map $host $CPANEL_APACHE_PROXY_IP {
default 127.0.0.1;
}
map $host $CPANEL_APACHE_PROXY_PORT {
default 8080;
}
map $host $CPANEL_APACHE_PROXY_SSL_IP {
default 127.0.0.1;
}
map $host $CPANEL_APACHE_PROXY_SSL_PORT {
default 8443;
}
map $host $CPANEL_SERVICE_SUBDOMAIN {
default 0;
}
server_names_hash_max_size 1024;
server_names_hash_bucket_size 256;
client_max_body_size 128m;
ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS;
proxy_ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS;
ssl_dhparam /usr/local/cpanel/etc/dhparam_from_cpanel.pem;
################################################################
#### This is to support keepalive; this is not load balancing ##
################################################################
upstream apache_backend_https_203_143_88_233 {
server 203.143.88.233:8443; # needs to be before keepalive configs
# Keepalive is disabled
# To see how your keepalive config tuning behaves:
# 1. Ensure NGINX caching is disabled
# 2. Ensure NGINX `worker_processes` is 1
# 3. make sure Apache and NGINX are restarted fully
# * There should be no lingering TCP connections between NGINX to Apache.
# 4. Monitor TCP connections between NGINX to Apache:
# * `netstat -an | grep -c :8443`
# 5. Generate traffic with `ab` with various concurrent connections to various
# * Using step 4 to see if the number of connections is what you are aiming for
}
upstream apache_backend_http_203_143_88_233 {
server 203.143.88.233:8080; # needs to be before keepalive configs
# Keepalive is disabled
# To see how your keepalive config tuning behaves:
# 1. Ensure NGINX caching is disabled
# 2. Ensure NGINX `worker_processes` is 1
# 3. make sure Apache and NGINX are restarted fully
# * There should be no lingering TCP connections between NGINX to Apache.
# 4. Monitor TCP connections between NGINX to Apache:
# * `netstat -an | grep -c :8080`
# 5. Generate traffic with `ab` with various concurrent connections to various
# * Using step 4 to see if the number of connections is what you are aiming for
}
Mini Shell