├── README.md ├── weblogic-basic.conf ├── tomcat-basic.conf ├── upstream-host-route.conf ├── emoji.conf ├── status.conf ├── jboss-basic.conf ├── nodejs-basic.conf ├── slow-reload.conf ├── weblogic-enhanced.conf ├── nodejs-enhanced.conf ├── jboss-enhanced.conf ├── exchange-basic.conf ├── tomcat-enhanced.conf ├── oracle-single-entry-point.conf ├── plus_package.rb-chef-recipe ├── websphere-nginx-oss.conf ├── oracle-multiple-entry-point.conf ├── websphere-nginx-plus.conf └── exchange-enhanced.conf /README.md: -------------------------------------------------------------------------------- 1 | [![Project Status: Abandoned – Initial development has started, but there has not yet been a stable, usable release; the project has been abandoned and the author(s) do not intend on continuing development.](https://www.repostatus.org/badges/latest/abandoned.svg)](https://www.repostatus.org/#abandoned) 2 | 3 | # THIS REPO IS NOW ARCHIVED 4 | 5 | # This repository has been archived. There will likely be no further development on the project and security vulnerabilities may be unaddressed. 6 | 7 | 8 | # website-resources-conf 9 | 10 | [ ![Codeship Status for nginxinc/website-resources-conf](https://app.codeship.com/projects/64619f00-a4ee-0135-16d4-669675cbf703/status?branch=master)](https://app.codeship.com/projects/255104) 11 | 12 | content for nginx.com/resource/conf/ -- configuration files shared in blog posts, etc. 13 | 14 | Please use .conf format. 15 | 16 | 17 | 12/3/15 Edit 18 | >> If you're changing file names that are already in production please email webteam@nginx.com to request a redirect before your commit. 19 | -------------------------------------------------------------------------------- /weblogic-basic.conf: -------------------------------------------------------------------------------- 1 | proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m; 2 | 3 | map $http_upgrade $connection_upgrade { 4 | default upgrade; 5 | '' close; 6 | } 7 | 8 | upstream weblogic { 9 | # Use IP Hash for session persistence 10 | ip_hash; 11 | 12 | # List of WebLogic application servers 13 | server 192.168.25.33:7001; 14 | server 192.168.25.69:7001; 15 | } 16 | 17 | server { 18 | listen 80; 19 | server_name example.com; 20 | 21 | # Redirect all HTTP to HTTPS 22 | location / { 23 | return 301 https://$server_name$request_uri; 24 | } 25 | } 26 | 27 | server { 28 | listen 443 ssl http2; 29 | server_name example.com; 30 | 31 | ssl_certificate /etc/nginx/ssl/certificate-name; 32 | ssl_certificate_key /etc/nginx/ssl/private-key; 33 | 34 | ssl_session_cache shared:SSL:1m; 35 | 36 | ssl_prefer_server_ciphers on; 37 | 38 | # Return a temporary redirect to the /weblogic-app/ directory 39 | # when user requests '/' 40 | location = / { 41 | return 302 /weblogic-app/; 42 | } 43 | 44 | # A location block is needed per URI group 45 | location /weblogic-app/ { 46 | proxy_cache backcache; 47 | proxy_pass http://weblogic; 48 | 49 | } 50 | 51 | # WebSocket configuration 52 | location /wstunnel/ { 53 | proxy_pass http://weblogic; 54 | proxy_http_version 1.1; 55 | proxy_set_header Upgrade $http_upgrade; 56 | proxy_set_header Connection $connection_upgrade; 57 | } 58 | } 59 | 60 | -------------------------------------------------------------------------------- /tomcat-basic.conf: -------------------------------------------------------------------------------- 1 | proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m; 2 | 3 | map $http_upgrade $connection_upgrade { 4 | default upgrade; 5 | '' close; 6 | } 7 | 8 | upstream tomcat { 9 | # Use IP Hash for session persistence 10 | ip_hash; 11 | 12 | # List of Tomcat application servers 13 | server 10.100.100.11:8080; 14 | server 10.100.100.12:8080; 15 | } 16 | 17 | server { 18 | listen 80; 19 | server_name example.com; 20 | 21 | # Redirect all HTTP requests to HTTPS 22 | location / { 23 | return 301 https://$server_name$request_uri; 24 | } 25 | } 26 | 27 | server { 28 | listen 443 ssl http2; 29 | server_name example.com; 30 | 31 | ssl_certificate /etc/nginx/ssl/certificate-name; 32 | ssl_certificate_key /etc/nginx/ssl/private-key; 33 | 34 | ssl_session_cache shared:SSL:1m; 35 | ssl_prefer_server_ciphers on; 36 | 37 | # Load balance requests for /tomcat-app/ across Tomcat application servers 38 | location /tomcat-app/ { 39 | proxy_pass http://tomcat; 40 | proxy_cache backcache; 41 | } 42 | 43 | # Return a temporary redirect to the /tomcat-app/ directory 44 | # when user requests '/' 45 | location = / { 46 | return 302 /tomcat-app/; 47 | } 48 | 49 | # WebSocket configuration 50 | location /wstunnel/ { 51 | proxy_pass https://tomcat; 52 | proxy_http_version 1.1; 53 | proxy_set_header Upgrade $http_upgrade; 54 | proxy_set_header Connection $connection_upgrade; 55 | } 56 | } 57 | 58 | -------------------------------------------------------------------------------- /upstream-host-route.conf: -------------------------------------------------------------------------------- 1 | # This NGINX Plus configuration implements session route persistence and upstream_conf API. 2 | # 3 | # Add/remove frontend hostnames with corresponding backend servers with the following commands: 4 | # curl 'http://127.0.0.1:8888/upstream_conf?add=&upstream=vhosts&server=backend.server.ip:8080&route=www.example.com' 5 | # curl 'http://127.0.0.1:8888/upstream_conf?list=&upstream=vhosts' 6 | # curl 'http://127.0.0.1:8888/upstream_conf?remove=&upstream=vhosts&id=0' 7 | 8 | user nginx; 9 | worker_processes auto; 10 | events { worker_connections 1024; } 11 | 12 | http { 13 | upstream vhosts { 14 | zone vhosts 128k; # All dynamic upstreams need to reside in shared memory zone 15 | # We will define backend servers later. Currently the upstream is empty. 16 | sticky route $http_host; # Route session persistence can be based on the Host header 17 | } 18 | server { 19 | listen 80; # Production frontend will listen on this port. 20 | status_zone vhosts; # Status zone is used for monitoring with “status” module. 21 | location / { 22 | proxy_pass http://vhosts; 23 | proxy_set_header Host $http_host; 24 | } 25 | } 26 | server { 27 | listen 8888; # This server is used for upstream management, we use a special port that is secured by the firewall 28 | allow 10.0.0.0/24; # Additional security layer for this management server 29 | allow 127.0.0.1/32; 30 | deny all; 31 | root /usr/share/nginx/html; # Location of NGINX Plus static files. 32 | location /upstream_conf { 33 | upstream_conf; # This is the dynamic upstreams API endpoint. 34 | } 35 | location = /status.html { } # HTML page for NGINX Plus dashboard. 36 | location /status { 37 | status; # Live activity monitoring API endpoint. 38 | } 39 | } 40 | } 41 | 42 | -------------------------------------------------------------------------------- /emoji.conf: -------------------------------------------------------------------------------- 1 | # This is an example of extended emoji configuration 😂😂 2 | # Created by NGINX, Inc. for NGINX version 1.9.x and NGINX Plus R8 3 | 4 | # Documentation: http://www.nginx.com/ 5 | 6 | # In order to enable this configuration please move this file to /etc/nginx/nginx.conf 7 | # and reload nginx. You might want to back up your current configuration first. 8 | 9 | # Note #1: status_zone directive only available in commercial 💰 NGINX Plus. 10 | # Note #2: GeoIP configuration requires GeoIP module compiled in NGINX. 