Skip to content

Instantly share code, notes, and snippets.

@aegyed91
Last active September 18, 2019 09:20
Show Gist options
  • Save aegyed91/e6c372268488bb2c3af9 to your computer and use it in GitHub Desktop.
Save aegyed91/e6c372268488bb2c3af9 to your computer and use it in GitHub Desktop.
nginx + nodeJS + PHP
# Define your "upstream" servers - the
# servers request will be sent to
upstream backend {
server 127.0.0.1:3000; # NodeJS Server 1
}
# Define the Nginx server
# This will proxy any non-static directory
server {
listen 80;
server_name attilaegyed.com www.attilaegyed.com;
root /var/www/attilaegyed.com/html;
index index.html index.htm index.php;
access_log /var/log/nginx/attilaegyed.com-access.log;
error_log /var/log/nginx/attilaegyed.com-error.log error;
# Browser and robot always look for these
# Turn off logging for them
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; }
# Handle static files so they are not proxied to NodeJS
# You may want to also hand these requests to other upstream
# servers, as you can define more than one!
location ~ ^/(images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.ico) {
root /var/www/attilaegyed.com/html;
}
# pass the request to PHP
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# pass the request to the node.js server
# with some correct headers for proxy-awareness
location /node/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://backend/;
proxy_redirect off;
# Handle Web Socket connections
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# The first node application
upstream app-one {
server 127.0.0.1:3000 max_fails=0;
}
# The second node application
upstream app-two {
server 127.0.0.1:3001 max_fails=0;
}
# Server configuration for the first node application
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/server-app-one.crt;
ssl_certificate_key /etc/ssl/private/server-app-one.key;
# Server triggered by incoming subdomain name
server_name app-one.website.com;
add_header Strict-Transport-Security max-age=500;
# Sends all requests to application one
location / {
proxy_pass http://app-one;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# Server configuration for the second node application
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/server-app-two.crt;
ssl_certificate_key /etc/ssl/private/server-app-two.key;
# Server triggered by incoming subdomain name
server_name app-two.website.com;
add_header Strict-Transport-Security max-age=500;
# Sends all requests to application two
location / {
proxy_pass http://app-two;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
# Default server, rejects all requests
# This path is only taken if all above fail
server {
listen 443 default_server;
ssl on;
ssl_certificate /etc/ssl/certs/server-default.crt;
ssl_certificate_key /etc/ssl/private/server-default.key;
add_header Strict-Transport-Security max-age=500;
location / {
deny all;
}
}
# node.js running locally on port 3000
upstream youtrack_upstream {
server 127.0.0.1:3000;
keepalive 64;
}
# redirect www.example.com to example.com
server {
listen 80;
server_name www.youtrack.io;
return 301 $scheme://youtrack.io$request_uri;
}
# the public nginx server instance running on port 80
server {
listen 80;
server_name youtrack.io;
access_log /var/log/nginx/youtrack.io-access.log;
error_log /var/log/nginx/youtrack.io-error.log error;
# serve static files with nginx
location ~ ^/(images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.ico) {
root /var/www/youtrack.io/html/.tmp/public;
access_log off;
expires max;
}
# Browser and robot always look for these, turn off logging for them
#location = /favicon.ico { log_not_found off; access_log off; }
#location = /robots.txt { log_not_found off; access_log off; }
# run the app on the root directory
location / {
# the following is required for WebSockets
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# supposedly prevents 502 bad gateway error;
# ultimately not necessary in my case
proxy_buffers 8 32k;
proxy_buffer_size 64k;
# the following is required
proxy_pass http://youtrack_upstream;
proxy_redirect off;
# the following is required as well for WebSockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on; # not necessary
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment