1 upstream tile_cache_backend {
3 <% @caches.each do |cache| -%>
4 <% if cache[:hostname] != node[:hostname] -%>
5 #Server <%= cache[:hostname] %>
6 <% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
7 server <%= address %> backup;
16 listen 443 ssl fastopen=2048 http2 default_server;
17 server_name localhost;
21 ssl_certificate /etc/ssl/certs/<%= @certificate %>.pem;
22 ssl_certificate_key /etc/ssl/private/<%= @certificate %>.key;
24 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
25 ssl_ciphers <%= node[:ssl][:ciphers] -%>;
26 ssl_prefer_server_ciphers on;
27 ssl_session_cache shared:SSL:50m;
28 ssl_session_timeout 30m;
30 ssl_dhparam /etc/ssl/certs/dhparam.pem;
31 resolver <%= @resolvers.join(" ") %>;
34 proxy_pass http://tile_cache_backend;
35 proxy_set_header X-Forwarded-For $remote_addr;
36 proxy_http_version 1.1;
37 proxy_set_header Connection "";
39 proxy_connect_timeout 5s;
41 # Do not pass cookies to backend.
42 proxy_set_header Cookie "";
43 # Do not pass Accept-Encoding to backend.
44 proxy_set_header Accept-Encoding "";
46 # Do not allow setting cookies from cached pages.
47 proxy_ignore_headers Set-Cookie;
48 proxy_hide_header Set-Cookie;
50 # Slow traffic slightly