User page Discussion History


My configuration for two glassfish-servers for public content and one gf for administration of the application.

user       nginx;
pid        /home/cust/lock/ngi/nginx.pid;
error_log  /home/cust/log/ngi/error.log;
worker_processes 1;
worker_rlimit_nofile 30000;
events {
    worker_connections 4096;
http {
    include /home/cust/etc/ngi/mime.types;
    default_type application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /home/cust/log/ngi/access.log  main;
    ssl_certificate      /home/cust/etc/ngi/ssl/server.crt;
    ssl_certificate_key  /home/cust/etc/ngi/ssl/server.key;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    sendfile on;
    keepalive_timeout 65;
    # public glassfishservers
    upstream custapp {
      sticky name=r path=/;
      server custapp1:8080;
      server custapp2:8080;
    # main/public server
    server {
        listen 443 ssl;
        server_name www.example.com;
        # the application sends 502/503 while deployment or not fully initialized
        error_page 502 503 /maintenance/index.html;
        location /maintenance/ {
           root    /home/cust/var/ngi/htdocs;
           charset UTF-8;
           gzip    on;
        # main application
        location / {
            # set some Headers, so the application knows about the outside world
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_set_header Proxy-keysize 2048;
            proxy_set_header Proxy-ip $remote_addr;
            # while deploy or being down, try next upstream server
            proxy_next_upstream error timeout http_500 http_503;
            # quick failover
            proxy_connect_timeout 5;
            proxy_pass  http://custapp;
        # handled by a different instance
        location /upload {
            return 301 http://www.example.org$request_uri;
        location /service/01 {
            return 301 http://www.example.org$request_uri;
        # define explicitly since this wont be served by GF
        location = /robots.txt {
            alias /home/cust/var/ngi/htdocs/robots.txt;
        location = /favicon.ico {
            log_not_found off;
            access_log off;
    # redirect any traffic addressed to other DNS entries pointing to here
    server {
        # not using "ssl", wouldnt work and trigger cert-warnings!
        listen 443;
        server_name example.com;
        server_name beta.example.com;
        return 301 https://www.example.com$request_uri;
    # https only! by purpose not with $request_uri!
    server {
        listen 80;
        return 301 https://www.example.com
    # administration, internal only
    server {
        location /appadmin {
            deny all;
            # rewrite the answer headers from .6 to .30, otherwise browser confused
            # as above
            proxy_set_header Host;
            proxy_set_header Proxy-ip $remote_addr;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            # no redundancy, pass directly to admin-GF
            proxy_pass  http://custadm1:8080/appadmin;


        location ~ \.php$ {
            root           /var/www/docroots/example.com/;
            fastcgi_index  index.php;
            include        fastcgi.conf;

fastcgi.conf as from source-distribution:

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

php-fpm running as default from PHP5.3.8