Last active
February 21, 2020 08:57
-
-
Save kritik/885ee045516f506ad21b750a3a20d38e to your computer and use it in GitHub Desktop.
NGINX comments.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo apt-get update | |
| sudo apt-get install nginx -y | |
| # install certbot | |
| # in the conf | |
| events {} | |
| http{ | |
| server { | |
| listen 80; | |
| server_name your_domain.ee; | |
| location / { | |
| return 200 "Hello from nginx"; | |
| } | |
| } | |
| } | |
| certbot --nginx | |
| ls -l /etc/letsencrypt/live/your_domain.ee/ | |
| crontab -e > @daily certbot renew # check, it may be already set |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| For AB testing/beta testing we can use | |
| 1) http://nginx.org/en/docs/http/ngx_http_split_clients_module.html#split_clients | |
| 2) set different upstream and then redirect users by if command | |
| We can add visitor's country/city to headers from IP via nginx GoIP module, instead rails apps |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # TODO: add server push | |
| # | |
| # var doc: http://nginx.org/en/docs/varindex.html | |
| # dynamic modules https://docs.nginx.com/nginx/admin-guide/dynamic-modules/dynamic-modules/ | |
| context - block of configuration | |
| directive - line of option and value | |
| worker_process auto; # 1CPU->1 worker. Number workes cannot be more than CPU. lscpu | |
| events{ | |
| worker_connections 1024; # can take number from ulimit -n | |
| multi_accept: on; #accep immediatelly all connections, default: on | |
| use epoll; | |
| } | |
| http{ | |
| # upstream doc: https://nginx.org/en/docs/http/ngx_http_upstream_module.html | |
| # roundrobin - 1 after another (no config) | |
| # sticky sessions - by ip hash (add ip_hash;) | |
| # least loaded - checks if server is still dealing with connection (add least_conn;) | |
| upstream balancer{ | |
| #ip_hash; # to set sticky session | |
| least_conn; | |
| server localhost:10001; | |
| server localhost:10002; | |
| } | |
| open_file_cache*:* # helps to cache reading files from HD | |
| add_header X-Frame-Options SAMEORIGIN; # iframe works if from same domain | |
| include mime.types; - allows nginx to set correct mime types based on extension | |
| gzip on; # standard directive, everything after this one will be influenced by gzip, incl server. | |
| # NB! if set after logic, then don't apply. | |
| # but if put inside server then server will also see | |
| gzip_min_length 100; #in bytes | |
| gzip_compression_level 3; # recommended 1-4; | |
| gzip_types text/plain text/css; | |
| gzip_types text/javascript; | |
| gzip_types text/html; #default only this | |
| gzip_disable "msie6"; | |
| server_tokens off; # will hide nginx version | |
| server { | |
| listen 443 ssl http2; | |
| if ($http_user_agent ~* badbot){ return 403 } | |
| if ($http_referer ~* badbot){ return 403 } | |
| location @my-server { | |
| proxy_pass http://balancer/; # it's better to set "/" to the end as convention | |
| http2_push_preload on; # allow push preload | |
| # server has to add header: Link: </style.css>; as=style; rel=preload, </favicon.ico>; as=image; rel=preload | |
| # h= ActionController::Base.helpers | |
| # response.headers["Link"] = "<#{h.asset_pack_path("application.css")}>; as=style; rel=preload,<#{h.asset_path("application.css")}>; as=style; rel=preload, </#{h.asset_pack_path("application.js")}>; as=script; rel=preload" | |
| add_header proxied nginx; # adds header to the client (response), rails won't see it | |
| proxy_set_header proxied2 nginx; # adds header to the rails (request), client won't see it. | |
| } | |
| # location ordering | |
| # 1. = # exact match | |
| # 2. ^~ # preferable prefix | |
| # 3. ~ & *~ # regexp matching (*~) - case insensitive | |
| # 4. no modifier prefix match | |
| location = /exact-path{ | |
| access_log off; # swithecs log only here | |
| error_log off; # swithecs log only here | |
| root /path/in/fs; # custom path | |
| try_files $uri $uri/ index.php?$args =404; # tries file by url and if not found then returns 404 | |
| } | |
| location /home { | |
| rewrite ^ /index.html; #request will be sent to index.html | |
| } | |
| location ~* \.(js|css|png)$ { | |
| expires 1M; # in 1 month | |
| access_log off; # no need to log | |
| add_header Pragma public; # old way of cache-control | |
| add_header Cache-Control public; | |
| add_header Vary Accept-Encoding; | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ./configure --help|grep without | |
| ./configure --with-http_v2_module --with-http_ssl_module --without-http_autoindex_module | |
| # todo: add brotli installation guides for Debian |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment