Skip to main content

Config

Config Nginx

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
error_log  /var/log/nginx/error.local.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '"$request_method $scheme://$host$request_uri $server_protocol" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    
    log_format logger-json escape=json '{"source": "nginx-internal-110.112", "time": "$time_local", "resp_body_size": $body_bytes_sent, "host": "$http_host", "remote_addr": "$remote_addr", "request_length": "$request_length", "method": "$request_method", "uri": "$request_uri", "status": $status,  "user_agent": "$http_user_agent", "resp_time": $request_time, "upstream_addr": "$upstream_addr"}';

    log_format logger-json-data escape=json '{"source": "nginx-internal-110.112", "time": "$time_local", "resp_body_size": $body_bytes_sent, "host": "$http_host", "remote_addr": "$remote_addr", "request_length": "$request_length", "request_body": "$obfuscated_request_body","method": "$request_method", "uri": "$request_uri", "status": "$status",  "user_agent": "$http_user_agent", "resp_time": $request_time, "upstream_addr": "$upstream_addr"}';

    map $request_body $obfuscated_request_body {
        "~(.*[{,]\\x22password\\x22:\\x22).*?(\\x22[,}].*)" $1********$2;
        # "~(.*[{,]\\x22j_password\\x22:\\x22).*?(\\x22[,}].*)" $1********$2;
        default $request_body;
    }
    
    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip  on;

    include /etc/nginx/sites-enabled/*.conf;
}

Config for Virtual Host

server {
   listen 80;
   server_name testing.com;
   return 301 https://$host$request_uri;
}

server {
   listen 443 ssl;
   server_name testing.com;
   # add_header Access-Control-Allow-Origin "*.testing.com";
   client_max_body_size 5M;
   
   ssl_certificate /etc/nginx/ssl/testing.cert;
   ssl_certificate_key /etc/nginx/ssl/testing.key;
   
   ssl_session_cache shared:SSL:1m;
   ssl_session_timeout 10m;
   ssl_ciphers HIGH:!aNULL:!MD5;
   ssl_prefer_server_ciphers on;
   ssl_protocols TLSv1.2 TLSv1.3;
   
   access_log /var/log/nginx/testing-access.log logger-json;
   error_log /var/log/nginx/testing-error.log;
   
   location / {
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_set_header X-NginX-Proxy true;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_connect_timeout 180;
       proxy_send_timeout 180;
       proxy_read_timeout 180;
       send_timeout 180;
       proxy_pass http://192.168.10.9:8080;
   }
}

 

Back to top