Created
September 5, 2018 17:24
-
-
Save afrokick/0ce702aed854879bd231580e3463f64e to your computer and use it in GitHub Desktop.
nginx configuration for meteor proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream meteor { | |
hash $remote_addr; | |
server app1.example.com:3000 max_fails=2 fail_timeout=5s; | |
server app2.example.com:3000 max_fails=2 fail_timeout=5s; | |
} | |
server { | |
root /var/www/html; | |
index index.html index.htm index.nginx-debian.html; | |
server_name example.com; | |
location / { | |
access_log off; | |
proxy_pass http://meteor; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection 'upgrade'; | |
proxy_set_header Host $host; | |
proxy_cache_bypass $http_upgrade; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_redirect off; | |
proxy_max_temp_file_size 0; | |
} | |
listen [::]:443 ssl ipv6only=on; # managed by Certbot | |
listen 443 ssl; # managed by Certbot | |
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot | |
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot | |
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | |
add_header Content-Security-Policy "frame-ancestors 'none'" always; | |
add_header X-Frame-Options "DENY" always; | |
add_header X-XSS-Protection "1; mode=block" always; | |
add_header X-Content-Type-Options "nosniff" always; | |
add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin" always; | |
} | |
server { | |
if ($host = example.com) { | |
return 301 https://$host$request_uri; | |
} | |
listen 80 default_server; | |
listen [::]:80 default_server; | |
server_name example.com; | |
return 404; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment