awx/tools/docker-compose/ansible/roles/sources/templates/nginx.conf.j2

worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    server_tokens off;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    sendfile        on;

    upstream uwsgi {
        server localhost:8050;
    }

    upstream runserver {
        server localhost:8052;
    }

    upstream daphne {
        server localhost:8051;
    }

    server {
        listen 8013 default_server;

        # If you have a domain name, this is where to add it
        server_name _;
        keepalive_timeout 65;

        # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
        add_header Strict-Transport-Security max-age=15768000;
        add_header X-Content-Type-Options nosniff;

        # Pretty error pages
        {% for error_page in custom_error_pages %}
        error_page {{ error_page.error_code }} {{ error_page.web_path }};
        {% endfor %}

        include /etc/nginx/conf.d/*.conf;
    }

    server {
        listen 8043 default_server ssl;

        # If you have a domain name, this is where to add it
        server_name _;
        keepalive_timeout 65;

        ssl_certificate /etc/nginx/nginx.crt;
        ssl_certificate_key /etc/nginx/nginx.key;

        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;

        # intermediate configuration. tweak to your needs.
        ssl_protocols TLSv1.2;
        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
        ssl_prefer_server_ciphers on;

        # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
        add_header Strict-Transport-Security max-age=15768000;
        add_header X-Content-Type-Options nosniff;

        # Pretty error pages
        {% for error_page in custom_error_pages %}
        error_page {{ error_page.error_code }} {{ error_page.web_path }};
        {% endfor %}

        include /etc/nginx/conf.d/*.conf;
    }
}