11 | # For more information please see http://nginx.org/r/status_zone 12 | 13 | # Published on 2016-04-01 14 | 15 | #user nginx; 16 | events { worker_connections 2014; } 17 | 18 | http { 19 | default_type text/plain; 20 | server { 21 | listen 8081; 22 | return 200 "Desktop 💻 backend $server_addr:$server_port\n\nTime: $time_local\n\n"; 23 | } 24 | server { 25 | listen 8082; 26 | return 200 "Mobile 📱 backend $server_addr:$server_port\n\nTime: $time_local\n\n"; 27 | } 28 | upstream 📱 { 29 | zone 📱 64k; 30 | server 127.0.0.1:8081; 31 | } 32 | 33 | upstream 💻 { 34 | zone 💻 64k; 35 | server 127.0.0.1:8082; 36 | } 37 | upstream all { 38 | zone all 64k; 39 | server 127.0.0.1:8081 route=😂; # 'route' parameter is available in NGINX Plus 40 | server 127.0.0.1:8082 route=👍; # 'route' parameter is available in NGINX Plus 41 | } 42 | map $http_user_agent $upstreamname { 43 | default 💻; 44 | ~(iPhone|Android) 📱; 45 | } 46 | # NGINX should be compiled with or dynamically load GeoIP🌎 module: 47 | # See http://nginx.org/en/docs/http/ngx_http_geo_module.html 48 | geo $remote_addr $🌎 { 49 | 10.2.3.4 💩; 50 | default 😃; 51 | } 52 | server { 53 | location / { 54 | if ($🌎 = 💩) { 55 | return 403 "Access denied! ✋ ❗️\n"; 56 | } 57 | proxy_pass http://💻; 58 | } 59 | } 60 | # Server block below enables Live Activity Monitoring for 💰 NGINX Plus 61 | #server { 62 | #listen 8080; 63 | #root /usr/share/nginx/html; 64 | #location / { return 301 /status.html; } 65 | #location /status.html { } 66 | #location /status { status; } 67 | #location /upstream_conf { upstream_conf; } 68 | #} 69 | } 70 | 71 | 72 | -------------------------------------------------------------------------------- /status.conf: -------------------------------------------------------------------------------- 1 | # This is an example of Live Activity Monitoring (extended status) feature configuration 2 | # Created by NGINX, Inc. for nginx-plus-r6 3 | 4 | # Documentation: http://nginx.org/r/status 5 | 6 | # In order to enable this configuration please move this file to /etc/nginx/conf.d 7 | # and reload nginx: 8 | # mv /etc/nginx/conf.d/status.conf.example /etc/nginx/conf.d/status.conf 9 | # nginx -s reload 10 | 11 | # Note #1: enable status_zone directive for http and tcp servers. 12 | # For more information please see http://nginx.org/r/status_zone 13 | 14 | # Note #2: enable zone directive for http and tcp upstreams. 15 | # For more information please see http://nginx.org/r/zone 16 | 17 | server { 18 | # Status page is enabled on port 8080 by default. 19 | listen 8080; 20 | 21 | # Status zone allows the status page to display statistics for the whole server block. 22 | # It should be enabled for every server block in other configuration files. 23 | status_zone status-page; 24 | 25 | # In case of nginx process listening on multiple IPs you can restrict status page 26 | # to single IP only 27 | # listen 10.2.3.4:8080; 28 | 29 | # HTTP basic Authentication is enabled by default. 30 | # You can add users with any htpasswd generator. 31 | # Command line and online tools are very easy to find. 32 | # You can also reuse your htpasswd file from Apache web server installation. 33 | #auth_basic on; 34 | #auth_basic_user_file /etc/nginx/users; 35 | 36 | # It is recommended to limit the use of status page to admin networks only 37 | # Uncomment and change the network accordingly. 38 | #allow 10.0.0.0/8; 39 | #deny all; 40 | 41 | # NGINX provides a sample HTML status page for easy dashboard view 42 | root /usr/share/nginx/html; 43 | location = /status.html { } 44 | 45 | # Standard HTTP features are fully supported with the status page. 46 | # An example below provides a redirect from "/" to "/status.html" 47 | location = / { 48 | return 301 /status.html; 49 | } 50 | 51 | # Main status location. HTTP features like authentication, access control, 52 | # header changes, logging are fully supported. 53 | location /status { 54 | status; 55 | status_format json; 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /jboss-basic.conf: -------------------------------------------------------------------------------- 1 | # NGINX configuration for load balancing of JBoss Application Servers 2 | # 3 | # The configuration file should be saved to /etc/nginx/conf.d/jboss.conf. 4 | # In the main /etc/nginx/nginx.conf file ensure that the following line is 5 | # present in the http {...} block: 6 | # include /etc/nginx/conf.d/*.conf; 7 | # 8 | # For more information, see http://nginx.org/r/include, and the 'Using NGINX 9 | # to Load Balance JBoss Application Servers' deployment guide at 10 | # http://www.nginx.com/ 11 | # 12 | # For more information on NGINX Plus, the commericial version of NGINX, 13 | # please see http://www.nginx.com/products/ 14 | # 15 | # Tested with NGINX 1.9.5 16 | # 17 | # Nov 12, 2015 18 | # Version 1.0 19 | 20 | proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m; 21 | 22 | map $http_upgrade $connection_upgrade { 23 | default upgrade; 24 | '' close; 25 | } 26 | 27 | upstream jboss { 28 | # Use IP Hash for session persistence 29 | ip_hash; 30 | 31 | # List of JBoss Application Servers 32 | server 192.168.33.11:8080; 33 | server 192.168.33.12:8080; 34 | } 35 | 36 | 37 | server { 38 | listen 80; 39 | server_name example.com; 40 | 41 | # Redirect all HTTP to HTTPS 42 | location / { 43 | return 301 https://$server_name$request_uri; 44 | } 45 | } 46 | 47 | server { 48 | listen 443 ssl http2; 49 | server_name example.com; 50 | 51 | ssl_certificate /etc/nginx/ssl/certificate-name; 52 | ssl_certificate_key /etc/nginx/ssl/private-key; 53 | ssl_session_cache shared:SSL:1m; 54 | ssl_prefer_server_ciphers on; 55 | 56 | # Return a 302 Redirect to the /webapp/ directory 57 | # when user requests / 58 | location = / { 59 | return 302 /webapp/; 60 | } 61 | 62 | # A location block is needed per URI group 63 | location /webapp/ { 64 | proxy_pass http://jboss; 65 | proxy_cache backcache; 66 | } 67 | 68 | # WebSocket configuration 69 | location /wstunnel/ { 70 | proxy_pass https://jboss; 71 | proxy_http_version 1.1; 72 | proxy_set_header Upgrade $http_upgrade; 73 | proxy_set_header Connection $connection_upgrade; 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /nodejs-basic.conf: -------------------------------------------------------------------------------- 1 | # NGINX configuration for load balancing of Node.JS Application Servers 2 | # 3 | # The configuration file should be saved to /etc/nginx/conf.d/nodejs-basic.conf. 4 | # In the main /etc/nginx/nginx.conf file ensure that the following line is 5 | # present in the http {...} block: 6 | # include /etc/nginx/conf.d/*.conf; 7 | # 8 | # For more information, see http://nginx.org/r/include, and the 'Using NGINX 9 | # and NGINX Plus to Load Balance Node.JS Application Servers' deployment guide at 10 | # http://www.nginx.com/ 11 | # 12 | # For more information on NGINX Plus, the commericial version of NGINX, 13 | # please see http://www.nginx.com/products/ 14 | # 15 | # Tested with NGINX 1.11.3 16 | # 17 | # Sep 26, 2016 18 | # Version 1.0 19 | 20 | proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m; 21 | 22 | map $http_upgrade $connection_upgrade { 23 | default upgrade; 24 | '' close; 25 | } 26 | 27 | upstream nodejs { 28 | # Use IP Hash for session persistence 29 | ip_hash; 30 | 31 | # List of Node.JS Application Servers 32 | server 192.168.33.11:8080; 33 | server 192.168.33.12:8080; 34 | } 35 | 36 | 37 | server { 38 | listen 80; 39 | server_name example.com; 40 | 41 | # Redirect all HTTP to HTTPS 42 | location / { 43 | return 301 https://$server_name$request_uri; 44 | } 45 | } 46 | 47 | server { 48 | listen 443 ssl http2; 49 | server_name example.com; 50 | 51 | ssl_certificate /etc/nginx/ssl/certificate-name; 52 | ssl_certificate_key /etc/nginx/ssl/private-key; 53 | ssl_session_cache shared:SSL:1m; 54 | ssl_prefer_server_ciphers on; 55 | 56 | # Return a 302 Redirect to the /webapp/ directory 57 | # when user requests / 58 | location = / { 59 | return 302 /webapp/; 60 | } 61 | 62 | # A location block is needed per URI group 63 | location /webapp/ { 64 | proxy_pass http://nodejs; 65 | proxy_cache backcache; 66 | } 67 | 68 | # WebSocket configuration 69 | location /wstunnel/ { 70 | proxy_pass https://nodejs; 71 | proxy_http_version 1.1; 72 | proxy_set_header Upgrade $http_upgrade; 73 | proxy_set_header Connection $connection_upgrade; 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /slow-reload.conf: -------------------------------------------------------------------------------- 1 | # This is an example which shows a potential problem with frequent reload of nginx process. 