load_module /usr/lib/nginx/modules/ndk_http_module.so; load_module /usr/lib/nginx/modules/ngx_http_lua_module.so; worker_processes auto; error_log syslog:server=unix:/dev/log,nohostname debug; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; # SSO lua_shared_dict cache 10m; init_by_lua_file /etc/ssowat/init.lua; # Global configuration client_max_body_size 10000M; gzip on; gzip_comp_level 6; gzip_proxied any; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/xml; index index.php index.html; log_format proxy_log '…'; reset_timedout_connection on; server_tokens off; root /srv/http; # server for regular HTTPS contents server { listen unix:/run/shared_sockets/https.pp proxy_protocol; … } # server for privileged HTTPS contents server { listen unix:/run/shared_sockets/https+.pp proxy_protocol; access_log /var/log/nginx/https_access.log proxy_log; set_real_ip_from unix:; real_ip_header proxy_protocol; access_by_lua_file /etc/ssowat/access.lua; header_filter_by_lua_file /etc/ssowat/headers.lua; … location /xmpp- { proxy_pass http://localhost:5280; proxy_http_version 1.1; proxy_set_header Host $host; proxy_buffering off; tcp_nodelay on; } location /xmpp-websocket { proxy_pass http://localhost:5280; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 30m; proxy_buffering off; tcp_nodelay on; } … } }