Last active
March 28, 2019 13:51
-
-
Save kaznak/73f12a307e4fe813c347403738732818 to your computer and use it in GitHub Desktop.
example nginx site conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| server_name _; | |
| listen 80 default_server; | |
| listen [::]:80 default_server; | |
| # !!TODO!! This description requires validation. | |
| location /.well-known/acme-challenge { | |
| allow all; | |
| alias /var/www/acme; | |
| } | |
| # If 2 or more different sites are hosted on this machine | |
| # and if the ACME protocol client works the sites simultaneously, | |
| # the client processes(or threads) could handle | |
| # the same file for the different sites. | |
| # This behaviour must cause some security trouble. | |
| location / { | |
| return 301 https://$host$request_uri; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # set this into http clause | |
| upstream appserver { | |
| server localhost:3000; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { # dummy server | |
| server_name www.example.com; | |
| listen 3000; | |
| listen [::]:3000; | |
| root /var/www/www.example.com; | |
| index index.html index.htm index.nginx-debian.html; | |
| location / { | |
| # see: https://stackoverflow.com/questions/19285355/nginx-403-error-directory-index-of-folder-is-forbidden#38046124 | |
| try_files $uri $uri/ =404; | |
| } | |
| } | |
| server { | |
| server_name www.example.com; | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; | |
| add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload'; | |
| # auth_basic www.example.com; | |
| # auth_basic_user_file /etc/nginx/auth_basic/www.example.com; | |
| location / { | |
| proxy_pass http://appserver; | |
| # proxy_pass https://appserver; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-Addr $remote_addr; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| # proxy_ssl_verify off; | |
| } | |
| } | |
| server { | |
| server_name example.com; | |
| listen 443 ssl; | |
| listen [::]:443 ssl; | |
| add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload'; | |
| return 301 https://www.$host$request_uri; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment