Configuration

Main nginx.conf

The main configuration file conf/nginx.conf sets the user, worker processes, logging, and includes all virtual server configs from /etc/nginx/conf.d/*.conf. No Cloud Connect IPs are in this file.

File: conf/nginx.conf

user  nginx;
worker_processes  auto;

error_log  /dev/stderr notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /dev/stdout  main;

    sendfile on;
    keepalive_timeout 65;

    include /etc/nginx/conf.d/*.conf;
}

conf.d/upstream.conf

The file conf/conf.d/upstream.conf defines the Cache Service upstream and the server that proxies /cache-service/ to it. You must replace <PRIMARY_CC_IP> and <BACKUP_CC_IP> with your Cloud Connect node IPs before deployment.

Important

This repository does not contain hard-coded IP addresses. Before deployment, edit conf/conf.d/upstream.conf and replace <PRIMARY_CC_IP> and <BACKUP_CC_IP> with real IPs. Both nodes are active; health checks apply to both.

File: conf/conf.d/upstream.conf

upstream cache_service_upstream {
    server <PRIMARY_CC_IP>:8445 max_fails=5 fail_timeout=30s;
    server <BACKUP_CC_IP>:8445 max_fails=5 fail_timeout=30s;
    keepalive 200;
}

server {
    listen 80;
    server_name _;

    location /cache-service/ {
        proxy_http_version 1.1;
        proxy_set_header Connection "";

        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_set_header Authorization        $http_authorization;
        proxy_set_header Proxy-Authorization  $http_proxy_authorization;

        proxy_connect_timeout   10s;
        proxy_send_timeout      30s;
        proxy_read_timeout      30s;

        proxy_next_upstream     error timeout http_502 http_503 http_504;
        proxy_next_upstream_tries 2;

        proxy_ssl_server_name on;

        proxy_pass https://cache_service_upstream;
    }
}

Configuration Summary

Upstream: cache_service_upstream has two peers (PRIMARY and BACKUP) on port 8445 with passive health checks (max_fails=5, fail_timeout=30s) and keepalive 200 for connection reuse.

Server and location: Listens on port 80; location /cache-service/ uses HTTP/1.1 and clears Connection for keepalive to the upstream. It forwards Host, X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, Authorization, and Proxy-Authorization. Timeouts are connect 10s, send/read 30s. proxy_next_upstream retries on error, timeout, and 502/503/504 with up to 2 tries. proxy_ssl_server_name on sends the TLS SNI; proxy_pass https://cache_service_upstream sends traffic to the Cache Service backends.