-
-
Save IskenHuang/7801786 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Load balancer configuration | |
upstream exampleApp { | |
# Directs to the process with least number of connections. | |
least_conn; | |
# One failed response will take a server out of circulation for 20 seconds. | |
server 127.0.0.1:10080 fail_timeout=20s; | |
#server 127.0.0.1:10081 fail_timeout=20s; | |
#server 127.0.0.1:10082 fail_timeout=20s; | |
#server 127.0.0.1:10083 fail_timeout=20s; | |
} | |
# WebSocket "upgrade" method | |
map $http_upgrade $connection_upgrade { | |
default upgrade; | |
'' close; | |
} | |
# Server settings | |
server { | |
# Listen on 80 and 443 | |
listen 80; | |
listen 443 ssl; | |
root /var/www/exampleApp/; | |
# Make site accessible from http://exampleApp.com/ | |
server_name exampleApp.com; | |
# Logs | |
access_log /var/log/nginx/exampleApp_access.log; | |
error_log /var/log/nginx/exampleApp_error.log; | |
# Certificate chained with a certificate authority bundle. | |
ssl_certificate /etc/ssl/certs/exampleApp.crt; | |
ssl_certificate_key /etc/ssl/private/exampleApp.key; | |
# Redirect all non-SSL traffic to SSL. | |
if ($ssl_protocol = "") { | |
rewrite ^ https://$host$request_uri? permanent; | |
} | |
# pass the request to the node.js server with the correct headers | |
location / { | |
# Setting proxy headers | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-NginX-Proxy true; | |
proxy_pass http://exampleApp/; | |
proxy_redirect off; | |
# WebSocket headers | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
# Optional headers for better security | |
# HTTP Strict Transport Security (HSTS) tells a browser that the website should only be accessed through a secure connection. | |
# add_header Strict-Transport-Security max-age=31536000; | |
# Never allow content to be framed to avoid clickjacking attacks | |
# add_header X-Frame-Options DENY; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment