diff --git a/nginx.conf b/nginx.conf deleted file mode 100644 index a958c30..0000000 --- a/nginx.conf +++ /dev/null @@ -1,44 +0,0 @@ -user nginx; -worker_processes 1; - -events { - worker_connections 1024; -} - -http { - default_type application/octet-stream; - - server { - listen 80; - - # Health check location at a secret path - location /secret-health-path { - add_header Content-Type text/plain; - return 200 'Healthy'; - } - - location / { - # Proxy pass to the backend using environment variables with HTTP explicitly - proxy_pass http://${BACKEND_ADDRESS}:${BACKEND_PORT}; - - # General proxy settings - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Accept-Encoding ""; - proxy_buffering off; - - # Remove headers that might hint at HTTPS usage - proxy_set_header X-Forwarded-Proto ""; - proxy_set_header X-Forwarded-Ssl ""; - proxy_set_header X-Url-Scheme ""; - - # Disable proxy_ssl_verify if you're not using HTTPS at all - proxy_ssl_verify off; - - # Do not pass through the Connection header from the client - proxy_set_header Connection ""; - } - } -} diff --git a/nginx.conf.template b/nginx.conf.template new file mode 100644 index 0000000..227aef0 --- /dev/null +++ b/nginx.conf.template @@ -0,0 +1,19 @@ +events {} + +stream { + # TCP proxy configuration + server { + listen ${BACKEND_TCP_PORT}; + allow ${ALLOWED_IPS}; # Apply IP restrictions based on the ALLOWED_IPS variable + deny all; + proxy_pass ${BACKEND_HOST}:${BACKEND_TCP_PORT}; + } + + # UDP proxy configuration + server { + listen ${BACKEND_UDP_PORT} udp; + allow ${ALLOWED_IPS}; # Apply IP restrictions + deny all; + proxy_pass ${BACKEND_HOST}:${BACKEND_UDP_PORT}; + } +}