upstream jenkins {
  keepalive 32;
  server 127.0.0.1:8080 fail_timeout=0;
}

server {
  listen 80;
  server_name 127.0.0.1 jenkins01.devops.investran.live;
  return 301 https://$host$request_uri;
}

# Required for Jenkins websocket agents
map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

server {
  # All your server and TLS/certificate settings are up here somewhere
  # SSL Configuration
  listen 443 ssl;
  server_name jenkins01.devops.investran.live;
  ssl_certificate      /etc/ssl/jenkins01devopsinvestranlive.cer;
  ssl_certificate_key  /etc/ssl/jenkins01devopsinvestranlive.prv;
  ssl_session_timeout  5m;
  ssl_session_cache shared:SSL:50m;
  access_log            /var/log/nginx/jenkins.access.log;
  error_log             /var/log/nginx/jenkins.error.log;

  # pass through headers from Jenkins that Nginx considers invalid
  ignore_invalid_headers off;
  root            /var/cache/jenkins/war/;

  location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
    # rewrite all static files into requests to the root
    # E.g /static/12345678/css/something.css will become /css/something.css
    rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
  }

  location /userContent {
    # have nginx handle all the static requests to userContent folder
    # note : This is the $JENKINS_HOME dir
    root /var/lib/jenkins/;
    if (!-f $request_filename){
    # this file does not exist, might be a directory or a /**view** url
    rewrite (.*) /$1 last;
    break;
    }
    sendfile on;
  }

  location / {

    # Convert inbound WAN requests for https://domain.tld/jenkins/ to
    # local network requests for http://localhost:8080/jenkins/
    proxy_pass http://127.0.0.1:8080/;

    # Rewrite HTTPS requests from WAN to HTTP requests on LAN
    proxy_redirect http:// https://;

    # The following settings from https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
    sendfile off;

    proxy_set_header   Host             $http_host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   X-Forwarded-Port 443;
    proxy_max_temp_file_size 0;

    # This is the maximum upload size
    client_max_body_size       10m;
    client_body_buffer_size    128k;

    proxy_connect_timeout      90;
    proxy_send_timeout         90;
    proxy_read_timeout         90;

    proxy_temp_file_write_size 64k;

    # Required for new HTTP-based CLI
    proxy_http_version 1.1;
    proxy_request_buffering off;
    proxy_buffering off; # Required for HTTP-based CLI to work over SSL

    # Required for Jenkins websocket agents
    proxy_set_header   Connection        $connection_upgrade;
    proxy_set_header   Upgrade           $http_upgrade;
    }
}