user root;
worker_processes auto;

events {
    worker_connections  1024;
}

stream {
    error_log /var/log/nginx/error.log error;

    map $ssl_preread_server_name $backend {
        mqtt.yizhisec.com 127.0.0.1:27443;
        mqtt-yizhisec-com 127.0.0.1:27443;
        default web;
    }

    upstream web {
        server 127.0.0.1:443;
    }

    server {
        listen 27443 ssl proxy_protocol;

        # ssl_session_timeout 10m;
        ssl_certificate     /etc/nginx/ssl/mqtt.server.crt;
        ssl_certificate_key /etc/nginx/ssl/mqtt.server.key;
        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

        proxy_pass emqx-service.db-emqx:1883;
    }

    server {
        listen 23443;
        proxy_pass  $backend;
        ssl_preread on;
        proxy_protocol on;
    }
}

http {
    log_format custom '$time_iso8601 - $remote_addr - $http_host - $status - $request_time - $request_method - $request_uri';
    access_log /var/log/nginx/access.log custom;

    include       /etc/nginx/sites-enabled/*.conf;
    include       mime.types;
    default_type  application/octet-stream;

	sendfile on;
	sendfile_max_chunk 512k;
	tcp_nopush on;
	tcp_nodelay on;

    gzip on;
	gzip_vary on;
	gzip_http_version 1.0;
	gzip_min_length 1000;
	gzip_comp_level 6;
	gzip_disable msie6;
	gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml;

    keepalive_timeout  65;
}