2 | # Frequent reloading might leave old nginx workers running for an extended period of time. 3 | 4 | # The use of upstream_conf API in NGINX Plus reduces the frequency of reloads. 5 | 6 | # Usage: 7 | 8 | # Run nginx with this configuration file, then see the process list: 9 | # ps ax | grep nginx 10 | 11 | # Run several requests through this server. Every request will take about a minute: 12 | # curl -v http://localhost/ & curl -v http://localhost/ & curl -v http://localhost/ & curl -v http://localhost/ 13 | 14 | # While the requests are processing reload nginx: 15 | # nginx -s reload 16 | 17 | # Immediately check the processes again: 18 | # ps ax | grep nginx 19 | 20 | # You will see a number of processes in "shutting down" state: 21 | # 1304 ? S 0:00 \_ nginx: worker process is shutting down 22 | 23 | # See more detailis in NGINX Blog: https://www.nginx.com/blog/ 24 | 25 | user nginx; 26 | events { worker_connections 2014; } 27 | worker_processes 8; 28 | 29 | http { 30 | default_type text/plain; 31 | tcp_nodelay on; 32 | server { 33 | listen 8081; 34 | return 200 "Server $server_addr:$server_port\n\nTime: $time_local\n\n 35 | Syntax: proxy_limit_rate rate; 36 | Default: proxy_limit_rate 0; 37 | Context: http, server, location 38 | 39 | This directive appeared in version 1.7.7. 40 | Limits the speed of reading the response 41 | from the proxied server. 42 | The rate is specified in bytes per second. 43 | The zero value disables rate limiting. 44 | The limit is set per a request, 45 | and so if nginx simultaneously opens 46 | two connections to the proxied server, 47 | the overall rate will be twice as much 48 | as the specified limit. The limitation 49 | works only if buffering of responses 50 | from the proxied server is enabled. 51 | "; 52 | } 53 | upstream backend { 54 | zone backend 64k; 55 | server 127.0.0.1:8081; 56 | } 57 | server { 58 | listen 80 reuseport; # Hint: try this configuration with and without reuseport parameter. 59 | limit_rate 20; # Limiting the rate to 20 bytes per second in order to imitate long lasting active connections. 60 | location / { 61 | proxy_pass http://backend; 62 | } 63 | } 64 | } 65 | 66 | 67 | -------------------------------------------------------------------------------- /weblogic-enhanced.conf: -------------------------------------------------------------------------------- 1 | proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m; 2 | 3 | map $http_upgrade $connection_upgrade { 4 | default upgrade; 5 | '' close; 6 | } 7 | 8 | match health_check { 9 | status 200; 10 | header Content-Type = text/html; 11 | body ~ "Welcome To Dizzyworld"; 12 | } 13 | 14 | # Map the PURGE method to the request method 15 | map $request_method $purge_method { 16 | PURGE 1; 17 | default 0; 18 | } 19 | 20 | upstream weblogic { 21 | # Health-monitored upstream groups must have a zone defined 22 | zone weblogic 64k; 23 | 24 | # List of WebLogic application servers 25 | server 192.168.25.33:7001 slow_start=30s; 26 | server 192.168.25.69:7001 slow_start=30s; 27 | 28 | # Session persistence based on JSESSION ID, if necessary 29 | sticky learn create=$upstream_cookie_JSESSIONID 30 | lookup=$cookie_JSESSIONID 31 | zone=client_sessions:1m; 32 | } 33 | 34 | server { 35 | listen 80; 36 | server_name example.com; 37 | 38 | # Required for NGINX Plus to provide extended status information 39 | status_zone weblogic; 40 | 41 | # Redirect all HTTP to HTTPS 42 | location / { 43 | return 301 https://$server_name$request_uri; 44 | } 45 | } 46 | 47 | server { 48 | listen 443 ssl http2; 49 | server_name example.com; 50 | 51 | # Required for NGINX Plus to provide extended status information 52 | status_zone weblogic-ssl; 53 | 54 | ssl_certificate /etc/nginx/ssl/certificate-name; 55 | ssl_certificate_key /etc/nginx/ssl/private-key; 56 | 57 | ssl_session_cache shared:SSL:1m; 58 | 59 | ssl_prefer_server_ciphers on; 60 | 61 | # Return a temporary redirect to the /weblogic-app/ directory 62 | # when user requests '/' 63 | location = / { 64 | return 302 /weblogic-app/; 65 | } 66 | 67 | # A location block is needed per URI group 68 | location /weblogic-app/ { 69 | proxy_cache backcache; 70 | proxy_pass http://weblogic; 71 | 72 | # Enable the the content cache purge method 73 | proxy_cache_purge $purge_method; 74 | 75 | # Active health checks 76 | health_check uri=/benefits match=health_check; 77 | } 78 | 79 | # WebSocket configuration 80 | location /wstunnel/ { 81 | proxy_pass http://weblogic; 82 | proxy_http_version 1.1; 83 | proxy_set_header Upgrade $http_upgrade; 84 | proxy_set_header Connection $connection_upgrade; 85 | } 86 | } 87 | -------------------------------------------------------------------------------- /nodejs-enhanced.conf: -------------------------------------------------------------------------------- 1 | # NGINX Plus configuration for enhanced load balancing of Node.JS 2 | # Application Servers 3 | # 4 | # The configuration file should be saved to /etc/nginx/conf.d/nodejs-enhanced.conf. 5 | # In the main /etc/nginx/nginx.conf file ensure that the following line is 6 | # present in the http {...} block: 7 | # include /etc/nginx/conf.d/*.conf; 8 | # 9 | # For more information, see http://nginx.org/r/include, and the 'Using NGINX 10 | # and NGINX Plus to Load Balance Node.JS Application Servers' deployment guide at 11 | # http://www.nginx.com/ 12 | # 13 | # For support please see http://www.nginx.com/support/ 14 | # 15 | # Tested with NGINX Plus R10 16 | # 17 | # Sept 26, 2016 18 | # Version 1.0 19 | 20 | proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m; 21 | 22 | map $http_upgrade $connection_upgrade { 23 | default upgrade; 24 | '' close; 25 | } 26 | 27 | upstream nodejs { 28 | # Health-monitored upstream groups must have a zone defined 29 | zone nodejs 64k; 30 | 31 | # List of Node.JS Application Servers 32 | server 192.168.33.11:8080 slow_start=30s; 33 | server 192.168.33.12:8080 slow_start=30s; 34 | 35 | # Session Persistence using sticky cookie, if necessary 36 | sticky cookie srv_id expires=1h domain=.example.com path=/; 37 | } 38 | 39 | match nodejs_check { 40 | status 200; 41 | header Content-Type ~ "text/html"; 42 | body ~ "Hello world"; 43 | } 44 | 45 | server { 46 | listen 80; 47 | server_name example.com; 48 | 49 | # Redirect all HTTP to HTTPS 50 | location / { 51 | return 301 https://$server_name$request_uri; 52 | } 53 | } 54 | 55 | server { 56 | listen 443 ssl http2; 57 | server_name example.com; 58 | 59 | # Required for NGINX Plus to provide extended status information. 60 | status_zone nodejs; 61 | 62 | ssl_certificate /etc/nginx/ssl/certificate-name; 63 | ssl_certificate_key /etc/nginx/ssl/private-key; 64 | ssl_session_cache shared:SSL:1m; 65 | ssl_prefer_server_ciphers on; 66 | 67 | # Return a 302 Redirect to the /webapp/ directory 68 | # when user requests / 69 | location = / { 70 | return 302 /webapp/; 71 | } 72 | 73 | # A location block is needed per URI group 74 | location /webapp/ { 75 | proxy_pass http://nodejs; 76 | proxy_cache backcache; 77 | 78 | # Set up active health checks. If the server responds with a 79 | # status other than 2xx or 3xx, the health check will fail 80 | # and the server will be marked down. 81 | health_check match=nodejs_check; 82 | } 83 | 84 | # WebSocket configuration 85 | location /wstunnel/ { 86 | proxy_pass http://nodejs; 87 | proxy_http_version 1.1; 88 | proxy_set_header Upgrade $http_upgrade; 89 | proxy_set_header Connection $connection_upgrade; 90 | } 91 | 92 | # location block for secured access to the upstream_conf handler 93 | location /upstream_conf { 94 | upstream_conf; 95 | 96 | allow 127.0.0.1; # permit access from localhost 97 | deny all; # deny access from everywhere else 98 | } 99 | } 100 | 101 | -------------------------------------------------------------------------------- /jboss-enhanced.conf: -------------------------------------------------------------------------------- 1 | # NGINX Plus configuration for enhanced load balancing of JBoss 2 | # Application Servers 3 | # 4 | # The configuration file should be saved to /etc/nginx/conf.d/jboss.conf. 5 | # In the main /etc/nginx/nginx.conf file ensure that the following line is 6 | # present in the http {...