map $host $CPANEL_APACHE_PROXY_IP {
default 127.0.0.1;
}
map $host $CPANEL_APACHE_PROXY_PORT {
default 8080;
}
map $host $CPANEL_APACHE_PROXY_SSL_IP {
default 127.0.0.1;
}
map $host $CPANEL_APACHE_PROXY_SSL_PORT {
default 8443;
}
map $host $CPANEL_SERVICE_SUBDOMAIN {
default 0;
}
server_names_hash_max_size 1480;
server_names_hash_bucket_size 256;
client_max_body_size 128m;
ssl_protocols TLSv1.2;
proxy_ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS;
proxy_ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS;
ssl_dhparam /usr/local/cpanel/etc/dhparam_from_cpanel.pem;
################################################################
#### This is to support keepalive; this is not load balancing ##
################################################################
upstream apache_backend_https_5_2_88_106 {
server 5.2.88.106:8443; # needs to be before keepalive configs
# set in /etc/nginx/ea-nginx/settings.json, default is 32
keepalive 32;
# set in EA4 global config (WHM/Service Configuration/Apache Configuration)
keepalive_timeout 10; # no suffix means seconds
# set in EA4 global config (WHM/Service Configuration/Apache Configuration)
# Apache being set to Unlimited results in 1000 here since NGINX does not have an equivalent to unlimited
keepalive_requests 1000;
# keepalive_time can be set in /etc/nginx/ea-nginx/settings.json
# To see how your keepalive config tuning behaves:
# 1. Ensure NGINX caching is disabled
# 2. Ensure NGINX `worker_processes` is 1
# 3. make sure Apache and NGINX are restarted fully
# * There should be no lingering TCP connections between NGINX to Apache.
# 4. Monitor TCP connections between NGINX to Apache:
# * `netstat -an | grep -c :8443`
# 5. Generate traffic with `ab` with various concurrent connections to various
# * Using step 4 to see if the number of connections is what you are aiming for
}
upstream apache_backend_http_5_2_88_106 {
server 5.2.88.106:8080; # needs to be before keepalive configs
# set in /etc/nginx/ea-nginx/settings.json, default is 32
keepalive 32;
# set in EA4 global config (WHM/Service Configuration/Apache Configuration)
keepalive_timeout 10; # no suffix means seconds
# set in EA4 global config (WHM/Service Configuration/Apache Configuration)
# Apache being set to Unlimited results in 1000 here since NGINX does not have an equivalent to unlimited
keepalive_requests 1000;
# keepalive_time can be set in /etc/nginx/ea-nginx/settings.json
# To see how your keepalive config tuning behaves:
# 1. Ensure NGINX caching is disabled
# 2. Ensure NGINX `worker_processes` is 1
# 3. make sure Apache and NGINX are restarted fully
# * There should be no lingering TCP connections between NGINX to Apache.
# 4. Monitor TCP connections between NGINX to Apache:
# * `netstat -an | grep -c :8080`
# 5. Generate traffic with `ab` with various concurrent connections to various
# * Using step 4 to see if the number of connections is what you are aiming for
}
upstream apache_backend_https_5_2_88_69 {
server 5.2.88.69:8443; # needs to be before keepalive configs
# set in /etc/nginx/ea-nginx/settings.json, default is 32
keepalive 32;
# set in EA4 global config (WHM/Service Configuration/Apache Configuration)
keepalive_timeout 10; # no suffix means seconds
# set in EA4 global config (WHM/Service Configuration/Apache Configuration)
# Apache being set to Unlimited results in 1000 here since NGINX does not have an equivalent to unlimited
keepalive_requests 1000;
# keepalive_time can be set in /etc/nginx/ea-nginx/settings.json
# To see how your keepalive config tuning behaves:
# 1. Ensure NGINX caching is disabled
# 2. Ensure NGINX `worker_processes` is 1
# 3. make sure Apache and NGINX are restarted fully
# * There should be no lingering TCP connections between NGINX to Apache.
# 4. Monitor TCP connections between NGINX to Apache:
# * `netstat -an | grep -c :8443`
# 5. Generate traffic with `ab` with various concurrent connections to various
# * Using step 4 to see if the number of connections is what you are aiming for
}
upstream apache_backend_http_5_2_88_69 {
server 5.2.88.69:8080; # needs to be before keepalive configs
# set in /etc/nginx/ea-nginx/settings.json, default is 32
keepalive 32;
# set in EA4 global config (WHM/Service Configuration/Apache Configuration)
keepalive_timeout 10; # no suffix means seconds
# set in EA4 global config (WHM/Service Configuration/Apache Configuration)
# Apache being set to Unlimited results in 1000 here since NGINX does not have an equivalent to unlimited
keepalive_requests 1000;
# keepalive_time can be set in /etc/nginx/ea-nginx/settings.json
# To see how your keepalive config tuning behaves:
# 1. Ensure NGINX caching is disabled
# 2. Ensure NGINX `worker_processes` is 1
# 3. make sure Apache and NGINX are restarted fully
# * There should be no lingering TCP connections between NGINX to Apache.
# 4. Monitor TCP connections between NGINX to Apache:
# * `netstat -an | grep -c :8080`
# 5. Generate traffic with `ab` with various concurrent connections to various
# * Using step 4 to see if the number of connections is what you are aiming for
}
Mini Shell