User:Double-p

My configuration for two glassfish-servers for public content and one gf for administration of the application.

user      nginx; pid       /home/cust/lock/ngi/nginx.pid; error_log /home/cust/log/ngi/error.log;

worker_processes 1; worker_rlimit_nofile 30000; events { worker_connections 4096; }

http { include /home/cust/etc/ngi/mime.types; default_type application/octet-stream;

log_format main  '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';

access_log /home/cust/log/ngi/access.log main;

ssl_certificate     /home/cust/etc/ngi/ssl/server.crt; ssl_certificate_key /home/cust/etc/ngi/ssl/server.key; ssl_session_cache builtin:1000 shared:SSL:10m;

sendfile on; keepalive_timeout 65;

# public glassfishservers upstream custapp { sticky name=r path=/; server custapp1:8080; server custapp2:8080; }

# main/public server server { listen 443 ssl; server_name www.example.com;

# the application sends 502/503 while deployment or not fully initialized error_page 502 503 /maintenance/index.html;

location /maintenance/ { root   /home/cust/var/ngi/htdocs; charset UTF-8; gzip   on; }

# main application location / { # set some Headers, so the application knows about the outside world proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header Proxy-keysize 2048; proxy_set_header Proxy-ip $remote_addr; # while deploy or being down, try next upstream server proxy_next_upstream error timeout http_500 http_503; # quick failover proxy_connect_timeout 5;

proxy_pass http://custapp; }

# handled by a different instance location /upload { return 301 http://www.example.org$request_uri; }       location /service/01 { return 301 http://www.example.org$request_uri; }

# define explicitly since this wont be served by GF       location = /robots.txt { alias /home/cust/var/ngi/htdocs/robots.txt; }       location = /favicon.ico { log_not_found off; access_log off; }   }

# redirect any traffic addressed to other DNS entries pointing to here server { # not using "ssl", wouldnt work and trigger cert-warnings! listen 443; server_name 192.0.43.10; server_name example.com; server_name beta.example.com; return 301 https://www.example.com$request_uri; }

# https only! by purpose not with $request_uri! server { listen 80; return 301 https://www.example.com }

# administration, internal only server { listen 192.168.10.30:80; location /appadmin { allow 192.168.10.1; deny all; # rewrite the answer headers from .6 to .30, otherwise browser confused proxy_redirect http://192.168.10.6/ http://192.168.10.30/; # as above proxy_set_header Host 192.168.10.6; proxy_set_header Proxy-ip $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # no redundancy, pass directly to admin-GF proxy_pass http://custadm1:8080/appadmin; }   } }

Some PHP-FPM: location ~ \.php$ { root          /var/www/docroots/example.com/;

fastcgi_pass  127.0.0.1:9000; fastcgi_index index.php; include       fastcgi.conf; } fastcgi.conf as from source-distribution: fastcgi_param SCRIPT_FILENAME    $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING       $query_string; fastcgi_param REQUEST_METHOD     $request_method; fastcgi_param CONTENT_TYPE       $content_type; fastcgi_param CONTENT_LENGTH     $content_length;

fastcgi_param SCRIPT_NAME        $fastcgi_script_name; fastcgi_param REQUEST_URI        $request_uri; fastcgi_param DOCUMENT_URI       $document_uri; fastcgi_param DOCUMENT_ROOT      $document_root; fastcgi_param SERVER_PROTOCOL    $server_protocol;

fastcgi_param GATEWAY_INTERFACE  CGI/1.1; fastcgi_param SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param REMOTE_ADDR        $remote_addr; fastcgi_param REMOTE_PORT        $remote_port; fastcgi_param SERVER_ADDR        $server_addr; fastcgi_param SERVER_PORT        $server_port; fastcgi_param SERVER_NAME        $server_name;

fastcgi_param REDIRECT_STATUS    200;
 * 1) PHP only, required if PHP was built with --enable-force-cgi-redirect

php-fpm running as default from PHP5.3.8