Record Nginx configuration file and explanation.

files structure

.
├── geoip.conf
├── nginx.conf
├── sites-available
│   ├── default.conf
├── sites-enabled
│   ├── default.conf -> ../sites-available/default.conf
├── upstream.conf

geoip.conf

## module: ngx_http_geoip2_module
## https://github.com/leev/ngx_http_geoip2_module
## Read the GeoIP database and set variables
geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
    auto_reload 60m;
    $geoip2_metadata_country_build metadata build_epoch;
    ## Set $geoip2_data_country_code to the ISO 3116 country code for $remote_addr
    $geoip2_data_country_code source=$remote_addr country iso_code;
    ## Set $geoip2_data_country_name to the corresponding English city name
    $geoip2_data_country_name country names en;
}

upstream.conf

## module: ngx_http_upstream_module
## Define server groups
upstream to_nodejs1 {
    ## server address [parameters]; define a server
    ## parameters:
    ## weight=number defines the weight, default is 1
    ## max_fails=number sets max retries to the upstream server, default is 1
    ## fail_timeout=time sets the time to stop sending requests to this upstream server after reaching max_fails, default is 10 seconds
    ## backup marks this upstream server as a backup when others are unavailable
    ## down marks this upstream server as unavailable
    server 10.7.0.12:9000 max_fails=3 fail_timeout=5s;
    server 10.7.0.12:9001 max_fails=3 fail_timeout=5s backup;
}

upstream to_nodejs2 {
    server 10.7.0.12:9002 max_fails=3 fail_timeout=5s;
    server 10.7.0.12:9003 max_fails=3 fail_timeout=5s backup;
}

upstream to_nodejs9005 {
    server 10.7.0.12:9005 max_fails=3 fail_timeout=5s;
}

## module: ngx_http_map_module
## map string $variable { ... } creates a new variable
map $arg_agent $game_api {
    ## $arg_agent is the agent value in the request (https://abc.com/?agent=123)
    ## When agent=123, $game_api is to_nodejs95
    123 to_nodejs95;
    ## If agent ends with 1, 2, 3, or 4, $game_api is to_nodejs1
    ~*1$ to_nodejs1;
    ~*2$ to_nodejs1;
    ~*3$ to_nodejs1;
    ~*4$ to_nodejs1;
    ## If agent does not match the rules above, $game_api defaults to to_nodejs2
    default to_nodejs2;
}

default.conf

## module: ngx_http_limit_req_module
## Limit request handling
## limit_req_zone key zone=name:size rate=rate [sync]; defines request limiting rules
limit_req_zone $binary_remote_addr$server_name zone=websocket:10m rate=1r/m;
## limit_req_status code; sets HTTP status code for rejected connections, default is 503
limit_req_status 502;

## Configure virtual host
server {
    ## listen port [default_server] [ssl] [http2 | spdy] [proxy_protocol] [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
    ## Set the listen port, default is *:80
    ## Below listens on port 80 and is the default virtual host
    listen 80 default_server;
    ## server_name name ...; set virtual host name, regex allowed, default is ""
    server_name  _;

    access_log  logs/default/default.log json;
    error_log   logs/default/default.error.log warn;

    ## module: ngx_http_access_module
    ## allow address | CIDR | unix: | all; allow IP access
    allow 1.1.1.1;
    ## deny address | CIDR | unix: | all; deny IP access
    deny 12.34.56.78;

    ## Set the root directory for requests
    root /usr/share/nginx/html;
    ## limit_req zone=name [burst=number] [nodelay | delay=number]; set request limiting zone
    limit_req zone=websocket nodelay;
    ## limit_req_log_level info | notice | warn | error; set log level for rejected requests, default is error
    limit_req_log_level warn;

    ## location [ = | ~ | ~* | ^~ ] uri { ... }
    ## location @name { ... } configure based on the request URI
    location / {
        default_type application/json;
        ## Return HTTP status code 200 with a string
        return 200 '{"Code": "$status", "IP": "$remote_addr"}';
    }
}


server {
    ## Below listens on port 443 and is the default virtual host; all connections use SSL
    listen 443 default_server ssl;
    server_name  _;

    access_log  logs/default/default.log json;
    error_log   logs/default/default.error.log warn;
    ## module: ngx_http_ssl_module
    ## Set the PEM-format certificate
    ssl_certificate     /etc/ssl/hddv1.com.crt;
    ## Set the PEM-format key
    ssl_certificate_key /etc/ssl/hddv1.com.key;
    ## Set SSL versions, default is TLSv1 TLSv1.1 TLSv1.2
    ssl_protocols TLSv1.2 TLSv1.3;
    ## Set enabled ciphers, default is HIGH:!aNULL:!MD5
    ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC2:!RC4:!aNULL:!eNULL:!LOW:!IDEA:!DES:!TDES:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EXPORT:!ANON";
    ## Specify the DH parameter file for DHE ciphers
    ssl_dhparam /etc/ssl/dhparams.pem;
    ## Prefer server ciphers, default is off
    ssl_prefer_server_ciphers on;
    ## ssl_session_cache off | none | [builtin[:size]] [shared:name:size];
    ## Set cache and size, default is none
    ssl_session_cache shared:SSL:1m;
    ## Set session reuse time, default is 5 minutes
    ssl_session_timeout  5m;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

    root /usr/share/nginx/html;
    limit_req zone=websocket nodelay;
    limit_req_log_level warn;
    default_type application/json;

    location / {
        default_type application/json;
        return 200 '{"Code": "$status", "IP": "$remote_addr"}';
    }
}

nginx.conf

## module: ngx_core_module
## worker_processes number | auto; number of Nginx worker processes, auto equals CPU count
worker_processes auto;
## worker_rlimit_nofile number; max open files for workers, default is system RLIMIT_NOFILE
worker_rlimit_nofile 131072;
## worker_shutdown_timeout time; shutdown timeout for reloads and related commands
worker_shutdown_timeout 60;

