worker_processes 1; pid /var/run/nginx.pid; error_log /dev/stdout info; daemon off; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; proxy_read_timeout 1200; gzip on; gzip_disable "msie6"; map $http_upgrade $connection_upgrade { default upgrade; '' close; } # https://stackoverflow.com/questions/21230918/nginx-scheme-variable-behind-load-balancer/21911864#21911864 map $http_x_forwarded_proto $real_scheme { default $http_x_forwarded_proto; '' $scheme; } # Ingress server { listen 8099 default_server; allow 172.30.32.2; deny all; server_name _; access_log /dev/stdout combined; client_max_body_size 4G; keepalive_timeout 5; root /dev/null; location / { proxy_pass http://127.0.0.1:80; proxy_redirect ~^/(.+)$ $real_scheme://$http_host%%INGRESS_ENTRY%%/$1; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; sub_filter_once off; sub_filter_types *; # Hack for reset paths back sub_filter '/etc/config/' '/etc/config/'; # Make URLs relative sub_filter '/webui/' '%%INGRESS_ENTRY%%/webui/'; sub_filter '/ise/' '%%INGRESS_ENTRY%%/ise/'; sub_filter '/pda/' '%%INGRESS_ENTRY%%/pda/'; sub_filter '/config/' '%%INGRESS_ENTRY%%/config/'; sub_filter '/api/' '%%INGRESS_ENTRY%%/api/'; sub_filter '/pages/' '%%INGRESS_ENTRY%%/pages/'; sub_filter '/jpages/' '%%INGRESS_ENTRY%%/jpages/'; sub_filter '/esp/' '%%INGRESS_ENTRY%%/esp/'; # Protect iframe breakouts sub_filter 'top.window.location.href' 'location.href'; } } }