Last active
September 21, 2017 17:15
-
-
Save davidep87/46868c89002ac89802768b279a0689e9 to your computer and use it in GitHub Desktop.
nginx http https reverse proxy server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Replace /usr/local/etc/nginx/nginx.conf with this. This is the | |
| # default location for Nginx according to 'nginx -h' | |
| worker_processes 1; | |
| error_log /etc/nginx/error.log; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| upstream nodejsservers { | |
| ip_hash; | |
| server localhost:31333; | |
| } | |
| # This should be in the same directory as this conf | |
| # e.g. /usr/local/etc/nginx | |
| include mime.types; | |
| default_type application/octet-stream; | |
| # Note this log_format is named 'main', and is used with the access log below | |
| log_format main '$remote_addr - $remote_user [$time_local] $status ' | |
| '"$request" $body_bytes_sent "$http_referer" ' | |
| '"$http_user_agent" "$http_x_forwarded_for"'; | |
| sendfile on; | |
| keepalive_timeout 65; | |
| # Without this I got this error: 'upstream sent too big header | |
| # while reading response header from upstream' | |
| proxy_buffer_size 128k; | |
| proxy_buffers 4 256k; | |
| proxy_busy_buffers_size 256k; | |
| server { | |
| server_name .example.net; | |
| return 301 https://www.example.com$request_uri; | |
| } | |
| server { | |
| root /home/user/project/; | |
| listen 443 ssl; | |
| ssl on; | |
| ssl_certificate /home/user/project/config/ssl/server.crt; | |
| ssl_certificate_key /home/user/project/config/ssl/server.key; | |
| server_name .example.com; | |
| keepalive_timeout 70; | |
| access_log /etc/nginx/nodeApp2.access.log main; | |
| client_max_body_size 10M; | |
| gzip on; | |
| gzip_comp_level 6; | |
| gzip_vary on; | |
| gzip_min_length 1000; | |
| gzip_proxied any; | |
| gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; | |
| gzip_buffers 16 8k; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Scheme $scheme; | |
| proxy_set_header X-Forwarded-SSL on; | |
| proxy_set_header X-Forwarded-Proto $scheme; #http pr https | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_ssl_session_reuse off; | |
| location /dashboard { | |
| try_files $uri /build/dashboard/index.html; | |
| } | |
| location /api { | |
| proxy_pass http://localhost:1337/api; | |
| proxy_ssl_certificate /home/user/project/config/ssl/server.crt; | |
| proxy_ssl_certificate_key /home/user/project/config/ssl/server.key; | |
| proxy_ssl_trusted_certificate /home/user/project/config/ssl/server.ca; | |
| proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| proxy_ssl_ciphers HIGH:!aNULL:!MD5; | |
| proxy_ssl_verify on; | |
| proxy_ssl_verify_depth 2; | |
| proxy_ssl_session_reuse on; | |
| } | |
| location ~ ^/css/(.*)\.(css|gif|png)$ { | |
| root /home/user/project/public/assets/; | |
| expires 1M; | |
| access_log off; | |
| add_header Cache-Control "public"; | |
| } | |
| location ~ ^/js/(.*)\.(js)$ { | |
| root /home/user/project/public/assets/; | |
| expires 1M; | |
| access_log off; | |
| add_header Cache-Control "public"; | |
| } | |
| location ~ ^/images/(.*)\.(png|jpg|jpeg|ico)$ { | |
| root /home/user/project/public/assets/; | |
| expires 1M; | |
| access_log off; | |
| add_header Cache-Control "public"; | |
| } | |
| location ~ ^/fonts/(.*)\.(eot|svg|ttf|woff|woff2|otf)$ { | |
| root /home/user/project/public/assets/; | |
| expires 1M; | |
| access_log off; | |
| add_header Cache-Control "public"; | |
| } | |
| location ~ ^/uploads/(.*)\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf)$ { | |
| root /home/user/project/public/; | |
| expires 1M; | |
| access_log off; | |
| add_header Cache-Control "public"; | |
| } | |
| location ~* ^.+\.(jpg|jpeg|png)$ { | |
| root /home/user/project/; | |
| expires 1M; | |
| access_log off; | |
| add_header Cache-Control "public"; | |
| } | |
| location /build/ { | |
| alias /home/user/project/build/; | |
| expires 30d; | |
| } | |
| location /docs/ { | |
| auth_basic "Restricted"; | |
| auth_basic_user_file /etc/nginx/.htpasswd; | |
| #auth_basic_user_file /usr/local/etc/nginx/.htpasswd; | |
| alias /home/user/project/docs/; | |
| expires 30d; | |
| } | |
| location / { | |
| proxy_pass http://localhost:1337; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Accel-Internal /internal-nginx-static-location; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment