nginx/files/proxy.conf

{%- set site = salt['pillar.get']('nginx:server:site:'+site_name) %}

server {

  {%- include "nginx/files/_name.conf" %}
  {%- include "nginx/files/_ssl.conf" %}

  {%- if site.get('ssl', {'enabled': False}).get('enabled', False) %}
  ssl_session_cache shared:SSL:10m;
  {%- endif %}

  {%- if site.get('underscores_in_headers', False) %}
  underscores_in_headers on;
  {%- endif %}

  {%- include "nginx/files/_auth.conf" %}

  location / {
      {%- if site.proxy.upstream_proxy_pass is defined %}
      proxy_pass {{ site.proxy.upstream_proxy_pass }};
      {%- else %}
      proxy_pass {{ site.proxy.protocol }}://{{ site.proxy.host }}:{{ site.proxy.port }};
      {%- endif %}

      {%- include "nginx/files/_access_policy.conf" %}

      {%- if site.proxy.size is defined %}
      client_max_body_size {{ site.proxy.size }};
      {%- if site.proxy.size > 200 %}
      client_body_buffer_size 200m;
      {%- else %}
      client_body_buffer_size 20m;
      {%- endif %}
      {%- else %}
      client_max_body_size 20m;
      client_body_buffer_size 20m;
      {% endif %}

      {%- if site.proxy.timeout is defined %}
      proxy_connect_timeout {{ site.proxy.timeout }};
      proxy_send_timeout {{ site.proxy.timeout }};
      proxy_read_timeout {{ site.proxy.timeout }};
      send_timeout {{ site.proxy.timeout }};
      {%- else %}
      proxy_connect_timeout 600;
      proxy_send_timeout 600;
      proxy_read_timeout 600;
      send_timeout 600;
      {%- endif %}

      {%- if site.proxy.filter is defined %}
      sub_filter '{{ site.proxy.filter.search }}' {% if site.proxy.filter.replace == '$server_addr' %}$server_addr{% else %}'{{ site.proxy.filter.replace }}'{% endif %};
      sub_filter_types *;
      sub_filter_once off;
      {%- endif %}

      {%- if site.get('ssl', {'enabled': False}).get('enabled', False) %}
      proxy_redirect http:// https://;
      {%- else %}
      proxy_redirect off;
      {%- endif %}

      {%- if site.proxy.buffer is defined %}
      {%- set buffer_size = site.proxy.buffer.get('size', 16) * 2 %}
      proxy_buffering on;
      proxy_buffers {{ site.proxy.buffer.get('number', 8) }} {{ site.proxy.buffer.get('size', 16) }}k;
      proxy_buffer_size {{ buffer_size }}k;
      proxy_busy_buffers_size {{ site.proxy.buffer.get('busy', buffer_size) }}k;
      {%- else %}
      proxy_buffering off;
      {%- endif %}

      proxy_http_version 1.1;

      {%- if site.proxy.get('headers', True) %}
      proxy_set_header Host $host{% if site.host.port is defined and site.host.port not in [80,443] %}:{{ site.host.port }}{% endif %};
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-Host $host{% if site.host.port is defined and site.host.port not in [80,443] %}:{{ site.host.port }}{% endif %};
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-Port $server_port;

      {%- if site.get('ssl', {'enabled': False}).get('enabled', False) %}
      add_header Front-End-Https on;
      {%- endif %}

      {%- if site.proxy.websocket is defined %}
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      {%- endif %}
      {%- endif %}

  }

}