Created
May 17, 2018 07:40
-
-
Save yann-yinn/ac68d308b2069982f898736a3d76d2f0 to your computer and use it in GitHub Desktop.
Nginx conf with automatically renewed ssl certificate (cerbot) for NodeJS or React app (or any static files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # first install certbot and then run this command on your server | |
| # certbot certonly --authenticator standalone --pre-hook "nginx -s stop" --post-hook "nginx" | |
| # this will stop for a few seconds your nginx server and generate your Let's Encrypt ssl certificates, and configure | |
| # cron so that certificates are renewed automatically \o/ | |
| # now create your nginx conf for your nodejs app : | |
| # on port 80 (http), redirect to httpS (443) | |
| server { | |
| if ($host = www.your-domain.com) { | |
| return 301 https://$host$request_uri; | |
| } | |
| listen 80; | |
| server_name www.your-domain.com; | |
| return 404; # managed by Certbot | |
| } | |
| server { | |
| server_name www.your-domain.com; | |
| location / { | |
| # serve the node process running on port 3000 | |
| proxy_pass http://localhost:3000; | |
| } | |
| # use certificates managed by certbot | |
| listen 443 ssl; # managed by Certbot | |
| ssl_certificate /etc/letsencrypt/live/www.your-domain.com/fullchain.pem; # managed by Certbot | |
| ssl_certificate_key /etc/letsencrypt/live/www.your-domain.com/privkey.pem; # managed by Certbot | |
| include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
| } | |
gzip
server {
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# text/html is always compressed by gzip module
}
cache expires
# Expire rules for static content
# cache.appcache, your document html and data
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
# Feed
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript (require some hashed file name !)
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
@Goopil thx !
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
load balancing