upstream bcards_backend { server 141.148.162.114:8080; server 129.146.116.218:8080; # Health check settings keepalive 32; } server { listen 80; server_name bcards.site; # Security headers add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; # Gzip compression gzip on; gzip_vary on; gzip_min_length 1024; gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json; # Load balancer configuration location / { proxy_pass http://bcards_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Connection settings proxy_connect_timeout 30s; proxy_send_timeout 30s; proxy_read_timeout 30s; # Buffer settings proxy_buffering on; proxy_buffer_size 4k; proxy_buffers 8 4k; # Health check proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_next_upstream_tries 2; proxy_next_upstream_timeout 30s; } # Health check endpoint location /health { access_log off; proxy_pass http://bcards_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Static files (if any) location /static { proxy_pass http://bcards_backend; proxy_cache_valid 200 1h; expires 1h; add_header Cache-Control "public, immutable"; } # Let's Encrypt ACME challenge location /.well-known/acme-challenge/ { root /var/www/html; } # Logging access_log /var/log/nginx/bcards_access.log; error_log /var/log/nginx/bcards_error.log; }