19
worker_rlimit_nofile 4096;
24
worker_connections 2048;
38
types_hash_max_size 2048;
41
# server_names_hash_bucket_size 64;
42
# server_name_in_redirect off;
44
include /etc/nginx/mime.types;
45
default_type application/octet-stream;
51
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
52
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
53
proxy_set_header X-Real-IP $remote_addr;
54
proxy_set_header X-Original-URI $request_uri;
56
# Overwrites http with $scheme if Location header is set to http by upstream.
57
proxy_redirect ~^http://[^:]+:\d+(/.+)$ $1;
65
ssl_certificate {{.ssl_certificate}};
66
ssl_certificate_key {{.ssl_certificate_key}};
67
{{if .ssl_password_file}}
68
ssl_password_file {{.ssl_password_file}};
71
# This is important to enforce client to use certificate.
72
# The client of nginx cannot use a self-signed cert.
74
ssl_client_certificate {{.ssl_client_certificate}};
76
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
77
ssl_prefer_server_ciphers on;
78
ssl_ciphers ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5@SECLEVEL=1;
86
'"verb":"$request_method",'
87
'"path":"$request_uri",'
88
'"bytes":$request_length,'
89
'"request_scheme":"$scheme",'
90
'"request_port":$server_port,'
91
'"request_host":"$http_host",'
92
'"clientip":"$remote_addr",'
93
'"agent":"$http_user_agent",'
94
'"response_redirect_location":"$sent_http_location",'
95
'"response_length":$bytes_sent,'
96
'"response_body_length":$body_bytes_sent,'
97
'"responseStatusCode":"$status",'
98
'"responseTime":$request_time,'
99
'"esStatusCode":"$status",'
100
'"content_type":"$content_type",'
101
'"email":"$http_x_auth_params_email",'
102
'"uberSource":"$http_x_uber_source",'
103
'"callsite":"$http_x_uber_callsite",'
104
'"app":"$http_x_uber_app",'
105
'"request":"$request_uri",'
106
'"connection":"$connection",'
107
'"connection_requests":$connection_requests,'
108
'"@timestamp":"$time_iso8601",'
109
'"@source_host":"$hostname",'
110
'"referer":"$http_referer",'
111
'"service_name":"kraken",'
112
'"message":"access log",'
113
'"logtype":"access_log",'
114
'"proxy_type":"nginx",'
115
'"server_protocol":"$server_protocol",'
116
'"proxy_host": "$proxy_host",'
117
'"upstream_address":"$upstream_addr",'
118
'"upstream_response_time":"$upstream_response_time"'
126
gzip_disable "msie6";
131
# gzip_buffers 16 8k;
132
# gzip_http_version 1.1;
134
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
137
# Virtual Host Configs
140
include /etc/nginx/conf.d/*.conf;