Last active
March 23, 2020 14:34
-
-
Save deskoh/38b45b944075ffc00b8ffda1c495bb48 to your computer and use it in GitHub Desktop.
NGINX Config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
listen [::]:80 default ipv6only=on; | |
root /usr/share/nginx/html; | |
index index.html index.htm; | |
server_name _; # all hostnames | |
location / { | |
try_files $uri /index.html; # To support SPA routing | |
} | |
# For liveness / readiness probe | |
location /healthz { | |
access_log off; | |
default_type text/plain; | |
return 200 "health\n"; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
server_name www.mywebsite.com; | |
root /usr/share/nginx/html; | |
ssl_certificate /etc/letsencrypt/www.mywebsite.com/fullchain.cer; | |
ssl_certificate_key /etc/letsencrypt/www.mywebsite.com/www.mywebsite.com.key; | |
include /etc/nginx/snippets/ssl-params.conf; | |
set $cors_origin ""; | |
set $cors_cred ""; | |
set $cors_header ""; | |
set $cors_method ""; | |
if ($http_origin ~ '^https?://(localhost|mywebsite\.com)$') { | |
set $cors_origin $http_origin; | |
set $cors_cred true; | |
set $cors_header $http_access_control_request_headers; | |
set $cors_method $http_access_control_request_method; | |
} | |
add_header Access-Control-Allow-Origin $cors_origin; | |
add_header Access-Control-Allow-Credentials $cors_cred; | |
add_header Access-Control-Allow-Headers $cors_header; | |
add_header Access-Control-Allow-Methods $cors_method; | |
location / { | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header Host $http_host; | |
proxy_pass http://127.0.0.1:8080; | |
} | |
location ~ /.well-known { | |
allow all; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
events { | |
worker_connections 1024; | |
} | |
http { | |
server { | |
listen 80; | |
server_name localhost; | |
set $cypress_base_url "cdn.cypress.io/desktop"; | |
location ~ ^/desktop/([\d|\.]+)\/?$ { | |
set $version $1; | |
if ($arg_platform !~ "^(win32|linux|darwin)$") { return 404 'invalid platform'; } | |
set $platform $1; | |
if ($arg_arch !~ "^(ia32|x64)$") { return 404 'invalid arch' ; } | |
set $arch $1; | |
set $args ''; | |
rewrite ^.*$ $scheme://$cypress_base_url/$version/$platform-$arch/cypress.zip redirect; | |
} | |
location /desktop { | |
if ($arg_platform !~ "^(win32|linux|darwin)$") { return 404 'invalid platform'; } | |
set $platform $1; | |
if ($arg_arch !~ "^(ia32|x64)$") { return 404 'invalid arch' ; } | |
set $arch $1; | |
set $args ''; | |
rewrite ^.*$ $scheme://$cypress_base_url/latest/$platform-$arch/cypress.zip redirect; | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# References: | |
# https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/ | |
# https://github.com/KyleAMathews/docker-nginx/blob/master/nginx.conf | |
# http://nginx.org/en/docs/dirindex.html | |
# Run as a less privileged user for security reasons. | |
user nginx; | |
# The maximum number of connections for Nginx is calculated by: | |
# max_clients = worker_processes * worker_connections | |
worker_processes auto; | |
# Maximum open file descriptors per process; | |
# should be > worker_connections. | |
worker_rlimit_nofile 1024; | |
# Process needs to run in foreground within container | |
daemon off; | |
events { | |
worker_connections 1000; | |
multi_accept on; | |
use epoll; | |
} | |
# Log errors and warnings to this file | |
# This is only used when you don't override it on a server{} level | |
# error_log /var/log/nginx/error.log warn; | |
pid /run/nginx.pid; | |
http { | |
# Hide nginx version information. | |
server_tokens off; | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
# access_log /var/log/nginx/access.log main; | |
# Speed up file transfers by using sendfile() to copy directly | |
# between descriptors rather than using read()/write(). | |
sendfile on; | |
# Prevent one fast connection from entirely occupying the worker process. | |
sendfile_max_chunk 1m; | |
# Tell Nginx not to send out partial frames; this increases throughput | |
# since TCP frames are filled up before being sent out. (adds TCP_CORK) | |
tcp_nopush on; | |
# Tell Nginx to enable the Nagle buffering algorithm for TCP packets, which | |
# collates several smaller packets together into one larger packet, thus saving | |
# bandwidth at the cost of a nearly imperceptible increase to latency. (removes TCP_NODELAY) | |
tcp_nodelay on; | |
# How long to allow each connection to stay idle; longer values are better | |
# for each individual client, particularly for SSL, but means that worker | |
# connections are tied up longer. (Default: 65) | |
keepalive_timeout 65; | |
types_hash_max_size 2048; | |
# Define the MIME types for files. | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
# Update charset_types due to updated mime.types | |
charset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json; | |
