#user nobody;
user root;
worker_processes  1;
pid /var/run/nginx.pid;
worker_rlimit_nofile 102400;
events {
	use epoll;
	worker_connections 102400;
}
http {
	include mime.types;
	default_type application/octet-stream;
	fastcgi_intercept_errors on;
	charset utf-8;
	server_names_hash_bucket_size 128;
	client_header_buffer_size 512k;
	large_client_header_buffers 4 512k;
	client_max_body_size 300m;
	sendfile on;
	tcp_nopush  on;
	keepalive_timeout 60;
	tcp_nodelay on;
	client_body_buffer_size 512k;

	proxy_connect_timeout 300;
	proxy_read_timeout  300;
	proxy_send_timeout  300;
	proxy_buffer_size  16k;
	proxy_buffers   4 64k;
	proxy_busy_buffers_size 128k;
	proxy_temp_file_write_size 128k;

	gzip on;
	gzip_min_length 1k;
	gzip_buffers  4 16k;
	gzip_http_version 1.1;
	gzip_comp_level 2;
	gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
	gzip_vary on;

	log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $request_time $remote_addr';

	upstream ice_web{
		ip_hash;
		server 127.0.0.1:3080;
	}
	upstream zabbix{
		ip_hash;
		server 192.168.0.48:8081;
	}

	server {
		listen 82;
		location = /basic_status {
			stub_status;
			allow all;
		}
	}

	server {
		listen 80;
		server_name moed.mercer.com.cn;
		rewrite ^(.*)$ https://${server_name}$1 permanent;
	}

	server {
			listen 443 ssl;
			server_name moed.mercer.com.cn;

			ssl_certificate /etc/nginx/pem/4112967_moed.mercer.com.cn.pem;
			ssl_certificate_key /etc/nginx/pem/4112967_moed.mercer.com.cn.key;
                        
			location /zabbix {
				proxy_pass http://zabbix/;
				proxy_set_header Host $host;
				proxy_set_header X-Real-IP  $remote_addr;
				proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
				proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
				add_header Access-Control-Allow-Origin *;
				proxy_set_header X-Forwarded-Proto https;
				proxy_redirect ~^http://([^:]+)(:\d+)?(.*)$ https://$1$2$3;
				expires -1;
			}
	
			location / {
				proxy_pass http://ice_web;
				proxy_set_header Host $host;
				proxy_set_header X-Real-IP  $remote_addr;
				proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
				proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
				add_header Access-Control-Allow-Origin *;
				proxy_set_header X-Forwarded-Proto https;
				proxy_redirect ~^http://([^:]+)(:\d+)?(.*)$ https://$1$2$3;
				expires -1;
			}
	}
}