Created
April 6, 2020 15:26
-
-
Save annabunches/57a135b4ea7cec3a1a3fe1acd402bcaa to your computer and use it in GitHub Desktop.
Dead simple nginx reverse proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install nginx then stick this in a file in /etc/nginx/sites-enabled | |
upstream mylighttpdapp { | |
# If on the same system: | |
# server unix:/some/unix/socket | |
# OR | |
# server 127.0.0.1:8080 # assuming port 8080 or whatever | |
# If on a different system just | |
# server 1.2.3.4:8080 | |
} | |
server { | |
listen 80; | |
listen [::]:80; | |
# listen 443 ssl; # If you need https. Fully configuring that left as an exercise, docs online and everything goes in this block | |
# this is the magic that forwards to the 'upstream' we defined above. | |
# obvs you can use proxy_set_header for other headers you need for your app or whatever. | |
# The variables in here are defined by nginx for each request, so leave them as-is. | |
location / { | |
proxy_redirect off; # this makes the redirect transparent, good for app server isolation and generally recommended | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Protocol $scheme; | |
proxy_pass http://mylighttpdapp; # note that the 'upstream' previously defines this as an http (or https if the upstream has its own SSL certs) endpoint with a sort of fake DNS thing, so this is the desired syntax. | |
} | |
# That's it. You can have more 'location' blocks if you have, say, static files hosted somewhere other than the app, and | |
# nginx will always resolve to the most specific / longest path it finds a match for. | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment