upstream flow-london {
    hash $remote_addr consistent;
    zone flow-london 64k;
    server 10.60.32.11:4010; # Use your own IP address
    server 10.60.32.12:4010;
    keepalive 120;
}

server {
   listen 80;
   server_name flow.london.firstderivatives.com;
   return 301 https://flow.london.firstderivatives.com$request_uri;
}

server {
   listen 443 ssl;
   server_name flow.london.firstderivatives.com;
   ssl_certificate  /etc/ssl/client/flow.london.firstderivatives.com.cer; # Client Supplied Certificate
   ssl_certificate_key  /etc/ssl/client/flow.london.firstderivatives.com.key; # Client Supplied Certificate
   ssl_prefer_server_ciphers on;
   ssl_protocols TLSv1.2 TLSv1.3;
   access_log /var/log/nginx/flow.london.firstderivatives.com.access.log main ;
   access_log syslog:server=10.60.64.56:514,tag=nginx,severity=info;
   error_log /var/log/nginx/flow.london.firstderivatives.com.error.log;
   error_log syslog:server=10.60.64.56:514,tag=nginx_error,severity=warn;
   status_zone status_zone;

### WAF Component ###
   include conf.d/00-waf_enable.conf;
### WAF Component ###

   location / {
        proxy_pass http://flow-london/;
        proxy_set_header   Origin http://flow.london.firstderivatives.com;
        proxy_hide_header  Access-Control-Allow-Origin;
        add_header         Access-Control-Allow-Origin $http_origin;
        proxy_set_header   Host flow.london.firstderivatives.com; # Required if Proxy Header is needed
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $remote_addr;

### Web Sockets (wss) ###
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
### Web Sockets (wss) ###
    }
}