} block: 7 | # include /etc/nginx/conf.d/*.conf; 8 | # 9 | # For more information, see http://nginx.org/r/include, and the 'Using NGINX 10 | # to Load Balance JBoss Application Servers' deployment guide at 11 | # http://www.nginx.com/ 12 | # 13 | # For support please see http://www.nginx.com/support/ 14 | # 15 | # Tested with NGINX Plus R7 16 | # 17 | # Nov 12, 2015 18 | # Version 1.0 19 | 20 | proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m; 21 | 22 | map $http_upgrade $connection_upgrade { 23 | default upgrade; 24 | '' close; 25 | } 26 | 27 | upstream jboss { 28 | # Health-monitored upstream groups must have a zone defined 29 | zone jboss 64k; 30 | 31 | # List of Jboss Application Servers 32 | server 192.168.33.11:8080 slow_start=30s; 33 | server 192.168.33.12:8080 slow_start=30s; 34 | 35 | # Session Persistence based on JSESSION ID, if necessary 36 | sticky learn 37 | create=$upstream_cookie_JSESSIONID 38 | lookup=$cookie_JSESSIONID 39 | zone=client_sessions:1m; 40 | } 41 | 42 | match jboss_check { 43 | status 200; 44 | header Content-Type = text/html; 45 | body ~ "Your WildFly 9 is running"; 46 | } 47 | 48 | server { 49 | listen 80; 50 | server_name example.com; 51 | 52 | # Redirect all HTTP to HTTPS 53 | location / { 54 | return 301 https://$server_name$request_uri; 55 | } 56 | } 57 | 58 | server { 59 | listen 443 ssl http2; 60 | server_name example.com; 61 | 62 | # Required for NGINX Plus to provide extended status information. 63 | status_zone jboss; 64 | 65 | ssl_certificate /etc/nginx/ssl/certificate-name; 66 | ssl_certificate_key /etc/nginx/ssl/private-key; 67 | ssl_session_cache shared:SSL:1m; 68 | ssl_prefer_server_ciphers on; 69 | 70 | # Return a 302 Redirect to the /webapp/ directory 71 | # when user requests / 72 | location = / { 73 | return 302 /webapp/; 74 | } 75 | 76 | # A location block is needed per URI group 77 | location /webapp/ { 78 | proxy_pass http://jboss; 79 | proxy_cache backcache; 80 | 81 | # Set up active health checks. If the server responds with a 82 | # status other than 2xx or 3xx, the health check will fail 83 | # and the server will be marked down. 84 | health_check match=jboss_check; 85 | } 86 | 87 | # WebSocket configuration 88 | location /wstunnel/ { 89 | proxy_pass http://jboss; 90 | proxy_http_version 1.1; 91 | proxy_set_header Upgrade $http_upgrade; 92 | proxy_set_header Connection $connection_upgrade; 93 | } 94 | 95 | # location block for secured access to the upstream_conf handler 96 | location /upstream_conf { 97 | upstream_conf; 98 | 99 | allow 127.0.0.1; # permit access from localhost 100 | deny all; # deny access from everywhere else 101 | } 102 | } 103 | 104 | -------------------------------------------------------------------------------- /exchange-basic.conf: -------------------------------------------------------------------------------- 1 | # NGINX Plus configuration for basic load balancing of Microsoft Exchange 2 | # servers 3 | # 4 | # For simplicity, all directives appear in this file. You can also create 5 | # function-specific files in the /etc/nginx/conf.d directory (for example, 6 | # create separate files for the 'http' and 'stream' blocks in this file). Then 7 | # use the 'include' directive in the main nginx.conf file to reference the 8 | # function-specific files. 9 | # 10 | # For more information, see http://nginx.org/r/include, and the 11 | # "Load Balancing Microsoft Exchange Servers with NGINX Plus" deployment guide 12 | # at www.nginx.com. 13 | 14 | user nginx; 15 | worker_processes auto; 16 | error_log /var/log/nginx/error.log info; 17 | pid /var/run/nginx.pid; 18 | 19 | events { 20 | worker_connections 1024; 21 | } 22 | 23 | http { 24 | log_format main '$remote_addr - $remote_user [$time_local] ' 25 | '"$request" $status $body_bytes_sent ' 26 | '"$http_user_agent" "$upstream_addr"'; 27 | access_log /var/log/nginx/access.log main; 28 | keepalive_timeout 3h; 29 | proxy_read_timeout 3h; 30 | tcp_nodelay on; 31 | upstream exchange { 32 | zone exchange-general 64k; 33 | ntlm; 34 | server 10.0.0.237:443; # Replace with IP address of a CAS 35 | server 10.0.0.238:443; # Replace with IP address of a CAS 36 | sticky learn create=$remote_addr lookup=$remote_addr 37 | zone=client_sessions:10m timeout=3h; 38 | } 39 | 40 | server { 41 | listen 80; 42 | location / { 43 | return 301 https://$host$request_uri; 44 | } 45 | } 46 | 47 | server { 48 | listen 443 ssl http2; 49 | client_max_body_size 2G; 50 | ssl_certificate /etc/nginx/ssl/company.com.crt; 51 | ssl_certificate_key /etc/nginx/ssl/company.com.key; 52 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 53 | status_zone exchange-combined; 54 | 55 | location = / { 56 | return 301 "/owa/"; 57 | } 58 | 59 | location = /favicon.ico { 60 | empty_gif; 61 | access_log off; 62 | } 63 | 64 | location / { 65 | proxy_pass https://exchange; 66 | proxy_buffering off; 67 | proxy_http_version 1.1; 68 | proxy_request_buffering off; 69 | proxy_set_header Connection "Keep-Alive"; 70 | proxy_set_header Host $host; 71 | } 72 | } 73 | } 74 | 75 | stream { 76 | upstream exchange-imaps { 77 | zone exchange-imaps 64k; 78 | server 10.0.0.237:993; # Replace with IP address of a CAS 79 | server 10.0.0.238:993; # Replace with IP address of a CAS 80 | } 81 | 82 | upstream exchange-smtp { 83 | zone exchange-smtp 64k; 84 | server 10.0.0.237:25; # Replace with IP address of a CAS 85 | server 10.0.0.238:25; # Replace with IP address of a CAS 86 | } 87 | 88 | server { 89 | listen 993; 90 | status_zone exchange-imaps; 91 | proxy_pass exchange-imaps; 92 | } 93 | 94 | server { 95 | listen 25; # SMTP port can be changed here (to 587, for example) 96 | status_zone exchange-smtp; 97 | proxy_pass exchange-smtp; 98 | } 99 | } 100 | -------------------------------------------------------------------------------- /tomcat-enhanced.conf: -------------------------------------------------------------------------------- 1 | proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m; 2 | 3 | # WebSocket configuration 4 | map $http_upgrade $connection_upgrade { 5 | default upgrade; 6 | '' close; 7 | } 8 | 9 | # Extract the data after the final period (.) in the 10 | # JSESSIONID cookie and store it in the $route_cookie variable. 11 | map $cookie_jsessionid $route_cookie { 12 | ~.+\.(?Pw+)$ $route; 13 | } 14 | 15 | # Search the URL for a trailing jsessionid parameter, extract the 16 | # data after the final period (.), and store it in 17 | # the $route_uri variable. 18 | map $request_uri $route_uri { 19 | jsessionid=.+\.(?Pw+)$ $route 20 | } 21 | 22 | # Application health checks 23 | match tomcat_check { 24 | status 200; 25 | header Content-Type = text/html; 26 | body ~ "Apache Tomcat/8"; 27 | } 28 | 29 | upstream tomcat { 30 | # Shared memory zone for application health checks, live activity 31 | # monitoring, and on-the-fly reconfiguration 32 | zone tomcat 64k; 33 | 34 | # List of Tomcat application servers 35 | server 10.100.100.11:8080 slow_start=30s; 36 | server 10.100.100.12:8080 slow_start=30s; 37 | 38 | # Session persistence based on the jvmRoute value in the JSESSION ID cookie 39 | sticky route $route_cookie $route_uri; 40 | 41 | # Uncomment the following directive (and comment the preceding 42 | # 'sticky route' and JSESSIONID map directives) for session 43 | #persistence based on the JSESSIONID 44 | #sticky learn create=$upstream_cookie_JSESSIONID 45 | # lookup=$cookie_JSESSIONID 46 | # zone=client_sessions:1m; 47 | } 48 | 49 | server { 50 | listen 80; 51 | server_name example.com; 52 | 53 | # Redirect all HTTP requests to HTTPS 54 | location / { 55 | return 301 https://$server_name$request_uri; 56 | } 57 | } 58 | 59 | server { 60 | listen 443 ssl http2; 61 | server_name example.com; 62 | 63 | # Required for live activity monitoring of HTTPS traffic 64 | status_zone tomcat; 65 | 66 | ssl_certificate /etc/nginx/ssl/certificate-name; 67 | ssl_certificate_key /etc/nginx/ssl/private-key; 68 | 69 | ssl_session_cache shared:SSL:1m; 70 | ssl_prefer_server_ciphers on; 71 | 72 | # Load balance requests for /tomcat-app/ across Tomcat application 73 | # servers 74 | location /tomcat-app/ { 75 | proxy_pass http://tomcat; 76 | proxy_cache backcache; 77 | 78 | # Application health checks 79 | health_check interval=2s fails=1 passes=5 uri=/ 80 | match=tomcat_check; 81 | } 82 | 83 | # Return a 302 redirect to the /webapp/ directory when user 84 | # requests '/' 85 | location = / { 86 | return 302 /webapp/; 87 | } 88 | 89 | # WebSocket configuration 90 | location /wstunnel/ { 91 | proxy_pass http://tomcat; 92 | proxy_http_version 1.1; 93 | proxy_set_header Upgrade $http_upgrade; 94 | proxy_set_header Connection $connection_upgrade; 95 | } 96 | 97 | # Secured access to the on-the-fly reconfiguration API 98 | location /upstream_conf { 99 | upstream_conf; 100 | 101 | allow 127.0.0.1; # permit access from localhost 102 | deny all; # deny access from everywhere else 103 | } 104 | } 105 | 106 | -------------------------------------------------------------------------------- /oracle-single-entry-point.conf: -------------------------------------------------------------------------------- 1 | # NGINX Plus configuration for Oracle EBS 2 | # 3 | # For simplicity, all directives appear in this file. You can also create 4 | # function-specific files in the /etc/nginx/conf.d directory (for example, 5 | # create separate files for the separate server blocks in this file). Then 6 | # use the 'include' directive in the main nginx.conf file to reference the 7 | # function-specific files. 8 | # 9 | # For more information, see http://nginx.org/r/include, and the 'Oracle E-Business 10 | # Suite deployment guide' at nginx.com. 11 | 12 | user nginx; 13 | worker_processes auto; 14 | events { 15 | worker_connections 1024; 16 | } 17 | 18 | http { 19 | default_type text/html; 20 | proxy_cache_path /var/oracle-cache keys_zone=cache_oracle:50m max_size=500m; 21 | 22 | # Custom logging configuration: 23 | log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_addr'; 24 | access_log /var/log/nginx/access.log main; 25 | 26 | upstream oracle { 27 | zone oracle 64k; 28 | 29 | # Production servers: 30 | server 172.31.11.210:8000 max_fails=0; 31 | server 172.31.0.146:8000 max_fails=0; 32 | 33 | # Disaster recovery servers: 34 | server 172.33.111.210:8000 max_fails=0 backup; 35 | server 172.33.100.146:8000 max_fails=0 backup; 36 | 37 | # Session persistence setup: 38 | sticky cookie ngxcookie; 39 | } 40 | 41 | server { 42 | listen 80; 43 | status_zone oracle-http-redirect; 44 | return 302 https://$http_host$request_uri; 45 | } 46 | server { 47 | listen 443 ssl; 48 | ssl_certificate /etc/nginx/ssl/server.crt; 49 | ssl_certificate_key /etc/nginx/ssl/server.key; 50 | ssl_protocols TLSv1.2; 51 | status_zone oracle-ssl; 52 | proxy_cache cache_oracle; 53 | 54 | location / { 55 | proxy_pass http://oracle; 56 | proxy_set_header Host $host; 57 | proxy_cache_valid any 1h; 58 | } 59 | 60 | location @health_check { 61 | internal; 62 | proxy_connect_timeout 3s; 63 | proxy_read_timeout 3s; 64 | proxy_pass http://oracle; 65 | proxy_set_header Host "oracle.company.com"; 66 | health_check match=oracleok interval=4s uri=/OA_HTML/AppsLocalLogin.jsp; 67 | } 68 | } 69 | 70 | match oracleok { 71 | status 200-399; 72 | header X-ORACLE-DMS-ECID; 73 | } 74 | server { 75 | 76 | # Status zone allows the status page to display statistics for the whole server block. 77 | # It should be enabled for every server block in other configuration files. 78 | status_zone status-page; 79 | 80 | # In case of nginx process listening on multiple IPs you can restrict status page 81 | # to single IP only. 82 | # listen 10.2.3.4:8080; 83 | # Status page is enabled on port 8080 by default. 84 | listen 8080; 85 | 86 | # HTTP basic Authentication is enabled by default. 87 | # You can add users with any htpasswd generator. 88 | # Command line and online tools are very easy to find. 89 | # You can also reuse your htpasswd file from Apache web server installation. 90 | #auth_basic on; 91 | #auth_basic_user_file /etc/nginx/users; 92 | 93 | # It is recommended to limit the use of status page to admin networks only 94 | # Uncomment and change the networks accordingly. 95 | #allow 10.0.0.0/8; 96 | deny all; 97 | 98 | # NGINX provides a sample HTML status page for easy dashboard view 99 | root /usr/share/nginx/html; 100 | location = /status.html { } 101 | 102 | # Standard HTTP features are fully supported with the status page. 103 | # An example below provides a redirect from "/" to "/status.html" 104 | location = / { 105 | return 301 /status.html; 106 | } 107 | 108 | # Main status location. HTTP features like authentication, access control, 109 | # header changes, logging are fully supported. 110 | location /status { 111 | status; 112 | status_format json; 113 | access_log off; 114 | } 115 | } 116 | } 117 | 118 | -------------------------------------------------------------------------------- /plus_package.rb-chef-recipe: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: nginx 3 | # Recipe:: plus_package 4 | # Author:: Damian Curry 5 | # 6 | # Copyright 2008-2013, Chef Software, Inc. 7 | # 8 | # Licensed under the Apache License, Version 2.0 (the "License"); 9 | # you may not use this file except in compliance with the License. 10 | # You may obtain a copy of the License at 11 | # 12 | # http://www.apache.org/licenses/LICENSE-2.0 13 | # 14 | # Unless required by applicable law or agreed to in writing, software 15 | # distributed under the License is distributed on an "AS IS" BASIS, 16 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | # See the License for the specific language governing permissions and 18 | # limitations under the License. 19 | # 20 | 21 | include_recipe 'nginx::ohai_plugin' 22 | 23 | directory '/etc/ssl/nginx' do 24 | owner 'root' 25 | group 'root' 26 | mode '0755' 27 | action :create 28 | end 29 | 30 | file '/etc/ssl/nginx/nginx-repo.key' do 31 | owner 'root' 32 | group 'root' 33 | mode 0644 34 | content node.attribute['nginx']['nginx_repo_key'] 35 | end 36 | 37 | file '/etc/ssl/nginx/nginx-repo.crt' do 38 | owner 'root' 39 | group 'root' 40 | mode 0644 41 | content node.attribute['nginx']['nginx_repo_crt'] 42 | end 43 | 44 | remote_file '/etc/ssl/nginx/CA.crt' do 45 | source 'https://cs.nginx.com/static/files/CA.crt' 46 | owner 'root' 47 | group 'root' 48 | mode 0644 49 | end 50 | 51 | remote_file '/etc/apt/apt.conf.d/90nginx' do 52 | source 'https://cs.nginx.com/static/files/90nginx' 53 | owner 'root' 54 | group 'root' 55 | mode 0644 56 | end 57 | 58 | #this is currently only setup for ubuntu, rhel to follow 59 | if platform_family?