include server.inc.conf;
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent"';
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
reset_timedout_connection on;
keepalive_timeout 120;
ssl_session_cache shared:SSL:20m;
large_client_header_buffers 8 8k;
server_names_hash_bucket_size 128;
gzip on;
gzip_proxied any;
gzip_types text/plain application/atom+xml text/xml application/xml application/javascript application/x-javascript text/javascript text/css text/json application/json;
gzip_min_length 1024;
gzip_comp_level 9;
include vhost-default.inc.conf;
include vhosts.d/*.conf;
}
server {
listen 443 ssl;
server_name xxx.ru;
ssl_certificate /etc/nginx/ssl/xxx.crt.cer;
ssl_certificate_key engine:gost_capi:xxx.ru;
ssl_protocols TLSv1;
ssl on;
ssl_dhparam /etc/nginx/ssl/dhkey.pem;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/xxx.ru-acc;
error_log /var/log/nginx/xxx.ru-err;
location / {
proxy_pass
http://10.101.181.7:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300;
proxy_buffer_size 16k;
proxy_buffers 32 16k;
}
}
server {
listen 443 ssl;
server_name test.xxx.ru;
ssl_certificate /etc/nginx/ssl/test.xxx.crt.cer;
ssl_certificate_key engine:gost_capi:test.xxx.ru;
ssl_protocols TLSv1;
ssl on;
ssl_dhparam /etc/nginx/ssl/dhkey.pem;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/xxx.ru-acc;
error_log /var/log/nginx/xxx.ru-err;
location / {
proxy_pass
http://10.101.181.7:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300;
proxy_buffer_size 16k;
proxy_buffers 32 16k;
}
}
