# TODO: For websocket traffic, use a "consistent hash" on "expectedRoomId" and "boundRoomId"! server { listen 80; server_name tsrht.lokcol.com; access_log /var/log/nginx/tsrht-access.log; error_log /var/log/nginx/tsrht-err.log; location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; # Note that we should have an empty folder "/var/www/letsencrypt/.well-known/acme-challenge/" which is writable by OS user "www-data" or whatever configured in "/etc/nginx/nginx.conf". # For example under Ubuntu14.04 with nginx1.14.0, you can do "mkdir -p /var/www/letsencrypt/.well-known/acme-challenge/" => "chown -R www-data:www-data /var/www/letsencrypt" => "chmod -R g+s /var/www/letsencrypt". root /var/www/letsencrypt; } } upstream tsrht_cluster { hash $uri consistent; server 127.0.0.1:9992; } server { listen 443; server_name tsrht.lokcol.com; root "/var/www/html/tsrht"; index index.html; access_log /var/log/nginx/tsrht-access.log; error_log /var/log/nginx/tsrht-err.log; ssl on; ssl_certificate /etc/nginx/certs/tsrht.lokcol.com.fullchain.cer; ssl_certificate_key /etc/nginx/certs/tsrht.lokcol.com.key; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_comp_level 5; gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-http hp application/json application/javascript; gzip_vary on; location ~^/api/(.*)$ { # Reference http://www.tornadoweb.org/en/stable/guide/running.html proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_pass http://tsrht_cluster/api/$1$is_args$args; } location ~^/tsrht$ { # Reference http://www.tornadoweb.org/en/stable/guide/running.html proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; # Reverse-proxy for ws connection. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://tsrht_cluster/tsrht$is_args$args; } location ~^/tsrhtSecondary$ { # Reference http://www.tornadoweb.org/en/stable/guide/running.html proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; # Reverse-proxy for ws connection. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://tsrht_cluster/tsrhtSecondary$is_args$args; } }