## error_log file [level]; set error log path
## debug, info, notice, warn, error, crit, alert, emerg
error_log logs/error.log warn;

## pid file; master process ID file location
pid logs/nginx.pid;

## module: ngx_core_module
## Connection handling
events {
    ## worker_connections number; max concurrent connections per worker, default is 512, must be less than worker_rlimit_nofile
    ## max connections = worker_connections * worker_processes
    worker_connections 102400;

    ## accept_mutex on | off; default is off
    ## When on, only one worker accepts new connections while others remain idle
    ## When off, all workers wake up; one accepts, the rest go back to sleep
    ## With TCP long connections and high traffic, off performs better for throughput and QPS
    accept_mutex off;

    ## multi_accept on | off; accept all connections at once, default is off
    multi_accept on;
}

## module: ngx_http_core_module
## HTTP server settings
http {
    ## module: ngx_core_module
    ## include file | mask; include settings from file
    ## Below sets MIME types, defined in the mime.type file
    include mime.types;

    ## default_type mime-type; default MIME type, default is text/plain
    default_type application/octet-stream;
    ## server_names_hash_max_size size; max size of the server_name hash table, default is 512k
    server_names_hash_max_size 2048;
    ## Size of the server_name hash table for fast lookup, default depends on CPU L1 cache
    server_names_hash_bucket_size 256;
    ## server_tokens on | off | build | string; show Nginx version on error pages, default is on
    server_tokens off;
    ## Log 404 in the error log
    log_not_found off;
    ## Enable sendfile() for file transfer efficiency, default is off
    sendfile on;
    ## Use full packets for file sending, default is off
    tcp_nopush on;
    ## Send data as soon as possible, default is on
    tcp_nodelay on;
    ## Set keepalive timeout seconds; Nginx closes after timeout, default is 75
    keepalive_timeout 70;
    ## client_max_body_size size; max allowed request body size
    client_max_body_size 64M;

    ## module: ngx_http_gzip_module
    ## Enable gzip compression, default is off
    gzip on;
    ## Minimum Content-Length to gzip, default is 20
    gzip_min_length 1k;
    ## Gzip buffer size, default is one memory page
    ## gzip_buffers number size;
    gzip_buffers 4 32k;
    ## Compression level, range 1-9, default is 1
    gzip_comp_level 7;
    ## MIME types to compress, default is text/html
    gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php application/json;
    ## Add Vary: Accept-Encoding to HTTP response headers, default is off
    gzip_vary on;
    ## Disable compression for specific User-Agent
    ## Below disables IE 6
    gzip_disable "MSIE [1-6]\.";

    ## resolver address ... [valid=time] [ipv6=on|off] [status_zone=zone]; use the specified DNS servers for server_name and upstreams
    resolver 114.114.114.114 8.8.8.8 1.1.1.1;

    ## module: ngx_http_headers_module
    ## add_header name value [always]; add fields to HTTP response headers
    ## Below allows CORS
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type;
    add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
    add_header Access-Control-Expose-Headers 'WWW-Authenticate,Server-Authorization,User-Identity-Token';

    ## module: ngx_http_realip_module
    ## set_real_ip_from address | CIDR | unix:; set trusted proxy IPs such as reverse proxies
    set_real_ip_from 10.0.0.0/8;
    set_real_ip_from 172.16.0.0/12;
    set_real_ip_from 192.168.0.0/16;
    ## real_ip_header field | X-Real-IP | X-Forwarded-For | proxy_protocol; define which header provides client IP, default is X-Real-IP
    real_ip_header X-Forwarded-For;
    ## Use the last non-trusted IP or last IP in real_ip_header as the real IP, default is off
    real_ip_recursive on;

    ## module: ngx_http_log_module
    ## log_format name [escape=default|json|none] string ...; set log format
    log_format json escape=json '{"@timestamp":"$time_iso8601",'
        '"@source":"$server_addr",'
        '"ip":"$http_x_forwarded_for",'
        '"client":"$remote_addr",'
        '"request_method":"$request_method",'
        '"scheme":"$scheme",'
        '"domain":"$server_name",'
        '"client_host":"$host",'
        '"referer":"$http_referer",'
        '"request":"$request_uri",'
        '"args":"$args",'
        '"sent_bytes":$body_bytes_sent,'
        '"status":$status,'
        '"responsetime":$request_time,'
        '"upstreamtime":"$upstream_response_time",'
        '"upstreamaddr":"$upstream_addr",'
        '"http_user_agent":"$http_user_agent",'
        '"Country":"$geoip2_data_country_name",'
        '"State":"$geoip2_data_state_name",'
        '"City":"$geoip2_data_city_name",'
        '"https":"$https"'
        '}';
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
    ## access_log path [format [buffer=size] [gzip[=level]] [flush=time] [if=condition]]; set log path and format name
    ## access_log off; disable logging
    access_log logs/access.log json;
}