Last active
July 20, 2018 22:20
-
-
Save bdombro/595493acf8640fd2d736e30de7c837e4 to your computer and use it in GitHub Desktop.
NGINX PM2 Reverse Proxy with Caching
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Note: if using cloudfare, you MUST add a http redirect rule in cloudflare or | |
# cf will cache the 301 redirect for both HTTP AND HTTPS, causing an infinite 301 loop | |
# Ex rule: http://*domain.dev/* with action Always Use HTTPS | |
# Ref: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-16-04 | |
proxy_cache_path /var/cache/nginx/aii.globalintegrity.org_proxy levels=1:2 keys_zone=aii.globalintegrity.org_proxy:10m max_size=187108864 inactive=7d use_temp_path=off; | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name 127.0.0.1 159.89.241.152 aii.globalintegrity.org; | |
return 301 https://aii.globalintegrity.org$request_uri; | |
include snippets/cloudflare.conf; | |
root /var/www/app; | |
location / { | |
proxy_pass http://localhost:1337; | |
proxy_http_version 1.1; | |
} | |
} | |
server { | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
server_name 127.0.0.1 159.89.241.152 aii.globalintegrity.org; | |
#include snippets/snakeoil.conf; # Self signed certs snippet | |
#include snippets/ssl-params.conf; | |
include snippets/cloudflare.conf; | |
root /var/www/app; | |
# index index.php index.html index.htm index.nginx-debian.html; | |
# Cranking this up allows connections to stay open longer which boosts speed but costs a little overhead | |
# Each client opens ~7 connections. Nginx will scale down if limits reached though. | |
# THIS MAKES A HUGE DIFFERENCE IN PAGE LOAD SPEED | |
keepalive_timeout 240s; | |
keepalive_requests 1000; | |
set $no_cache ""; | |
if ($request_uri ~* "/admin/") { | |
set $no_cache 1; | |
} | |
set $cache_cookie $http_cookie; | |
if ($cache_cookie ~ ".*sails.sid.*") { | |
set $no_cache 1; | |
} | |
add_header X-Cache-Status $upstream_cache_status; | |
add_header Upgrade $http_upgrade; | |
add_header Connection 'upgrade'; | |
add_header Host $host; | |
add_header X-Real-IP $remote_addr; | |
add_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
add_header X-Forwarded-Proto $scheme; | |
location / { | |
proxy_pass http://localhost:1337; | |
proxy_http_version 1.1; | |
access_log off; | |
proxy_cache aii.globalintegrity.org_proxy; | |
proxy_no_cache $no_cache; | |
proxy_cache_bypass $no_cache; | |
proxy_cache_valid any 7d; | |
proxy_cache_use_stale updating; | |
proxy_cache_lock on; | |
proxy_ignore_headers Cache-Control Set-Cookie; | |
proxy_hide_header set-cookie; | |
proxy_connect_timeout 600; | |
proxy_send_timeout 600; | |
proxy_read_timeout 600; | |
send_timeout 600; | |
} | |
# File caching | |
#location ~* \.(js|css|png|jpg|jpeg|gif|ico|eot|otf|ttf|woff|txt)$ { | |
# add_header Access-Control-Allow-Origin *; | |
# access_log off; log_not_found off; | |
# expires 30d; | |
#} | |
#location = /robots.txt { access_log off; log_not_found off; } | |
#location ~ /\. { deny all; access_log off; log_not_found off; } | |
expires "1800"; | |
ssl_certificate /etc/letsencrypt/live/aii.globalintegrity.org/fullchain.pem; # managed by Certbot | |
ssl_certificate_key /etc/letsencrypt/live/aii.globalintegrity.org/privkey.pem; # managed by Certbot | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment