Update nginx.conf.template

nginx.conf

@@ -1,44 +0,0 @@
-user nginx;
-worker_processes 1;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-    default_type application/octet-stream;
-
-    server {
-        listen 80;
-
-        # Health check location at a secret path
-        location /secret-health-path {
-            add_header Content-Type text/plain;
-            return 200 'Healthy';
-        }
-
-        location / {
-            # Proxy pass to the backend using environment variables with HTTP explicitly
-            proxy_pass http://${BACKEND_ADDRESS}:${BACKEND_PORT};
-
-            # General proxy settings
-            proxy_http_version 1.1;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header Accept-Encoding "";
-            proxy_buffering off;
-
-            # Remove headers that might hint at HTTPS usage
-            proxy_set_header X-Forwarded-Proto "";
-            proxy_set_header X-Forwarded-Ssl "";
-            proxy_set_header X-Url-Scheme "";
-
-            # Disable proxy_ssl_verify if you're not using HTTPS at all
-            proxy_ssl_verify off;
-
-            # Do not pass through the Connection header from the client
-            proxy_set_header Connection "";
-        }
-    }
-}

nginx.conf.template

@@ -0,0 +1,19 @@
+events {}
+
+stream {
+    # TCP proxy configuration
+    server {
+        listen ${BACKEND_TCP_PORT};
+        allow ${ALLOWED_IPS}; # Apply IP restrictions based on the ALLOWED_IPS variable
+        deny all;
+        proxy_pass ${BACKEND_HOST}:${BACKEND_TCP_PORT};
+    }
+
+    # UDP proxy configuration
+    server {
+        listen ${BACKEND_UDP_PORT} udp;
+        allow ${ALLOWED_IPS}; # Apply IP restrictions
+        deny all;
+        proxy_pass ${BACKEND_HOST}:${BACKEND_UDP_PORT};
+    }
+}