upstream school { server 127.0.0.1:6666 weight=1 fail_timeout=0; } upstream school-im { server 127.0.0.1:8672 weight=1 fail_timeout=0; } ## http redirects to https ## server { listen 80; server_name school.actaerp.com; # Strict Transport Security add_header Strict-Transport-Security max-age=2592000; rewrite ^/.*$ https://$host$request_uri? permanent; } #Ajouter par e-acta : optimisation #ssl_session_cache shared:SSL:10m; #ssl_session_timeout 10m; server { #server port and name listen 443 ; server_name school.actaerp.com; access_log /var/log/nginx/school.access.log; error_log /var/log/nginx/school.error.log debug; # Specifies the maximum accepted body size of a client request, # as indicated by the request header Content-Length. client_max_body_size 200m; # add ssl specific settings keepalive_timeout 60; ssl on; ssl_certificate /etc/ssl/nginx/server.crt; ssl_certificate_key /etc/ssl/nginx/server.key; ssl_client_certificate /etc/nginx/certs/ca_school.pem; ssl_verify_client on; # limit ciphers #ssl_ciphers HIGH:!ADH:!MD5; #ssl_protocols SSLv3 TLSv1; #ssl_prefer_server_ciphers on; # increase proxy buffer to handle some OpenERP web requests proxy_buffers 16 64k; proxy_buffer_size 128k; #general proxy settings # force timeouts if the backend dies proxy_connect_timeout 600s; proxy_send_timeout 600s; proxy_read_timeout 600s; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # set headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; # Let the OpenERP web service know that we’re using HTTPS, otherwise # it will generate URL using http:// and not https:// proxy_set_header X-Forwarded-Proto https; # by default, do not forward anything proxy_redirect off; proxy_buffering off; location / { proxy_pass http://school; } location /longpolling { proxy_pass http://school-im; } # cache some static data in memory for 60mins. # under heavy load this should relieve stress on the OpenERP web interface a bit. location /web/static/ { proxy_cache_valid 200 60m; proxy_buffering on; expires 864000; proxy_pass http://school; } }