# Configuration checksum: 

# setup custom paths that do not require root access
pid /tmp/nginx/nginx.pid;













daemon off;

worker_processes 8;


worker_rlimit_nofile 130048;



worker_shutdown_timeout 240s ;



events {
    multi_accept        on;
    worker_connections  16384;
    use                 epoll;
}

http {
    lua_package_path "/etc/nginx/lua/?.lua;;";

    lua_shared_dict balancer_ewma 10M;
lua_shared_dict balancer_ewma_last_touched_at 10M;
lua_shared_dict balancer_ewma_locks 1M;
lua_shared_dict certificate_data 20M;
lua_shared_dict certificate_servers 5M;
lua_shared_dict configuration_data 20M;
lua_shared_dict ocsp_response_cache 5M;


    init_by_lua_block {
        collectgarbage("collect")

        -- init modules
        local ok, res

        ok, res = pcall(require, "lua_ingress")
        if not ok then
          error("require failed: " .. tostring(res))
        else
          lua_ingress = res
          lua_ingress.set_config({
		use_forwarded_headers = true,
		use_proxy_protocol = false,
		is_ssl_passthrough_enabled = false,
		http_redirect_code = 308,
		listen_ports = { ssl_proxy = "442", https = "443" },

		hsts = true,
		hsts_max_age = 31536000,
		hsts_include_subdomains = true,
		hsts_preload = false,
	})
        end


        
        ok, res = pcall(require, "monitor")
        if not ok then
          error("require failed: " .. tostring(res))
        else
          monitor = res
        end
        

    }

    init_worker_by_lua_block {
        lua_ingress.init_worker()
        balancer.init_worker()

        monitor.init_worker(10000)
    }

    
    
    map $request_uri $loggable {
        
        default 1;
    }

    
    
    access_log /var/log/nginx/access.log upstreaminfo  if=$loggable;
    
    

    
    error_log  /var/log/nginx/error.log notice;
    

    resolver 169.254.25.10 valid=30s ipv6=off;

    # See https://www.nginx.com/blog/websocket-nginx
    map $http_upgrade $connection_upgrade {
        default          upgrade;
        
        # See http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
        ''               '';
        
    }


    ## start server _
    server {
        server_name _ ;

        
        

        
        
        

        listen 80 default_server reuseport backlog=4096 ;
        listen 443 default_server reuseport backlog=4096 ssl http2 ;

        set $proxy_upstream_name "-";

        ssl_certificate_by_lua_block {
            certificate.call()
        }



        location / {
            
            set $namespace      "";
            set $ingress_name   "";
            set $service_name   "";
            set $service_port   "";
            set $location_path  "";

            

            

            rewrite_by_lua_block {
                lua_ingress.rewrite({
		force_ssl_redirect = false,
		ssl_redirect = false,
		force_no_ssl_redirect = false,
		use_port_in_redirects = false,
	})
                balancer.rewrite()
            }

            # be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
            # other authentication method such as basic auth or external auth useless - all requests will be allowed.
            #access_by_lua_block {
            #}

            header_filter_by_lua_block {
                lua_ingress.header()
            }


    }
    ## end server _

    

    
}