useful links:
Last active
September 18, 2019 09:20
-
-
Save aegyed91/e6c372268488bb2c3af9 to your computer and use it in GitHub Desktop.
nginx + nodeJS + PHP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Define your "upstream" servers - the | |
# servers request will be sent to | |
upstream backend { | |
server 127.0.0.1:3000; # NodeJS Server 1 | |
} | |
# Define the Nginx server | |
# This will proxy any non-static directory | |
server { | |
listen 80; | |
server_name attilaegyed.com www.attilaegyed.com; | |
root /var/www/attilaegyed.com/html; | |
index index.html index.htm index.php; | |
access_log /var/log/nginx/attilaegyed.com-access.log; | |
error_log /var/log/nginx/attilaegyed.com-error.log error; | |
# Browser and robot always look for these | |
# Turn off logging for them | |
location = /favicon.ico { log_not_found off; access_log off; } | |
location = /robots.txt { log_not_found off; access_log off; } | |
# Handle static files so they are not proxied to NodeJS | |
# You may want to also hand these requests to other upstream | |
# servers, as you can define more than one! | |
location ~ ^/(images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.ico) { | |
root /var/www/attilaegyed.com/html; | |
} | |
# pass the request to PHP | |
location ~ \.php$ { | |
try_files $uri =404; | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
fastcgi_pass unix:/var/run/php5-fpm.sock; | |
fastcgi_index index.php; | |
include fastcgi_params; | |
} | |
# pass the request to the node.js server | |
# with some correct headers for proxy-awareness | |
location /node/ { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-NginX-Proxy true; | |
proxy_pass http://backend/; | |
proxy_redirect off; | |
# Handle Web Socket connections | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
} | |
} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The first node application | |
upstream app-one { | |
server 127.0.0.1:3000 max_fails=0; | |
} | |
# The second node application | |
upstream app-two { | |
server 127.0.0.1:3001 max_fails=0; | |
} | |
# Server configuration for the first node application | |
server { | |
listen 443; | |
ssl on; | |
ssl_certificate /etc/ssl/certs/server-app-one.crt; | |
ssl_certificate_key /etc/ssl/private/server-app-one.key; | |
# Server triggered by incoming subdomain name | |
server_name app-one.website.com; | |
add_header Strict-Transport-Security max-age=500; | |
# Sends all requests to application one | |
location / { | |
proxy_pass http://app-one; | |
proxy_redirect off; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto https; | |
} | |
} | |
# Server configuration for the second node application | |
server { | |
listen 443; | |
ssl on; | |
ssl_certificate /etc/ssl/certs/server-app-two.crt; | |
ssl_certificate_key /etc/ssl/private/server-app-two.key; | |
# Server triggered by incoming subdomain name | |
server_name app-two.website.com; | |
add_header Strict-Transport-Security max-age=500; | |
# Sends all requests to application two | |
location / { | |
proxy_pass http://app-two; | |
proxy_redirect off; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto https; | |
} | |
} | |
# Default server, rejects all requests | |
# This path is only taken if all above fail | |
server { | |
listen 443 default_server; | |
ssl on; | |
ssl_certificate /etc/ssl/certs/server-default.crt; | |
ssl_certificate_key /etc/ssl/private/server-default.key; | |
add_header Strict-Transport-Security max-age=500; | |
location / { | |
deny all; | |
} | |
} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# node.js running locally on port 3000 | |
upstream youtrack_upstream { | |
server 127.0.0.1:3000; | |
keepalive 64; | |
} | |
# redirect www.example.com to example.com | |
server { | |
listen 80; | |
server_name www.youtrack.io; | |
return 301 $scheme://youtrack.io$request_uri; | |
} | |
# the public nginx server instance running on port 80 | |
server { | |
listen 80; | |
server_name youtrack.io; | |
access_log /var/log/nginx/youtrack.io-access.log; | |
error_log /var/log/nginx/youtrack.io-error.log error; | |
# serve static files with nginx | |
location ~ ^/(images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.ico) { | |
root /var/www/youtrack.io/html/.tmp/public; | |
access_log off; | |
expires max; | |
} | |
# Browser and robot always look for these, turn off logging for them | |
#location = /favicon.ico { log_not_found off; access_log off; } | |
#location = /robots.txt { log_not_found off; access_log off; } | |
# run the app on the root directory | |
location / { | |
# the following is required for WebSockets | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-NginX-Proxy true; | |
# supposedly prevents 502 bad gateway error; | |
# ultimately not necessary in my case | |
proxy_buffers 8 32k; | |
proxy_buffer_size 64k; | |
# the following is required | |
proxy_pass http://youtrack_upstream; | |
proxy_redirect off; | |
# the following is required as well for WebSockets | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
tcp_nodelay on; # not necessary | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment