Please, can anyone help me? I'm having to do a load balance on a reverse proxy server, which was not configured by me. And when I configure the upstream directive it is giving an error. I have already tried to set it within http {} and within the settings of the site included.
My nginx.conf
load_module /usr/lib64/nginx/modules/ngx_stream_module.so;
user nginx;
worker_processes 16;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
client_max_body_size 20m;
proxy_read_timeout 3600;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Security #
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
keepalive_timeout 750;
server_tokens off;
#more_clear_headers 'Server' 'X-Powered-By' 'X-Content-Powered-By';
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors digital.fortaleza.ce.gov.br epgm.pgm.fortaleza.ce.gov.br revista.pgm.fortaleza.ce.gov.br";
add_header X-Frame-Options "ALLOW-FROM digital.fortaleza.ce.gov.br epgm.pgm.fortaleza.ce.gov.br";
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
#Compression
gzip on;
gzip_proxied any;
gzip_vary on;
gzip_disable “MSIE [1-6]\.(?!.*SV1)”;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
#SSl Certificate Security
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_dhparam /etc/nginx/ssl/dhparam4096.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#Proxy
proxy_hide_header on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
server {
listen 80;
error_page 404 /404.html;
location = /basic_status {
stub_status;
allow 172.30.50.100;
allow 10.0.10.100;
deny all;
}
location / {
return 301 https://www.example.com.br;
}
}
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
}
My www.example.com.br config file inside sites-enable
upstream example {
server 192.168.0.1;
server 192.168.0.2;
}
server {
listen 443 ssl;
server_name www.example.com.br;
ssl_certificate /etc/nginx/certificates/bundle-pgm.crt;
ssl_certificate_key /etc/nginx/certificates/privatekey.key;
access_log /var/log/nginx/www.example.com.br/www.example.com.br_access.log;
error_log /var/log/nginx/www.example.com.br/www.example.com.br error;
location / {
proxy_pass http://example;
}
}
server {
if ($host = www.example.com.br) {
return 301 https://$host$request_uri;
}
listen 80;
server_name www.example.com.br;
return 404;
}