('debian') 60 | include_recipe 'apt::default' 61 | 62 | apt_repository 'nginx_plus' do 63 | uri 'https://plus-pkgs.nginx.com/ubuntu' 64 | distribution node['lsb']['codename'] 65 | components %w(nginx-plus) 66 | deb_src false 67 | key 'http://nginx.org/keys/nginx_signing.key' 68 | end 69 | end 70 | 71 | package node['nginx']['package_name'] do 72 | notifies :reload, 'ohai[reload_nginx]', :immediately 73 | not_if 'which nginx' 74 | end 75 | 76 | service 'nginx' do 77 | supports :status => true, :restart => true, :reload => true 78 | action :enable 79 | end 80 | 81 | include_recipe 'nginx::commons' 82 | 83 | if node['nginx']['plus_status_enabe'] == 'true' 84 | template 'nginx_plus_status' do 85 | path "#{node['nginx']['dir']}/conf.d/nginx_plus_status.conf" 86 | source 'nginx_plus_status.erb' 87 | owner 'root' 88 | group node['root_group'] 89 | mode '0644' 90 | notifies :reload, 'service[nginx]', :delayed 91 | end 92 | end 93 | 94 | if node['nginx']['enable_ha_mode'] == 'true' 95 | ha_pair_ips = Array.new 96 | origip = "#{node[:network][:interfaces][:eth1][:addresses].detect{|k,v| v[:family] == 'inet'}.first}" 97 | 98 | # The code for finding the IP address of the eth0 interface 99 | # follows, commented out. 100 | #origip = "#{node[:ipaddress]}" 101 | #search(:node, "role:nginx_plus_ha AND enable_ha_mode:true NOT name:#{node.name}") do |nodes| 102 | # ha_pair_ips << nodes["ipaddress"] 103 | #end 104 | # This is a workaround for getting the IP address for the eth1 105 | # that VMs need 106 | search(:node, "role:nginx_plus_ha AND enable_ha_mode:true NOT name:#{node.name}") do |nodes| 107 | nodes["network"]["interfaces"]["eth1"]["addresses"].each_pair do |address,value| 108 | ha_pair_ips << address if value.has_key?("broadcast") 109 | end 110 | end 111 | 112 | package 'nginx-ha-keepalived' do 113 | action :install 114 | end 115 | 116 | service 'keepalived' do 117 | supports :status => true, :restart => true, :reload => true 118 | action :enable 119 | end 120 | template '/etc/keepalived/keepalived.conf' do 121 | source 'nginx_plus_keepalived.conf.erb' 122 | owner 'root' 123 | group node['root_group'] 124 | mode '0644' 125 | variables( 126 | :myip => origip, 127 | :ha_pair_ip => ha_pair_ips 128 | ) 129 | notifies :reload, 'service[keepalived]', :delayed 130 | end 131 | end 132 | -------------------------------------------------------------------------------- /websphere-nginx-oss.conf: -------------------------------------------------------------------------------- 1 | # NGINX configuration for load balancing of IBM WebSphere Application Servers 2 | # 3 | # The configuration file should be saved to /etc/nginx/conf.d/websphere.conf. 4 | # In the main /etc/nginx/nginx.conf file ensure that the following line is 5 | # present in the http {...} block: 6 | # include /etc/nginx/conf.d/*.conf; 7 | # 8 | # For more information, see http://nginx.org/r/include, and the 'Using NGINX 9 | # to Load Balance IBM WebSphere' deployment guide at 10 | # http://www.nginx.com/ 11 | # 12 | # For more information on NGINX Plus, the commericial version of NGINX, 13 | # please see http://www.nginx.com/products/ 14 | # 15 | # Tested with NGINX 1.9.1 16 | # 17 | # June 19, 2015 18 | # Version 1.0 19 | 20 | 21 | proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m; 22 | 23 | map $http_upgrade $connection_upgrade { 24 | default upgrade; 25 | '' close; 26 | } 27 | 28 | map $https $is_ssl { 29 | default false; 30 | on true; 31 | } 32 | 33 | upstream websphere { 34 | 35 | # Use IP Hash for session persistence 36 | ip_hash; 37 | 38 | # List of WebSphere Application Servers 39 | server 127.0.0.1:9080; 40 | server 127.0.0.1:9081; 41 | } 42 | 43 | upstream websphere-ssl { 44 | 45 | # Use IP Hash for session persistence 46 | ip_hash; 47 | 48 | # List of WebSphere Application Servers 49 | server 127.0.0.1:9443; 50 | server 127.0.0.1:9444; 51 | } 52 | 53 | server { 54 | listen 80; 55 | 56 | # Return a 302 Redirect to the /webapp/ directory 57 | # when user requests / 58 | location = / { 59 | return 302 /webapp/; 60 | } 61 | 62 | # A location block is need per URI group 63 | location /webapp/ { 64 | proxy_pass http://websphere; 65 | proxy_cache backcache; 66 | 67 | proxy_set_header "$WSSC" $scheme; 68 | proxy_set_header "$WSPR" $server_protocol; 69 | proxy_set_header "$WSRA" $remote_addr; 70 | proxy_set_header "$WSRH" $host; 71 | proxy_set_header "$WSRU" $remote_user; 72 | proxy_set_header "$WSSN" $server_name; 73 | proxy_set_header "$WSSP" $server_port; 74 | proxy_set_header "$WSIS" $is_ssl; 75 | 76 | # Note that these vars are only available if 77 | # NGINX was built with SSL 78 | proxy_set_header "$WSCC" $ssl_client_cert; 79 | proxy_set_header "$WSCS" $ssl_cipher; 80 | proxy_set_header "$WSSI" $ssl_session_id; 81 | 82 | # No equivalent NGINX variable for these headers. 83 | proxy_hide_header "$WSAT"; 84 | proxy_hide_header "$WSPT"; 85 | proxy_hide_header "$WSFO"; 86 | } 87 | 88 | # WebSocket configuration 89 | location /wstunnel/ { 90 | proxy_pass http://websphere; 91 | proxy_http_version 1.1; 92 | proxy_set_header Upgrade $http_upgrade; 93 | proxy_set_header Connection $connection_upgrade; 94 | } 95 | 96 | } 97 | 98 | server { 99 | listen 443 ssl spdy; 100 | 101 | ssl_certificate certchain.pem; 102 | ssl_certificate_key privkey.pem; 103 | 104 | ssl_session_cache shared:SSL:1m; 105 | ssl_session_timeout 5m; 106 | 107 | ssl_ciphers HIGH:!aNULL:!MD5; 108 | ssl_prefer_server_ciphers on; 109 | 110 | # Return a 302 Redirect to the /webapp/ directory 111 | # when user requests / 112 | location = / { 113 | return 302 /webapp/; 114 | } 115 | 116 | # A location block is need per URI group 117 | location /webapp/ { 118 | proxy_pass https://websphere; 119 | proxy_cache backcache; 120 | 121 | proxy_set_header "$WSSC" $scheme; 122 | proxy_set_header "$WSPR" $server_protocol; 123 | proxy_set_header "$WSRA" $remote_addr; 124 | proxy_set_header "$WSRH" $host; 125 | proxy_set_header "$WSRU" $remote_user; 126 | proxy_set_header "$WSSN" $server_name; 127 | proxy_set_header "$WSSP" $server_port; 128 | proxy_set_header "$WSIS" $is_ssl; 129 | 130 | # Note that these vars are only available if 131 | # NGINX was built with SSL 132 | proxy_set_header "$WSCC" $ssl_client_cert; 133 | proxy_set_header "$WSCS" $ssl_cipher; 134 | proxy_set_header "$WSSI" $ssl_session_id; 135 | 136 | # No equivalent NGINX variable for these headers. 137 | proxy_hide_header "$WSAT"; 138 | proxy_hide_header "$WSPT"; 139 | proxy_hide_header "$WSFO"; 140 | } 141 | 142 | # WebSocket configuration 143 | location /wstunnel/ { 144 | proxy_pass https://websphere; 145 | proxy_http_version 1.1; 146 | proxy_set_header Upgrade $http_upgrade; 147 | proxy_set_header Connection $connection_upgrade; 148 | } 149 | } 150 | -------------------------------------------------------------------------------- /oracle-multiple-entry-point.conf: -------------------------------------------------------------------------------- 1 | # NGINX Plus configuration for Oracle EBS 2 | # 3 | # For simplicity, all directives appear in this file. You can also create 4 | # function-specific files in the /etc/nginx/conf.d directory (for example, 5 | # create separate files for the separate server blocks in this file). Then 6 | # use the 'include' directive in the main nginx.conf file to reference the 7 | # function-specific files. 