Created
January 24, 2014 23:32
-
-
Save dylants/8609050 to your computer and use it in GitHub Desktop.
Nginx configuration file for sites-available to direct traffic based on subdomain to node servers, denying unknown subdomains
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The first node application | |
upstream app-one { | |
server 127.0.0.1:3000 max_fails=0; | |
} | |
# The second node application | |
upstream app-two { | |
server 127.0.0.1:3001 max_fails=0; | |
} | |
# Server configuration for the first node application | |
server { | |
listen 443; | |
ssl on; | |
ssl_certificate /etc/ssl/certs/server-app-one.crt; | |
ssl_certificate_key /etc/ssl/private/server-app-one.key; | |
# Server triggered by incoming subdomain name | |
server_name app-one.website.com; | |
add_header Strict-Transport-Security max-age=500; | |
# Sends all requests to application one | |
location / { | |
proxy_pass http://app-one; | |
proxy_redirect off; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto https; | |
} | |
} | |
# Server configuration for the second node application | |
server { | |
listen 443; | |
ssl on; | |
ssl_certificate /etc/ssl/certs/server-app-two.crt; | |
ssl_certificate_key /etc/ssl/private/server-app-two.key; | |
# Server triggered by incoming subdomain name | |
server_name app-two.website.com; | |
add_header Strict-Transport-Security max-age=500; | |
# Sends all requests to application two | |
location / { | |
proxy_pass http://app-two; | |
proxy_redirect off; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto https; | |
} | |
} | |
# Default server, rejects all requests | |
# This path is only taken if all above fail | |
server { | |
listen 443 default_server; | |
ssl on; | |
ssl_certificate /etc/ssl/certs/server-default.crt; | |
ssl_certificate_key /etc/ssl/private/server-default.key; | |
add_header Strict-Transport-Security max-age=500; | |
location / { | |
deny all; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This gist maybe out of date for more recent versions of nginx -- the entire gist should be wrapped in the
http
context, and an (empty)events
context is required outside of thehttp
context.