# Load modular configuration files from the /etc/nginx/conf.d directory. | |
# See http://nginx.org/en/docs/ngx_core_module.html#include | |
# for more information. | |
include /etc/nginx/conf.d/*.conf; | |
# Compression | |
# Enable Gzip compressed. | |
gzip on; | |
# Enable compression both for HTTP/1.0 and HTTP/1.1 (required for CloudFront). | |
gzip_http_version 1.0; | |
# Compression level (1-9). | |
# 5 is a perfect compromise between size and cpu usage, offering about | |
# 75% reduction for most ascii files (almost identical to level 9). | |
gzip_comp_level 5; | |
# Don't compress anything that's already small and unlikely to shrink much | |
# if at all (the default is 20 bytes, which is bad as that usually leads to | |
# larger files after gzipping). | |
gzip_min_length 256; | |
# Compress data even for clients that are connecting to us via proxies, | |
# identified by the "Via" header (required for CloudFront). | |
gzip_proxied any; | |
# Tell proxies to cache both the gzipped and regular version of a resource | |
# whenever the client's Accept-Encoding capabilities header varies; | |
# Avoids the issue where a non-gzip capable client (which is extremely rare | |
# today) would display gibberish if their proxy gave them the gzipped version. | |
gzip_vary on; | |
# Compress all output labeled with one of the following MIME-types. | |
gzip_types | |
application/atom+xml | |
application/javascript | |
application/json | |
application/rss+xml | |
application/vnd.ms-fontobject | |
application/x-font-ttf | |
application/x-web-app-manifest+json | |
application/xhtml+xml | |
application/xml | |
font/opentype | |
image/svg+xml | |
image/x-icon | |
text/css | |
text/plain | |
text/x-component; | |
# text/html is always compressed by HttpGzipModule | |
server { | |
listen 8080 default_server; | |
listen [::]:8080 default_server; | |
server_name _; | |
root /usr/share/nginx/html; | |
# Load configuration files for the default server block. | |
include /etc/nginx/default.d/*.conf; | |
location / { | |
# To support SPA | |
try_files $uri /index.html; | |
} | |
error_page 404 /404.html; | |
location = /40x.html { | |
} | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
worker_processes 1; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
# For websocket: Map $connection_upgrade to 'upgrade' if HTTP Upgrade present, 'close' otherwise | |
# By default, the connection will be closed if the proxied server does not transmit any data within | |
# 60 seconds. This timeout can be increased with the proxy_read_timeout directive. | |
# Reference: http://nginx.org/en/docs/http/websocket.html | |
map $http_upgrade $connection_upgrade { | |
default upgrade; | |
'' close; | |
} | |
include mime.types; | |
default_type application/octet-stream; | |
#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
# '$status $body_bytes_sent "$http_referer" ' | |
# '"$http_user_agent" "$http_x_forwarded_for"'; | |
#access_log logs/access.log main; | |
keepalive_timeout 65; | |
#gzip on; | |
upstream testingVM { | |
server 50.6.22.111:8081; | |
} | |
server { | |
listen 8080; | |
server_name localhost; | |
#access_log logs/host.access.log main; | |
location / { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $host; | |
proxy_pass http://localhost:3000; | |
# Following required for websocket | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $connection_upgrade; | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# For more information on configuration, see: | |
# * Official English Documentation: http://nginx.org/en/docs/ | |
# * Official Russian Documentation: http://nginx.org/ru/docs/ | |
user nginx; | |
worker_processes auto; | |
error_log /var/log/nginx/error.log info; | |
pid /run/nginx.pid; | |
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. | |
include /usr/share/nginx/modules/*.conf; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$uri $query_string' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
access_log /var/log/nginx/access.log main; | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 10; # Upstream LB timeout should be shorter than this value. | |
send_timeout 10; | |
large_client_header_buffers 2 1k; | |
client_body_timeout 10; | |
client_header_timeout 10; | |
client_max_body_size 100K; # Modify according to application needs | |
types_hash_max_size 2048; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
# Load modular configuration files from the /etc/nginx/conf.d directory. | |
# See http://nginx.org/en/docs/ngx_core_module.html#include | |
# for more information. | |
include /etc/nginx/conf.d/*.conf; | |
# Uncomment for host name whitelisting | |
# server { return 404; } | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name _; | |
root /usr/share/nginx/html; | |
server_tokens off; | |
add_header X-Frame-Options "SAMEORIGIN"; | |
add_header X-Content-Type-Options "nosniff"; | |
add_header X-Xss-Protection "1; mode=block"; | |
