Forked from dblackdblack/gist:8233857422e43c5821c6628954fd34be
Created
March 15, 2019 18:42
-
-
Save jzuijlek/6008498b377bfd384b044fe048c750f8 to your computer and use it in GitHub Desktop.
spinnaker nginx.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
events { | |
worker_connections 1024; | |
accept_mutex off; | |
use epoll; | |
} | |
http { | |
# include more useful numbers in nginx log lines | |
# https://www.nginx.com/blog/using-nginx-logging-for-application-performance-monitoring/ | |
log_format apm '"$time_local" client=$remote_addr ' | |
'method=$request_method request="$request" ' | |
'request_length=$request_length ' | |
'status=$status bytes_sent=$bytes_sent ' | |
'body_bytes_sent=$body_bytes_sent ' | |
'referer=$http_referer ' | |
'user_agent="$http_user_agent" ' | |
'upstream_addr=$upstream_addr ' | |
'upstream_status=$upstream_status ' | |
'request_time=$request_time ' | |
'upstream_response_time=$upstream_response_time ' | |
'upstream_connect_time=$upstream_connect_time ' | |
'upstream_header_time=$upstream_header_time'; | |
access_log /dev/stdout apm; | |
real_ip_header X-Forwarded-For; | |
# these are the internal IP addresses which are never to be used as the real | |
# client IP and are also trusted values | |
set_real_ip_from 172.16.0.0/12; | |
set_real_ip_from 10.0.0.0/8; | |
upstream deck { | |
server spin-deck.spinnaker.svc:9000 fail_timeout=3; | |
} | |
upstream gate { | |
server spin-gate.spinnaker.svc:8084 fail_timeout=3; | |
} | |
server { | |
listen 80; | |
server_name localhost; | |
location /login { | |
add_header ServerHostname $hostname; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_pass_header Server; | |
proxy_redirect off; | |
# We match = "http" rather than != "https" because we don't want it | |
# to redirect if you're running docker locally. And '=', not '==' | |
# because nginx. | |
if ($http_x_forwarded_proto = "http") { | |
rewrite ^(.*)$ https://$http_host$1 permanent; | |
} | |
proxy_pass http://gate/login; | |
} | |
location /auth/redirect { | |
rewrite ^(.*)$ https://$http_host permanent; | |
} | |
location ~ /gate/(?<gate_path>.+) { | |
add_header ServerHostname $hostname; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_pass_header Server; | |
proxy_redirect off; | |
# We match = "http" rather than != "https" because we don't want it | |
# to redirect if you're running docker locally. And '=', not '==' | |
# because nginx. | |
if ($http_x_forwarded_proto = "http") { | |
rewrite ^(.*)$ https://$http_host$1 permanent; | |
} | |
proxy_pass http://gate/$gate_path$is_args$args; | |
} | |
location / { | |
add_header ServerHostname $hostname; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_pass_header Server; | |
proxy_redirect off; | |
# We match = "http" rather than != "https" because we don't want it | |
# to redirect if you're running docker locally. And '=', not '==' | |
# because nginx. | |
if ($http_x_forwarded_proto = "http") { | |
rewrite ^(.*)$ https://$http_host$1 permanent; | |
} | |
proxy_pass http://deck; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment