraken
GigaCode
beta
ОбзорЦентр заботыВойти

kraken

Форк
0
Ветки: 45Коммиты: 870Теги: 5
kraken
/nginx
/config
/
base.go 
144 строки · 3.9 Кб
1
// Copyright (c) 2016-2019 Uber Technologies, Inc.
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
6
//
7
//     http://www.apache.org/licenses/LICENSE-2.0
8
//
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
14
package config
15


16
// BaseTemplate defines the nginx template which all components share.
17
const BaseTemplate = `
18
worker_processes 4;
19
worker_rlimit_nofile 4096;
20
pid /tmp/nginx.pid;
21
user root root;
22


23
events {
24
  worker_connections 2048;
25
  # multi_accept on;
26
}
27


28
http {
29


30
  ##
31
  # Basic Settings
32
  ##
33


34
  sendfile on;
35
  tcp_nopush on;
36
  tcp_nodelay on;
37
  keepalive_timeout 65;
38
  types_hash_max_size 2048;
39
  # server_tokens off;
40


41
  # server_names_hash_bucket_size 64;
42
  # server_name_in_redirect off;
43


44
  include /etc/nginx/mime.types;
45
  default_type application/octet-stream;
46


47
  ##
48
  # Proxy Settings
49
  ##
50


51
  proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
52
  proxy_set_header  X-Forwarded-Proto $http_x_forwarded_proto;
53
  proxy_set_header  X-Real-IP         $remote_addr;
54
  proxy_set_header  X-Original-URI    $request_uri;
55


56
  # Overwrites http with $scheme if Location header is set to http by upstream.
57
  proxy_redirect ~^http://[^:]+:\d+(/.+)$ $1;
58


59
  ##
60
  # SSL Settings
61
  ##
62


63
  {{if .ssl_enabled}}
64
    ssl on;
65
    ssl_certificate {{.ssl_certificate}};
66
    ssl_certificate_key {{.ssl_certificate_key}};
67
    {{if .ssl_password_file}}
68
      ssl_password_file {{.ssl_password_file}};
69
    {{end}}
70


71
    # This is important to enforce client to use certificate.
72
    # The client of nginx cannot use a self-signed cert.
73
    ssl_verify_client on;
74
    ssl_client_certificate {{.ssl_client_certificate}};
75
  {{end}}
76
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
77
  ssl_prefer_server_ciphers on;
78
  ssl_ciphers ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5@SECLEVEL=1;
79


80
  ##
81
  # Logging Settings
82
  ##
83


84
  # JSON log_format
85
  log_format json '{'
86
       '"verb":"$request_method",'
87
       '"path":"$request_uri",'
88
       '"bytes":$request_length,'
89
       '"request_scheme":"$scheme",'
90
       '"request_port":$server_port,'
91
       '"request_host":"$http_host",'
92
       '"clientip":"$remote_addr",'
93
       '"agent":"$http_user_agent",'
94
       '"response_redirect_location":"$sent_http_location",'
95
       '"response_length":$bytes_sent,'
96
       '"response_body_length":$body_bytes_sent,'
97
       '"responseStatusCode":"$status",'
98
       '"responseTime":$request_time,'
99
       '"esStatusCode":"$status",'
100
       '"content_type":"$content_type",'
101
       '"email":"$http_x_auth_params_email",'
102
       '"uberSource":"$http_x_uber_source",'
103
       '"callsite":"$http_x_uber_callsite",'
104
       '"app":"$http_x_uber_app",'
105
       '"request":"$request_uri",'
106
       '"connection":"$connection",'
107
       '"connection_requests":$connection_requests,'
108
       '"@timestamp":"$time_iso8601",'
109
       '"@source_host":"$hostname",'
110
       '"referer":"$http_referer",'
111
       '"service_name":"kraken",'
112
       '"message":"access log",'
113
       '"logtype":"access_log",'
114
       '"proxy_type":"nginx",'
115
       '"server_protocol":"$server_protocol",'
116
       '"proxy_host": "$proxy_host",'
117
       '"upstream_address":"$upstream_addr",'
118
       '"upstream_response_time":"$upstream_response_time"'
119
     '}';
120


121
  ##
122
  # Gzip Settings
123
  ##
124


125
  gzip off;
126
  gzip_disable "msie6";
127


128
  # gzip_vary on;
129
  # gzip_proxied any;
130
  # gzip_comp_level 6;
131
  # gzip_buffers 16 8k;
132
  # gzip_http_version 1.1;
133


134
  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
135


136
  ##
137
  # Virtual Host Configs
138
  ##
139


140
  include /etc/nginx/conf.d/*.conf;
141


142
  {{.site}}
143
}
144
`
145

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.