add_header Content-Security-Policy "default-src https: 'self'; script-src https 'self'"; | |
# Load configuration files for the default server block. | |
include /etc/nginx/default.d/*.conf; | |
location ~ /\. { deny all; return 404; } | |
if ($request_method !~ ^(GET|HEAD)$) { | |
return 444; | |
} | |
location / { | |
try_files $uri /index.html; # To support SPA routing | |
} | |
# # For liveness / readiness probe | |
# location /health { | |
# access_log off; | |
# default_type text/plain; | |
# return 200 "healthy"; | |
# } | |
error_page 404 /404.html; | |
location = /40x.html { | |
} | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#user nobody; | |
worker_processes 1; | |
#error_log logs/error.log; | |
#error_log logs/error.log notice; | |
#error_log logs/error.log info; | |
#pid logs/nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
include mime.types; | |
default_type application/octet-stream; | |
#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
# '$status $body_bytes_sent "$http_referer" ' | |
# '"$http_user_agent" "$http_x_forwarded_for"'; | |
#access_log logs/access.log main; | |
sendfile on; | |
#tcp_nopush on; | |
#keepalive_timeout 0; | |
keepalive_timeout 65; | |
#gzip on; | |
server { | |
listen 80; | |
server_name localhost; | |
#charset koi8-r; | |
#access_log logs/host.access.log main; | |
location / { | |
root html; | |
index index.html index.htm; | |
} | |
#error_page 404 /404.html; | |
# redirect server error pages to the static page /50x.html | |
# | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
root html; | |
} | |
# proxy the PHP scripts to Apache listening on 127.0.0.1:80 | |
# | |
#location ~ \.php$ { | |
# proxy_pass http://127.0.0.1; | |
#} | |
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 | |
# | |
#location ~ \.php$ { | |
# root html; | |
# fastcgi_pass 127.0.0.1:9000; | |
# fastcgi_index index.php; | |
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; | |
# include fastcgi_params; | |
#} | |
# deny access to .htaccess files, if Apache's document root | |
# concurs with nginx's one | |
# | |
#location ~ /\.ht { | |
# deny all; | |
#} | |
} | |
# another virtual host using mix of IP-, name-, and port-based configuration | |
# | |
#server { | |
# listen 8000; | |
# listen somename:8080; | |
# server_name somename alias another.alias; | |
# location / { | |
# root html; | |
# index index.html index.htm; | |
# } | |
#} | |
# HTTPS server | |
# | |
#server { | |
# listen 443 ssl; | |
# server_name localhost; | |
# ssl_certificate cert.pem; | |
# ssl_certificate_key cert.key; | |
# ssl_session_cache shared:SSL:1m; | |
# ssl_session_timeout 5m; | |
# ssl_ciphers HIGH:!aNULL:!MD5; | |
# ssl_prefer_server_ciphers on; | |
# location / { | |
# root html; | |
# index index.html index.htm; | |
# } | |
#} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# For more information on configuration, see: | |
# * Official English Documentation: http://nginx.org/en/docs/ | |
# * Official Russian Documentation: http://nginx.org/ru/docs/ | |
user nginx; | |
worker_processes auto; | |
error_log /var/log/nginx/error.log info; | |
pid /run/nginx.pid; | |
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. | |
include /usr/share/nginx/modules/*.conf; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
access_log /var/log/nginx/access.log main; | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 65; | |
types_hash_max_size 2048; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
# Load modular configuration files from the /etc/nginx/conf.d directory. | |
# See http://nginx.org/en/docs/ngx_core_module.html#include | |
# for more information. | |
include /etc/nginx/conf.d/*.conf; | |
server { | |
listen 80 default_server; | |
listen [::]:80 default_server; | |
server_name _; | |
root /usr/share/nginx/html; | |
# Load configuration files for the default server block. | |
include /etc/nginx/default.d/*.conf; | |
location / { | |
} | |
error_page 404 /404.html; | |
location = /40x.html { | |
} | |
error_page 500 502 503 504 /50x.html; | |
location = /50x.html { | |
} | |
} | |
# Settings for a TLS enabled server. | |
# | |
# server { | |
# listen 443 ssl http2 default_server; | |
# listen [::]:443 ssl http2 default_server; | |
# server_name _; | |
# root /usr/share/nginx/html; | |
# | |
# ssl_certificate "/etc/pki/nginx/server.crt"; | |
# ssl_certificate_key "/etc/pki/nginx/private/server.key"; | |
# ssl_session_cache shared:SSL:1m; | |
# ssl_session_timeout 10m; | |
# ssl_ciphers PROFILE=SYSTEM; | |
# ssl_prefer_server_ciphers on; | |
# | |
# # Load configuration files for the default server block. | |
# include /etc/nginx/default.d/*.conf; | |
# | |
# location / { | |
# } | |
# | |
# error_page 404 /404.html; | |
# location = /40x.html { | |
# } | |
# | |
# error_page 500 502 503 504 /50x.html; | |
# location = /50x.html { | |
# } | |
# } | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment