bdombro/nginx-pm2-reverse-proxy-with-caching.conf

## nginx-pm2-reverse-proxy-with-caching.conf
# Note: if using cloudfare, you MUST add a http redirect rule in cloudflare or
# cf will cache the 301 redirect for both HTTP AND HTTPS, causing an infinite 301 loop
# Ex rule:  http://*domain.dev/* with action Always Use HTTPS
# Ref: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-16-04


proxy_cache_path /var/cache/nginx/aii.globalintegrity.org_proxy levels=1:2 keys_zone=aii.globalintegrity.org_proxy:10m max_size=187108864 inactive=7d use_temp_path=off;

server {
	listen 80;
	listen [::]:80;
	server_name 127.0.0.1 159.89.241.152 aii.globalintegrity.org;

	return 301 https://aii.globalintegrity.org$request_uri;

	include snippets/cloudflare.conf;

	root /var/www/app;

	location / {
		proxy_pass http://localhost:1337;
		proxy_http_version 1.1;
	}

}

server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name 127.0.0.1 159.89.241.152 aii.globalintegrity.org;

	#include snippets/snakeoil.conf; # Self signed certs snippet
	#include snippets/ssl-params.conf;

	include snippets/cloudflare.conf;

	root /var/www/app;
	# index index.php index.html index.htm index.nginx-debian.html;

	# Cranking this up allows connections to stay open longer which boosts speed but costs a little overhead
	# Each client opens ~7 connections.  Nginx will scale down if limits reached though.
	# THIS MAKES A HUGE DIFFERENCE IN PAGE LOAD SPEED
	keepalive_timeout 240s;
	keepalive_requests 1000;

	set $no_cache "";
	if ($request_uri ~* "/admin/") {
		set $no_cache 1;
	}
	set $cache_cookie $http_cookie;
	if ($cache_cookie ~ ".*sails.sid.*") {
		set $no_cache 1;
	}

	add_header X-Cache-Status $upstream_cache_status;
	add_header Upgrade $http_upgrade;
	add_header Connection 'upgrade';
	add_header Host $host;
	add_header X-Real-IP $remote_addr;
	add_header X-Forwarded-For $proxy_add_x_forwarded_for;
	add_header X-Forwarded-Proto $scheme;

	location / {
		proxy_pass http://localhost:1337;
		proxy_http_version 1.1;
		access_log off;

		proxy_cache aii.globalintegrity.org_proxy;
		proxy_no_cache $no_cache;
		proxy_cache_bypass $no_cache;
		proxy_cache_valid any 7d;
		proxy_cache_use_stale updating;
		proxy_cache_lock on;
		proxy_ignore_headers Cache-Control Set-Cookie;
		proxy_hide_header set-cookie;
		proxy_connect_timeout 600;
		proxy_send_timeout 600;
		proxy_read_timeout 600;
		send_timeout 600;

	}

	# File caching
	#location ~* \.(js|css|png|jpg|jpeg|gif|ico|eot|otf|ttf|woff|txt)$ {
	#   add_header Access-Control-Allow-Origin *;
	#   access_log off; log_not_found off;
	#   expires 30d;
	#}
	#location = /robots.txt { access_log off; log_not_found off; }
	#location ~ /\. { deny all; access_log off; log_not_found off; }

	expires "1800";

	ssl_certificate /etc/letsencrypt/live/aii.globalintegrity.org/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/aii.globalintegrity.org/privkey.pem; # managed by Certbot
}
	# Note: if using cloudfare, you MUST add a http redirect rule in cloudflare or
	# cf will cache the 301 redirect for both HTTP AND HTTPS, causing an infinite 301 loop
	# Ex rule: http://domain.dev/ with action Always Use HTTPS
	# Ref: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-16-04


	proxy_cache_path /var/cache/nginx/aii.globalintegrity.org_proxy levels=1:2 keys_zone=aii.globalintegrity.org_proxy:10m max_size=187108864 inactive=7d use_temp_path=off;

	server {
	listen 80;
	listen [::]:80;
	server_name 127.0.0.1 159.89.241.152 aii.globalintegrity.org;

	return 301 https://aii.globalintegrity.org$request_uri;

	include snippets/cloudflare.conf;

	root /var/www/app;

	location / {
	proxy_pass http://localhost:1337;
	proxy_http_version 1.1;
	}

	}

	server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name 127.0.0.1 159.89.241.152 aii.globalintegrity.org;

	#include snippets/snakeoil.conf; # Self signed certs snippet
	#include snippets/ssl-params.conf;

	include snippets/cloudflare.conf;

	root /var/www/app;
	# index index.php index.html index.htm index.nginx-debian.html;

	# Cranking this up allows connections to stay open longer which boosts speed but costs a little overhead
	# Each client opens ~7 connections. Nginx will scale down if limits reached though.
	# THIS MAKES A HUGE DIFFERENCE IN PAGE LOAD SPEED
	keepalive_timeout 240s;
	keepalive_requests 1000;

	set $no_cache "";
	if ($request_uri ~* "/admin/") {
	set $no_cache 1;
	}
	set $cache_cookie $http_cookie;
	if ($cache_cookie ~ ".sails.sid.") {
	set $no_cache 1;
	}

	add_header X-Cache-Status $upstream_cache_status;
	add_header Upgrade $http_upgrade;
	add_header Connection 'upgrade';
	add_header Host $host;
	add_header X-Real-IP $remote_addr;
	add_header X-Forwarded-For $proxy_add_x_forwarded_for;
	add_header X-Forwarded-Proto $scheme;

	location / {
	proxy_pass http://localhost:1337;
	proxy_http_version 1.1;
	access_log off;

	proxy_cache aii.globalintegrity.org_proxy;
	proxy_no_cache $no_cache;
	proxy_cache_bypass $no_cache;
	proxy_cache_valid any 7d;
	proxy_cache_use_stale updating;
	proxy_cache_lock on;
	proxy_ignore_headers Cache-Control Set-Cookie;
	proxy_hide_header set-cookie;
	proxy_connect_timeout 600;
	proxy_send_timeout 600;
	proxy_read_timeout 600;
	send_timeout 600;

	}

	# File caching
	#location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico\|eot\|otf\|ttf\|woff\|txt)$ {
	# add_header Access-Control-Allow-Origin *;
	# access_log off; log_not_found off;
	# expires 30d;
	#}
	#location = /robots.txt { access_log off; log_not_found off; }
	#location ~ /\. { deny all; access_log off; log_not_found off; }

	expires "1800";

	ssl_certificate /etc/letsencrypt/live/aii.globalintegrity.org/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/aii.globalintegrity.org/privkey.pem; # managed by Certbot
	}