#user  nobody;
worker_processes 1;

error_log  /dev/stdout;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;
master_process off;
daemon off;

events {
    worker_connections  4096;
}


http {
    #include       mime.types;
    #default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    # access_log  logs/access.log  main;
    access_log  off;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  30;
    keepalive_requests 99999;

    upstream plaintext {
        server 127.0.0.1:8000;
        keepalive 128;
        keepalive_requests 99999;
    }

    upstream ssl {
        server 127.0.0.1:8443;
        keepalive 128;
        keepalive_requests 99999;
    }

    #gzip  on;

    server {
        listen       8001;
        listen       [::]:8001;
        server_name  localproxy;

        location / {
            keepalive_timeout 30;
            proxy_pass http://plaintext;
            proxy_http_version 1.1;
            proxy_set_header Connection "Keep-Alive";
        }

    }

    server {
        listen       8002 ssl;
        listen       [::]:8002 ssl;
        server_name  localproxy_https;

        ssl_certificate keys/server.crt;
        ssl_certificate_key keys/key.pem;
        ssl_protocols TLSv1.2;
        ssl_ciphers TLS-AES-128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;

        location / {
            keepalive_timeout 30;
            proxy_pass https://ssl;
            proxy_http_version 1.1;
            proxy_ssl_session_reuse off;
            proxy_ssl_verify on;
            proxy_ssl_server_name on;
            proxy_ssl_name "openrusty.org";
            proxy_ssl_trusted_certificate keys/server.crt;
            proxy_set_header Connection "Keep-Alive";
        }

    }
}