8 | # 9 | # For more information, see http://nginx.org/r/include, and the 'Oracle E-Business 10 | # Suite deployment guide' at nginx.com. 11 | 12 | user nginx; 13 | worker_processes auto; 14 | events { 15 | worker_connections 1024; 16 | } 17 | 18 | http { 19 | default_type text/html; 20 | proxy_cache_path /var/oracle-cache-one keys_zone=cache_oracle_one:50m max_size=500m; 21 | proxy_cache_path /var/oracle-cache-two keys_zone=cache_oracle_two:50m max_size=500m; 22 | 23 | # Custom logging configuration: 24 | log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_addr'; 25 | access_log /var/log/nginx/access.log main; 26 | 27 | upstream oracle_one { 28 | zone oracle_one 64k; 29 | 30 | # Production servers: 31 | server 172.31.11.210:8000 max_fails=0; 32 | server 172.31.0.146:8000 max_fails=0; 33 | 34 | # Disaster recovery servers: 35 | server 172.33.111.210:8000 max_fails=0 backup; 36 | server 172.33.100.146:8000 max_fails=0 backup; 37 | 38 | # Session persistence setup: 39 | sticky cookie ngxcookie; 40 | } 41 | 42 | upstream oracle_two { 43 | zone oracle_two 64k; 44 | 45 | # Production servers: 46 | server 172.31.11.211:8000 max_fails=0; 47 | server 172.31.0.147:8000 max_fails=0; 48 | 49 | # Disaster recovery servers: 50 | server 172.33.111.211:8000 max_fails=0 backup; 51 | server 172.33.100.147:8000 max_fails=0 backup; 52 | 53 | # Session persistence setup: 54 | sticky cookie ngxcookie; 55 | } 56 | 57 | server { 58 | listen 80; 59 | status_zone oracle-http-redirect; 60 | return 302 https://$http_host$request_uri; 61 | } 62 | server { 63 | listen 192.168.210.10:443 ssl; 64 | server_name oracle-one.company.com; 65 | ssl_certificate /etc/nginx/ssl/server_one.crt; 66 | ssl_certificate_key /etc/nginx/ssl/server_one.key; 67 | ssl_protocols TLSv1.2; 68 | status_zone oracle-ssl-one; 69 | proxy_cache cache_oracle_one; 70 | 71 | location / { 72 | proxy_pass http://oracle_one; 73 | proxy_set_header Host $host; 74 | proxy_cache_valid any 1h; 75 | } 76 | 77 | location @health_check { 78 | internal; 79 | proxy_connect_timeout 3s; 80 | proxy_read_timeout 3s; 81 | proxy_pass http://oracle_one; 82 | proxy_set_header Host "oracle-one.company.com"; 83 | health_check match=oracleok interval=4s uri=/OA_HTML/AppsLocalLogin.jsp; 84 | } 85 | } 86 | server { 87 | listen 192.168.210.11:443 ssl; 88 | server_name oracle-two.company.com; 89 | ssl_certificate /etc/nginx/ssl/server_two.crt; 90 | ssl_certificate_key /etc/nginx/ssl/server_two.key; 91 | ssl_protocols TLSv1.2; 92 | status_zone oracle-ssl; 93 | proxy_cache cache_oracle; 94 | 95 | location / { 96 | proxy_pass http://oracle_two; 97 | proxy_set_header Host $host; 98 | proxy_cache_valid any 1h; 99 | } 100 | 101 | location @health_check { 102 | internal; 103 | proxy_connect_timeout 3s; 104 | proxy_read_timeout 3s; 105 | proxy_pass http://oracle_two; 106 | proxy_set_header Host "oracle-two.company.com"; 107 | health_check match=oracleok interval=4s uri=/OA_HTML/AppsLocalLogin.jsp; 108 | } 109 | } 110 | 111 | match oracleok { 112 | status 200-399; 113 | header X-ORACLE-DMS-ECID; 114 | } 115 | 116 | server { 117 | 118 | # Status zone allows the status page to display statistics for the whole server block. 119 | # It should be enabled for every server block in other configuration files. 120 | status_zone status-page; 121 | 122 | # In case of nginx process listening on multiple IPs you can restrict status page 123 | # to single IP only. 124 | # listen 10.2.3.4:8080; 125 | # Status page is enabled on port 8080 by default. 126 | listen 8080; 127 | 128 | # HTTP basic Authentication is enabled by default. 129 | # You can add users with any htpasswd generator. 130 | # Command line and online tools are very easy to find. 131 | # You can also reuse your htpasswd file from Apache web server installation. 132 | #auth_basic on; 133 | #auth_basic_user_file /etc/nginx/users; 134 | 135 | # It is recommended to limit the use of status page to admin networks only 136 | # Uncomment and change the networks accordingly. 137 | #allow 10.0.0.0/8; 138 | deny all; 139 | 140 | # NGINX provides a sample HTML status page for easy dashboard view 141 | root /usr/share/nginx/html; 142 | location = /status.html { } 143 | 144 | # Standard HTTP features are fully supported with the status page. 145 | # An example below provides a redirect from "/" to "/status.html" 146 | location = / { 147 | return 301 /status.html; 148 | } 149 | 150 | # Main status location. HTTP features like authentication, access control, 151 | # header changes, logging are fully supported. 152 | location /status { 153 | status; 154 | status_format json; 155 | access_log off; 156 | } 157 | } 158 | } 159 | 160 | -------------------------------------------------------------------------------- /websphere-nginx-plus.conf: -------------------------------------------------------------------------------- 1 | # NGINX Plus configuration for enhanced load balancing of IBM WebSphere 2 | # Application Servers 3 | # 4 | # The configuration file should be saved to /etc/nginx/conf.d/websphere.conf. 5 | # In the main /etc/nginx/nginx.conf file ensure that the following line is 6 | # present in the http {...} block: 7 | # include /etc/nginx/conf.d/*.conf; 8 | # 9 | # For more information, see http://nginx.org/r/include, and the 'Using NGINX 10 | # to Load Balance IBM WebSphere' deployment guide at 11 | # http://www.nginx.com/ 12 | # 13 | # For support please see http://www.nginx.com/support/ 14 | # 15 | # Tested with NGINX Plus R6 16 | # 17 | # June 19, 2015 18 | # Version 1.1 19 | 20 | proxy_cache_path /tmp/NGINX_cache/ keys_zone=backcache:10m; 21 | 22 | map $http_upgrade $connection_upgrade { 23 | default upgrade; 24 | '' close; 25 | } 26 | 27 | map $https $is_ssl { 28 | default false; 29 | on true; 30 | } 31 | 32 | upstream websphere { 33 | # Health-monitored upstream groups must be stored in shared memory 34 | zone websphere 64k; 35 | 36 | # List of WebSphere Application Servers 37 | server 127.0.0.1:9080 slow_start=30s; 38 | server 127.0.0.1:9081 slow_start=30s; 39 | 40 | # Session Persistence based on JSESSION ID, if necessary 41 | sticky learn 42 | create=$upstream_cookie_JSESSIONID 43 | lookup=$cookie_JSESSIONID 44 | zone=client_sessions:1m; 45 | } 46 | 47 | upstream websphere-ssl { 48 | # Health-monitored upstream groups must be stored in shared memory 49 | zone websphere-ssl 64k; 50 | 51 | # List of WebSphere Application Servers 52 | server 127.0.0.1:9443 slow_start=30s; 53 | server 127.0.0.1:9444 slow_start=30s; 54 | 55 | # Session Persistence based on JSESSION ID, if necessary 56 | sticky learn 57 | create=$upstream_cookie_JSESSIONID 58 | lookup=$cookie_JSESSIONID 59 | zone=client_sessions-ssl:1m; 60 | } 61 | 62 | server { 63 | listen 80; 64 | 65 | # Required for NGINX Plus to provide extended status information. 66 | # http://nginx.com/blog/live-activity-monitoring-nginx-plus-3-simple-steps/ 67 | status_zone websphere; 68 | 69 | # Return a 302 Redirect to the /webapp/ directory 70 | # when user requests / 71 | location = / { 72 | return 302 /webapp/; 73 | } 74 | 75 | # A location block is need per URI group 76 | location /webapp/ { 77 | proxy_pass http://websphere; 78 | proxy_cache backcache; 79 | 80 | # Set up active health checks. If the server responds with a status 81 | # other than 2xx or 3xx, the health check will fail and the server 82 | # will be marked down. For more options with health_check, see: 83 | # http://nginx.org/en/docs/http/ngx_http_upstream_module.html 84 | health_check; 85 | 86 | proxy_set_header "$WSSC" $scheme; 87 | proxy_set_header "$WSPR" $server_protocol; 88 | proxy_set_header "$WSRA" $remote_addr; 89 | proxy_set_header "$WSRH" $host; 90 | proxy_set_header "$WSRU" $remote_user; 91 | proxy_set_header "$WSSN" $server_name; 92 | proxy_set_header "$WSSP" $server_port; 93 | proxy_set_header "$WSIS" $is_ssl; 94 | 95 | proxy_set_header "$WSCC" $ssl_client_cert; 96 | proxy_set_header "$WSCS" $ssl_cipher; 97 | proxy_set_header "$WSSI" $ssl_session_id; 98 | 99 | # No equivalent NGINX variable for these headers. 100 | proxy_hide_header "$WSAT"; 101 | proxy_hide_header "$WSPT"; 102 | proxy_hide_header "$WSFO"; 103 | } 104 | 105 | # WebSocket configuration 106 | location /wstunnel/ { 107 | proxy_pass http://websphere; 108 | proxy_http_version 1.1; 109 | proxy_set_header Upgrade $http_upgrade; 110 | proxy_set_header Connection $connection_upgrade; 111 | } 112 | } 113 | 114 | server { 115 | listen 443 ssl spdy; 116 | 117 | # Required for NGINX Plus to provide extended status information. 