Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
# Set upstream. Need for loadbalancing or easy management proxy_pass directive.
upstream tc216tc_backend  {
  server 192.168.0.21635:90038090;
}
# Map for $http_upgrade. Used for "Connection-upgrade" header for treamcity.
# Need to indicate a preference or requirement to switch to a different version of HTTP.
# Reffer: https://tools.ietf.org/html/rfc2616#section-14.42
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''   '';
}
# HTTP server block
server {
    listen 80; # HTTP port
    server_name teamcity216teamcity.ukad-demoexample.com;	     # server_name (domain-name)
    access_log off;                          # disable access log
    error_log  /dev/null;                    # disable error log. See more here: https://nginx.org/en/docs/ngx_core_module.html#error_log
    rewrite ^(.*) https://$host$1 permanent; # Rewrite scheme to https.
    include snippets/letsencrypt.conf;       # Include config with letsencrypt verification location. # https://medium.com/@dipeshwagle/add-https-using-lets-encrypt-to-nginx-configured-as-a-reverse-proxy-on-ubuntu-b4455a729176
}
# HTTPS server block
server {
    listen 443 ssl http2;                                               # HTTPS port, enable SSL, enable http/2
    server_name teamcity216teamcity.ukad-demoexample.com;	                                # server_name (domain-name)
    client_max_body_size 250M;                                          # Set max http body size. http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
    access_log off;                                                     # disable access log
    error_log /dev/null;                                                # disable error log. See more here: https://nginx.org/en/docs/ngx_core_module.html#error_log
    include snippets/ssl.conf;                                          # include SSL settings
    include snippets/letsencrypt.conf;                                  # Include config with letsencrypt verification location.
#    include snippets/protected_server.conf;

    location / {                                                        # Main location.
        proxy_pass http://tc216tc_backend;                                   # Path to server with application.
        proxy_redirect http://tc216tc_backend https://$host;                 # Rewrite scheme in URL. Reffer: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect
        port_in_redirect off;                                           # Remove backend port from redirect url. http://nginx.org/en/docs/http/ngx_http_core_module.html#port_in_redirect
        proxy_http_version 1.1;                                         # Base version of http.
        proxy_set_header Host $http_host;                               # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
# HELP X- headers: https://docs.cloud.oracle.com/iaas/Content/Balance/Reference/httpheaders.htm
        proxy_set_header X-Real-IP $remote_addr;                        # Replace client address to REAL client address. http://nginx.org/en/docs/http/ngx_http_realip_module.html
        proxy_set_header X-Forwarded-Host $http_host;                   # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
        proxy_set_header X-Forwarded-Proto $scheme;                     # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
        proxy_set_header Upgrade $http_upgrade;                         # Protocol upgrade mechanism. https://developer.mozilla.org/en-US/docs/Web/HTTP/Protocol_upgrade_mechanism
#       proxy_set_header Authorization "";                              # Header to authenticate users. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
        proxy_set_header Connection $connection_upgrade;                # Control should we left network connection open aftyer finish transaction. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection
        proxy_read_timeout 600;                                         # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout
        proxy_send_timeout 600;                                         # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_send_timeout
    }
}

...