upstream hs-client-server { least_conn; server client-service:9129 max_fails=3 fail_timeout=10s; } upstream hs-client-without-auth-server { least_conn; server client-service:9024 max_fails=3 fail_timeout=10s; } upstream hs-client-message-server { least_conn; server client-service:9025 max_fails=3 fail_timeout=10s; } server { listen 443 ssl proxy_protocol; server_name hs-client-api-server hs.client.api.server; ssl_certificate /etc/nginx/ssl/client.server.crt; ssl_certificate_key /etc/nginx/ssl/client.server.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; client_max_body_size 50M; location /api/v1/pkg/archive { proxy_pass http://client-win-service.hsv2/api/v2_2/_client/win/check.json; } location /api/v1/pkg/config/setup { proxy_pass http://app-helper-service.hsv2/api/v2_2/_client/win/config/setup.json; } location /api/v2_2/_client/win { proxy_pass http://app-helper-service.hsv2; } location /api/ { proxy_pass http://hs-client-server; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 300s; } location /api/v1/ { proxy_pass http://hs-client-without-auth-server; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 300s; } location /api/v1/dl/ { proxy_pass http://hs-client-without-auth-server; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 300s; } location /api/v2/admin/ { proxy_pass http://hs-client-message-server; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 300s; } # location /app-store { # auth_request /app-store-auth; # rewrite ^/app-store(.*)$ $1 break; # proxy_pass http://hs-resource-server:19980; # proxy_http_version 1.1; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $proxy_protocol_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_read_timeout 300s; # } location /app-store-auth { internal; proxy_pass http://hs-client-server/auth$request_uri; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Content-Length ""; proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Original-Method $request_method; proxy_set_header X-Original-IP $remote_addr; proxy_set_header Query-Data $http_query_data; } # location /wm/api { # proxy_pass http://hs-watermark-server; # proxy_http_version 1.1; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $proxy_protocol_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_read_timeout 300s; # } location /static/config/ { alias /static/config/; } location /static/resource/ { alias /static/resource/; } location /user/avatar/ { alias /static/avatar/; add_header Cache-Control public; } } server { listen 443 ssl proxy_protocol; server_name hs-client-update-server hs.client.update.server; ssl_certificate /etc/nginx/ssl/client.server.crt; ssl_certificate_key /etc/nginx/ssl/client.server.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; client_max_body_size 50M; location /api/v1/pkg/config/setup { proxy_pass http://app-helper-service.hsv2/api/v2_2/_client/win/config/setup.json; } location /api/v1/pkg/archive/version { proxy_pass http://app-helper-service.hsv2/api/v2_2/_client/win/old/version.json; } location /api/v1/pkg/archive { proxy_pass http://client-win-service.hsv2/api/v2_2/_client/win/check.json; } location /static/config/rc.json { proxy_pass http://client-win-service.hsv2/api/v2_2/_client/win/rc.json; } location /api/v2_2/_client/win { proxy_pass http://app-helper-service.hsv2; } # location = /api/v1/version { # proxy_pass http://hs-client-without-auth-server; # proxy_http_version 1.1; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $proxy_protocol_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_read_timeout 300s; # } location /api/v1/pkg { proxy_pass http://hs-client-without-auth-server; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 300s; } location /api/v1/dl/ { proxy_pass http://hs-client-without-auth-server; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 300s; } location /user/avatar/ { alias /static/avatar/; expires 7d; add_header Cache-Control public; } location /static/config/ { alias /static/config/; } location /static/resource/ { alias /static/resource/; } } server { listen 9118 ssl proxy_protocol; ssl_certificate /etc/nginx/ssl/client.server.crt; ssl_certificate_key /etc/nginx/ssl/client.server.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; client_max_body_size 50M; location = /api/v1/version { proxy_pass http://hs-client-without-auth-server; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 300s; } location /api/v1/pkg { proxy_pass http://hs-client-without-auth-server; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 300s; } location /api/v1/dl/ { proxy_pass http://hs-client-without-auth-server; proxy_set_header Host $host; proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 300s; } }