118 | # http://nginx.com/blog/live-activity-monitoring-nginx-plus-3-simple-steps/ 119 | status_zone websphere_ssl; 120 | 121 | ssl_certificate certchain.pem; 122 | ssl_certificate_key privkey.pem; 123 | 124 | ssl_session_cache shared:SSL:1m; 125 | ssl_session_timeout 5m; 126 | 127 | ssl_ciphers HIGH:!aNULL:!MD5; 128 | ssl_prefer_server_ciphers on; 129 | 130 | # Return a 302 Redirect to the /webapp/ directory 131 | # when user requests / 132 | location = / { 133 | return 302 /webapp/; 134 | } 135 | 136 | # A location block is need per URI group 137 | location /webapp/ { 138 | proxy_pass https://websphere-ssl; 139 | proxy_cache backcache; 140 | 141 | # Set up active health checks. If the server responds with a status 142 | # other than 2xx or 3xx, the health check will fail and the server 143 | # will be marked down. For more options with health_check, see: 144 | # http://nginx.org/en/docs/http/ngx_http_upstream_module.html 145 | health_check; 146 | 147 | proxy_set_header "$WSSC" $scheme; 148 | proxy_set_header "$WSPR" $server_protocol; 149 | proxy_set_header "$WSRA" $remote_addr; 150 | proxy_set_header "$WSRH" $host; 151 | proxy_set_header "$WSRU" $remote_user; 152 | proxy_set_header "$WSSN" $server_name; 153 | proxy_set_header "$WSSP" $server_port; 154 | proxy_set_header "$WSIS" $is_ssl; 155 | 156 | # Note that these vars are only available if 157 | # NGINX was built with SSL 158 | proxy_set_header "$WSCC" $ssl_client_cert; 159 | proxy_set_header "$WSCS" $ssl_cipher; 160 | proxy_set_header "$WSSI" $ssl_session_id; 161 | 162 | # No equivalent NGINX variable for these headers. 163 | proxy_hide_header "$WSAT"; 164 | proxy_hide_header "$WSPT"; 165 | proxy_hide_header "$WSFO"; 166 | } 167 | 168 | # WebSocket configuration 169 | location /wstunnel/ { 170 | proxy_pass https://websphere-ssl; 171 | proxy_http_version 1.1; 172 | proxy_set_header Upgrade $http_upgrade; 173 | proxy_set_header Connection $connection_upgrade; 174 | } 175 | } 176 | -------------------------------------------------------------------------------- /exchange-enhanced.conf: -------------------------------------------------------------------------------- 1 | # NGINX Plus configuration for enhanced load balancing of Microsoft Exchange 2 | # servers 3 | # 4 | # For simplicity, all directives appear in this file. You can also create 5 | # function-specific files in the /etc/nginx/conf.d directory (for example, 6 | # create separate files for the 'http' and 'stream' blocks in this file). Then 7 | # use the 'include' directive in the main nginx.conf file to reference the 8 | # function-specific files. 9 | # 10 | # For more information, see http://nginx.org/r/include, and the 11 | # "Load Balancing Microsoft Exchange Servers with NGINX Plus" deployment guide 12 | # at www.nginx.com. 13 | 14 | user nginx; 15 | worker_processes auto; 16 | error_log /var/log/nginx/error.log debug; 17 | pid /var/run/nginx.pid; 18 | 19 | events { 20 | worker_connections 1024; 21 | } 22 | 23 | http { 24 | log_format main '$remote_addr - $remote_user [$time_local] ' 25 | '"$request" $status $body_bytes_sent ' 26 | '"$http_user_agent" "$upstream_addr"'; 27 | access_log /var/log/nginx/access.log main; 28 | keepalive_timeout 3h; 29 | proxy_read_timeout 3h; 30 | tcp_nodelay on; 31 | 32 | # This 'include' directive is appropriate if you are placing all 33 | # Exchange-related directives in the main nginx.conf file. Adjust as 34 | # necessary if already using included feature-specific configuration 35 | # files. 36 | include conf.d/status.conf; 37 | 38 | upstream exchange { 39 | zone exchange-general 64k; 40 | ntlm; 41 | server 10.0.0.237:443; # Replace with IP address of a CAS 42 | server 10.0.0.238:443; # Replace with IP address of a CAS 43 | } 44 | 45 | upstream exchange-activesync { 46 | zone exchange-activesync 64k; 47 | ntlm; 48 | server 10.0.0.237:443; # Replace with IP address of a CAS 49 | server 10.0.0.238:443; # Replace with IP address of a CAS 50 | } 51 | 52 | upstream exchange-ecp { 53 | zone exchange-ecp 64k; 54 | ntlm; 55 | server 10.0.0.237:443; # Replace with IP address of a CAS 56 | server 10.0.0.238:443; # Replace with IP address of a CAS 57 | } 58 | 59 | upstream exchange-mapi { 60 | zone exchange-mapi 64k; 61 | ntlm; 62 | server 10.0.0.237:443; # Replace with IP address of a CAS 63 | server 10.0.0.238:443; # Replace with IP address of a CAS 64 | } 65 | 66 | upstream exchange-owa { 67 | zone exchange-owa 64k; 68 | ntlm; 69 | server 10.0.0.237:443; # Replace with IP address of a CAS 70 | server 10.0.0.238:443; # Replace with IP address of a CAS 71 | } 72 | 73 | upstream exchange-rpc { 74 | zone exchange-rpc 64k; 75 | ntlm; 76 | server 10.0.0.237:443; # Replace with IP address of a CAS 77 | server 10.0.0.238:443; # Replace with IP address of a CAS 78 | sticky learn create=$remote_addr lookup=$remote_addr 79 | zone=client_sessions:10m timeout=3h; 80 | } 81 | 82 | match exchange-auth { 83 | status 401; 84 | header WWW-Authenticate ~ Basic; 85 | } 86 | match exchange-health { 87 | status 200; 88 | body ~ "200 OK"; 89 | } 90 | 91 | server { 92 | listen 80; 93 | location / { 94 | return 301 https://$host$request_uri; 95 | } 96 | } 97 | 98 | server { 99 | listen 443 ssl http2; 100 | client_max_body_size 2G; 101 | ssl_certificate /etc/nginx/ssl/company.com.crt; 102 | ssl_certificate_key /etc/nginx/ssl/company.com.key; 103 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 104 | status_zone exchange-combined; 105 | 106 | location = / { 107 | return 301 "/owa/"; 108 | } 109 | 110 | location = /favicon.ico { 111 | empty_gif; 112 | access_log off; 113 | } 114 | 115 | location / { 116 | proxy_pass https://exchange; 117 | proxy_http_version 1.1; 118 | proxy_set_header Connection ""; 119 | proxy_set_header Host $host; 120 | } 121 | 122 | location /ecp { 123 | # Grant access to admin users only, by uncommenting the 'allow' 124 | # and 'deny' directives and substituting the IP address and 125 | # prefix of your admin network. Or configure more sophisticated 126 | # access control. 127 | #allow 172.16.0.0/16; # Replace with your admin network 128 | #deny all; 129 | proxy_pass https://exchange-ecp; 130 | proxy_http_version 1.1; 131 | proxy_set_header Connection ""; 132 | proxy_set_header Host $host; 133 | health_check uri=/ecp/healthcheck.htm interval=3s 134 | match=exchange-health; 135 | } 136 | 137 | location /mapi { 138 | proxy_pass https://exchange-mapi; 139 | proxy_http_version 1.1; 140 | proxy_set_header Connection ""; 141 | proxy_set_header Host $host; 142 | health_check uri=/mapi/healthcheck.htm interval=3s 143 | match=exchange-health; 144 | } 145 | 146 | location /Microsoft-Server-ActiveSync { 147 | proxy_pass https://exchange-activesync; 148 | proxy_http_version 1.1; 149 | proxy_set_header Connection ""; 150 | proxy_set_header Host $host; 151 | } 152 | 153 | location /owa { 154 | proxy_pass https://exchange-owa; 155 | proxy_http_version 1.1; 156 | proxy_set_header Connection ""; 157 | proxy_set_header Host $host; 158 | health_check uri=/owa/healthcheck.htm interval=3s 159 | match=exchange-health; 160 | } 161 | 162 | location /rpc/rpcproxy.dll { 163 | proxy_pass https://exchange-rpc; 164 | proxy_buffering off; 165 | proxy_http_version 1.1; 166 | proxy_request_buffering off; 167 | proxy_set_header Connection "Keep-Alive"; 168 | proxy_set_header Host $host; 169 | health_check uri=/rpc/rpcproxy.dll interval=3s 170 | match=exchange-auth; 171 | } 172 | } 173 | } 174 | 175 | stream { 176 | upstream exchange-imaps { 177 | zone exchange-imaps 64k; 178 | server 10.0.0.237:993; # Replace with IP address of a CAS 179 | server 10.0.0.238:993; # Replace with IP address of a CAS 180 | } 181 | 182 | upstream exchange-smtp { 183 | zone exchange-smtp 64k; 184 | server 10.0.0.237:25; # Replace with IP address of a CAS 185 | server 10.0.0.238:25; # Replace with IP address of a CAS 186 | } 187 | 188 | server { 189 | listen 993; 190 | status_zone exchange-imaps; 191 | proxy_pass exchange-imaps; 192 | } 193 | 194 | server { 195 | listen 25; # SMTP port can be changed here (to 587, for example) 196 | status_zone exchange-smtp; 197 | proxy_pass exchange-smtp; 198 | } 199 | } 200 | 201 | --------------------------------------------------------------------------------