
upstream logstoreapi {
        keepalive 64;
        server 127.0.0.1:10087;
}

log_format logstoreapi '$remote_addr\t'
                       '[$time_local]\t'
                       '$upstream_response_time\t'
                       '$request_time\t'
                       '$request_length\t'
                       '"$status"\t'
                       '$body_bytes_sent\t'
                       '$request_id';

server {
        listen [<<IP>>]:443 default_server ipv6only=off ssl http2;

        ssl_certificate             /etc/nginx/certs/logstore.passport.yandex.net.crt;
        ssl_certificate_key         /etc/nginx/certs/logstore.passport.yandex.net.key;
        ssl_session_cache           shared:SSL:32m;
        ssl_session_timeout         24h;
        ssl_protocols               TLSv1.2 TLSv1.3;
        ssl_ciphers                 EECDH+AESGCM;
        ssl_ecdh_curve              X25519:prime256v1;
        ssl_prefer_server_ciphers   on;

        return 404;
}

server {
        listen [<<IP>>]:443;

        server_name <<HOST>>;

        ssl_certificate             /etc/nginx/certs/logstore.passport.yandex.net.crt;
        ssl_certificate_key         /etc/nginx/certs/logstore.passport.yandex.net.key;
        ssl_session_cache           shared:SSL:32m;
        ssl_session_timeout         24h;
        ssl_protocols               TLSv1.2 TLSv1.3;
        ssl_ciphers                 EECDH+AESGCM;
        ssl_ecdh_curve              X25519:prime256v1;
        ssl_prefer_server_ciphers   on;

        access_log /var/log/nginx/logstoreapi-api.access.log logstoreapi;
        error_log  /var/log/nginx/logstoreapi-api.error.log;

        location / {
                proxy_pass                       http://logstoreapi;
                proxy_http_version               1.1;
                proxy_set_header Connection      "";
                proxy_set_header Host            $host;
                proxy_set_header X-Real-IP       $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Request-Id    $request_id;
        }
}
