worker_processes {{ parameter_dict['nb_workers'] }}; pid {{ parameter_dict['pid'] }}; error_log {{ parameter_dict['error-log'] }}; daemon off; events { worker_connections 1024; accept_mutex off; } http { default_type application/octet-stream; access_log {{ parameter_dict['access-log'] }} combined; client_max_body_size 10M; map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen [{{ parameter_dict['ipv6'] }}]:{{ parameter_dict['port'] }} ssl; server_name _; ssl_certificate {{ parameter_dict['ssl-certificate'] }}; ssl_certificate_key {{ parameter_dict['ssl-key'] }}; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5 ssl_prefer_server_ciphers on; keepalive_timeout 90s; client_body_temp_path {{ param_tempdir['client_body_temp_path'] }}; proxy_temp_path {{ param_tempdir['proxy_temp_path'] }}; fastcgi_temp_path {{ param_tempdir['fastcgi_temp_path'] }}; uwsgi_temp_path {{ param_tempdir['uwsgi_temp_path'] }}; scgi_temp_path {{ param_tempdir['scgi_temp_path'] }}; error_page 401 /login; location / { proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_pass {{ parameter_dict['backend-url'] }}; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } }