nginx.conf

worker_processes  1;
error_log  logs/error.log info;

events {
  worker_connections  1024;
}

env JWT_SECRET;

http {
  include       mime.types;
  default_type  application/octet-stream;

  lua_package_path '/app/lib/?.lua;;';

  server {
    listen 80 default_server;
    listen 443 default_server ssl;
    server_name _;
    server_tokens off;

    access_log off;
    more_clear_headers 'Server' 'Connection';
    add_header X-Echo-Request-URI $request_uri;

    ssl_certificate           /etc/ssl/selfsigned/cert.pem;
    ssl_certificate_key       /etc/ssl/selfsigned/key.pem;
    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers               "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve            secp384r1;
    ssl_session_cache         shared:SSL:10m;
    ssl_session_tickets       off;

    location ~ /status/(\d\d\d) {
      access_by_lua_block {
        ngx.exit(ngx.var[1])
      }
    }

    location = /jwt {
      access_by_lua_block {
        local cjson = require("cjson")
        local jwt = require("resty.jwt")

        ngx.req.read_body()
        local data = ngx.req.get_body_data()
        local response = jwt.load_jwt(os.getenv("JWT_SECRET"), data)
        ngx.header["Content-Type"] = "application/json"
        ngx.print(cjson.encode(response))
      }
    }

    location = /websocket {
      # version 1.1;
      add_header Upgrade $http_upgrade;
      add_header Connection "upgrade";
      add_header Host $host;

      content_by_lua_file '/app/lib/websocket.lua';
    }

    location / {
      access_by_lua_block {
        local headers = ngx.req.get_headers()
        for k, v in pairs(headers) do
          ngx.header[k] = v
        end
      }

      echo "\r";
      echo_read_request_body;
      echo $request_body;
    }
  }
}