Nginx - studiofu/brain GitHub Wiki
Quick Start
to how how to configure NGINX as reverse proxy
edit the config file, in which located at \conf\nginx.conf
basic operations
run nginx to start the application
run nginx -t to check the syntax
run nginx -s reload to reload the configuration
run nginx -s stop to stop the server
import cert to java keystore for nginx
keytool -importcert -keystore cacerts -storepass changeit -file c:\xxxxxx\secure.crt
# basic setup
server{
listen 80;
server_name example.yourdomain.com;
location / {
proxy_pass http://www.your-real-domain.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_max_temp_file_size 0;
}
}
setup ssl to use as reverse proxy
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;
ssl_certificate private.crt;
ssl_certificate_key private.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
}
}
spring boot integration in application.yml
server:
port: 8080
use-forward-headers: true
tomcat:
remote-ip-header: "X-Forwarded-For"
protocol-header: "X-Forwarded-Proto"
add SameSite to cookie
https://serverfault.com/questions/849888/add-samesite-to-cookies-using-nginx-as-reverse-proxy
location / {
# your usual config ...
# hack, set all cookies to secure, httponly and samesite (strict or lax)
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
proxy_cookie_path /auth "/auth; secure; HttpOnly; SameSite=strict";
}
redirection
location = / {
return 301 /auth/admin/index.xhtml;
}
cache control in spring
@Configuration
@Slf4j
public class NoCacheFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate;");
chain.doFilter(request, response);
}
}
Resources
將 Nginx 註冊成 windows service
https://chaosweys.blogspot.com/2018/06/nginx-windows-service.html
Setting hash ip and pass client ip through the loading balance to down stream
https://serverfault.com/questions/832790/sticky-sessions-with-nginx-proxy
Hot reload configuration
https://serverfault.com/questions/378581/nginx-config-reload-without-downtime
service nginx reload or /etc/init.d/nginx reload
Nginx 設定反向代理 Reverse Proxy