upstream dashboard { # insert the http port of your dashboard container here server 127.0.0.1:8011; # Improve performance by keeping some connections alive. keepalive 10;}upstream signal { # insert the grpc port of your signal container here server 127.0.0.1:10000;}upstream management { # insert the grpc+http port of your signal container here server 127.0.0.1:8012;}server { # HTTP server config listen 80; server_name _; # 301 redirect to HTTPS location / { return 301 https://$host$request_uri; }}server { # HTTPS server config listen 443 ssl http2; server_name _; # This is necessary so that grpc connections do not get closed early # see https://stackoverflow.com/a/67805465 client_header_timeout 1d; client_body_timeout 1d; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Host $host; grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Proxy dashboard location / { proxy_pass http://dashboard; } # Proxy Signal location /signalexchange.SignalExchange/ { grpc_pass grpc://signal; #grpc_ssl_verify off; grpc_read_timeout 1d; grpc_send_timeout 1d; grpc_socket_keepalive on; } # Proxy Management http endpoint location /api { proxy_pass http://management; } # Proxy Management grpc endpoint location /management.ManagementService/ { grpc_pass grpc://management; #grpc_ssl_verify off; grpc_read_timeout 1d; grpc_send_timeout 1d; grpc_socket_keepalive on; } ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; ssl_certificate_key /etc/ssl/certs/ssl-cert-snakeoil.pem;}
