nginx configurations - restarone/violet_rails GitHub Wiki

intro

These configurations live in /etc/nginx/sites-available/yourdomain.com.conf and are symlinked to /etc/nginx/sites-enabled/yourdomain.com.conf

Basic configuration

This is the recommended config before setting up certbot

server {
    listen 80;
    server_name  yourdomain.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_http_version 1.1;
        proxy_set_header Upgrade websocket;
        proxy_set_header Connection Upgrade;
    }
    client_max_body_size 4G;
}

with certbot

use this configuration to force SSL

server {
    listen      80;


    #Rewrite all nonssl requests to ssl.
    return 301 https://$host$request_uri;
}



server {

    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    client_max_body_size 4G;

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
}

multiple server blocks to serve the same app on different domains

Sometimes you need exampleone.com and exampletwo.com to lead to the same server (eg: https://sipshucksip.com and https://coc.to). In these cases we will need to listen to requests for a specific domain name and serve the correct SSL redirect and certificate.

server {
  listen      80;
  server_name  exampleone.com;
  #Rewrite all nonssl requests to ssl.
  return 301 https://$server_name$request_uri;
}



server {
  server_name  exampleone.com;

  location / {
      proxy_pass http://localhost:3000;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
  }
  client_max_body_size 4G;

  listen 443 ssl;
  ssl_certificate /etc/letsencrypt/live/exampleone.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/exampleone.com/privkey.pem;
}


server {
  listen      80;
  server_name  exampletwo.com;
  #Rewrite all nonssl requests to ssl.
  return 301 https://$server_name$request_uri;
}



server {
  server_name  exampletwo.com;

  location / {
    proxy_pass http://localhost:3000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  client_max_body_size 4G;

  listen 443 ssl;
  ssl_certificate /etc/letsencrypt/live/exampletwo.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/exampletwo.com/privkey.pem;
}