Skip to content

Instantly share code, notes, and snippets.

@IskenHuang
Forked from uhho/node nginx configuration
Created December 5, 2013 08:08
Show Gist options
  • Save IskenHuang/7801786 to your computer and use it in GitHub Desktop.
Save IskenHuang/7801786 to your computer and use it in GitHub Desktop.
# Load balancer configuration
upstream exampleApp {
# Directs to the process with least number of connections.
least_conn;
# One failed response will take a server out of circulation for 20 seconds.
server 127.0.0.1:10080 fail_timeout=20s;
#server 127.0.0.1:10081 fail_timeout=20s;
#server 127.0.0.1:10082 fail_timeout=20s;
#server 127.0.0.1:10083 fail_timeout=20s;
}
# WebSocket "upgrade" method
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Server settings
server {
# Listen on 80 and 443
listen 80;
listen 443 ssl;
root /var/www/exampleApp/;
# Make site accessible from http://exampleApp.com/
server_name exampleApp.com;
# Logs
access_log /var/log/nginx/exampleApp_access.log;
error_log /var/log/nginx/exampleApp_error.log;
# Certificate chained with a certificate authority bundle.
ssl_certificate /etc/ssl/certs/exampleApp.crt;
ssl_certificate_key /etc/ssl/private/exampleApp.key;
# Redirect all non-SSL traffic to SSL.
if ($ssl_protocol = "") {
rewrite ^ https://$host$request_uri? permanent;
}
# pass the request to the node.js server with the correct headers
location / {
# Setting proxy headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://exampleApp/;
proxy_redirect off;
# WebSocket headers
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# Optional headers for better security
# HTTP Strict Transport Security (HSTS) tells a browser that the website should only be accessed through a secure connection.
# add_header Strict-Transport-Security max-age=31536000;
# Never allow content to be framed to avoid clickjacking attacks
# add_header X-Frame-Options DENY;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment