Created
January 4, 2013 12:20
Revisions
-
toomasr created this gist
Jan 4, 2013 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,79 @@ upstream servers-frontend { ip_hash; server 10.10.137.100:80; # server-1 server 10.10.126.101:80; # server-2 } upstream server-2 { server 10.10.137.101:80; } upstream server-2-ssl { server 10.10.137.101:443; } server { listen 80; server_name my-server.com www.my-server.com; error_page 502 503 504 @maintenance; location / { proxy_pass http://servers-frontend; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; } # WP-Admin is accessed via HTTPS, however, some components # still work via HTTP despite FORCE_SSL_ADMIN being set to TRUE. location /wp-admin { proxy_pass http://server-2; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; } location @maintenance { root /etc/nginx/html; rewrite ^(.*) /maintenance.html break; } } server { listen 443; server_name my-server.com www.my-server.com; ssl on; ssl_certificate /etc/nginx/ssl/my-server.crt; ssl_certificate_key /etc/nginx/ssl/my-server.key; location /wp-login.php { proxy_pass https://server-2-ssl; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Real-IP $remote_addr; } # Only handle HTTPS requests for WP-Admin # This should be set before other `location` directives # as locations are matched by regexp in the order they appear location ~ ^/wp-(admin|content|includes) { #increase client max size for wp-admin connection to allow bigger picture uploads to blog client_max_body_size 2M; proxy_pass https://server-2-ssl; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Real-IP $remote_addr; } # All the other pages are served via HTTP location ~ ^.* { # Will you be so kind to GTFO my sire? o_Q rewrite ^(.*)$ http://my-server.com$1; } }