| server { |
| listen 80; |
| return 301 https://$host:443$request_uri; |
| } |
| |
| server { |
| listen 443 ssl; |
| server_name gerrit-ci.gerritforge.com; |
| |
| ssl_certificate /etc/ssl/certs/cert.crt; |
| ssl_certificate_key /etc/ssl/certs/cert.key; |
| |
| ssl_session_cache builtin:1000 shared:SSL:10m; |
| ssl_protocols TLSv1.2 TLSv1.3; |
| ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; |
| ssl_prefer_server_ciphers on; |
| |
| ssl_session_timeout 5m; |
| |
| location / { |
| sendfile off; |
| proxy_http_version 1.1; |
| |
| proxy_pass http://jenkins:38080; |
| proxy_redirect http://jenkins:38080 https://gerrit-ci.gerritforge.com; |
| |
| proxy_set_header Authorization ""; |
| proxy_set_header X-Forwarded-User "anonymous"; |
| |
| proxy_set_header Host $host; |
| proxy_set_header X-Real-IP $remote_addr; |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| proxy_set_header X-Forwarded-Host $host:$server_port; |
| proxy_set_header X-Forwarded-Server $host; |
| proxy_set_header X-Forwarded-Proto $scheme; |
| |
| proxy_max_temp_file_size 0; |
| |
| proxy_connect_timeout 90; |
| proxy_send_timeout 90; |
| proxy_read_timeout 90; |
| |
| proxy_buffer_size 4k; |
| proxy_buffers 4 32k; |
| proxy_busy_buffers_size 64k; |
| proxy_temp_file_write_size 64k; |
| |
| # Set maximum upload size |
| client_max_body_size 10m; |
| client_body_buffer_size 128k; |
| |
| # Required for new HTTP-based CLI |
| proxy_request_buffering off; |
| } |
| } |