From ec804a4ad1d83a8d067f62513c405e1837e12a84 Mon Sep 17 00:00:00 2001
From: Sean Combs <combssm@gmail.com>
Date: Wed, 14 Sep 2022 09:14:17 -0400
Subject: [PATCH] NGX-278: nginx upstream keepalives (#28)

Co-authored-by: Sean <seanc@inmotionhosting.com>
---
 templates/etc/nginx/conf.d/site.conf.j2 | 42 +++++++++++++++++++++----
 1 file changed, 36 insertions(+), 6 deletions(-)

diff --git a/templates/etc/nginx/conf.d/site.conf.j2 b/templates/etc/nginx/conf.d/site.conf.j2
index b881172..8d1a973 100644
--- a/templates/etc/nginx/conf.d/site.conf.j2
+++ b/templates/etc/nginx/conf.d/site.conf.j2
@@ -1,6 +1,15 @@
 # {{ template_destpath }}
 # {{ ansible_managed }}
 
+upstream http_backend {
+{% if use_letsencrypt is defined and use_letsencrypt %}
+    server localhost:8443;
+{% else %}
+    server localhost:8080;
+{% endif %}    
+    keepalive 2;
+}
+
 server {
     listen 80;
 {% if use_letsencrypt is defined and use_letsencrypt %}
@@ -40,6 +49,11 @@ server {
 
     location / {
         add_header X-Proxy-Cache $upstream_cache_status;
+
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;        
 {% if not nginx_proxy_cache_enable %}
         proxy_no_cache 1;
         proxy_cache_bypass 1;
@@ -48,10 +62,12 @@ server {
         proxy_cache_bypass $cache_bypass;
 {% endif %}
 {% if use_letsencrypt is defined and use_letsencrypt %}
-        proxy_pass https://localhost:8443;
+        proxy_pass https://http_backend;
 {% else %}
-        proxy_pass http://localhost:8080;
+        proxy_pass http://http_backend;
 {% endif %}
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
     }
 
 {% if nginx_accel_static_content %}
@@ -71,11 +87,18 @@ server {
         proxy_cache_bypass 1;
         add_header X-Proxy-Cache $upstream_cache_status;
 
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;        
+
 {% if use_letsencrypt is defined and use_letsencrypt %}
-        proxy_pass https://localhost:8443;
+        proxy_pass https://http_backend;
 {% else %}
-        proxy_pass http://localhost:8080;
+        proxy_pass http://http_backend;
 {% endif %}
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
     }
 {% endif %}
 
@@ -83,11 +106,18 @@ server {
         proxy_no_cache 1;
         proxy_cache_bypass 1;
         add_header X-Proxy-Cache $upstream_cache_status;
+        
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;        
 {% if use_letsencrypt is defined and use_letsencrypt %}
-        proxy_pass https://localhost:8443;
+        proxy_pass https://http_backend;
 {% else %}
-        proxy_pass http://localhost:8080;
+        proxy_pass http://http_backend;
 {% endif %}
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
     }
 
 {% if nginx_cache_purge_enable %}