upstream container1_upstream {
server localhost:8080;
keepalive 64;
}
upstream container2_upstream {
server localhost:8081;
keepalive 64;
}
upstream container3_upstream {
server localhost:8082;
keepalive 64;
}
upstream ui_upstream {
server localhost:8083;
keepalive 64;
}
server {
listen 80 default_server;
return 301 https://$host$request_uri;
}
server {
ssl on;
listen 443 default_server;
ssl_certificate /etc/nginx/certificates/server.crt;
ssl_certificate_key /etc/nginx/certificates/server.key;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:RC4-SHA:HIGH.:!aNULL:!MD5:!kEDH;
ssl_sescontainer2on_cache shared:SSL:10m;
ssl_sescontainer2on_timeout 10m;
proxy_set_header X-Forwarded-Proto ‘https’;
underscores_in_headers on;
location ~ ^/container3/(.*) {
add_header Strict-Transport-Security “max-age=31536000; includeSubdomains”;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection “”;
proxy_http_vercontainer2on 1.1;
proxy_pass http://container3_upstream/$1$is_args$args;
}
location ~ ^/api/(.*) {
add_header Strict-Transport-Security “max-age=31536000; includeSubdomains”;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection “”;
proxy_http_vercontainer2on 1.1;
proxy_pass http://container1_upstream/$1$is_args$args;
}
location ~ ^/container2/(.*) {
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_vercontainer2on 1.1;
proxy_pass <http://>container2_upstream/$1$is_args$args;
}
location ~ ^/(.*) {
add_header Strict-Transport-Security “max-age=31536000; includeSubdomains”;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection “”;
proxy_http_vercontainer2on 1.1;
proxy_pass http://ui_upstream/$1;
}
location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_vercontainer2on 1.1;
proxy_pass <http://>ui_upstream;
}
}