-
-
Save elithrar/77ee6746104b900e866c to your computer and use it in GitHub Desktop.
nginx.conf *excerpt* for proxying to an upstream Go HTTP server.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http { | |
# logging | |
access_log /var/log/nginx/access.log main; | |
error_log /var/log/nginx/error.log crit; | |
# buffers | |
client_max_body_size 10m; | |
client_header_buffer_size 4k; | |
client_body_buffer_size 128k; | |
large_client_header_buffers 4 16k; | |
# keepalives | |
keepalive_timeout 15 15; | |
keepalive_requests 1024; | |
# timeouts | |
client_body_timeout 15; | |
client_header_timeout 15; | |
send_timeout 15; | |
# cache path | |
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=cache_name:10m max_size=1g; | |
upstream myapp { | |
server 127.0.0.1:8001; | |
keepalive 15; | |
} | |
server { | |
listen 80; | |
server_name www.mydomain.com; | |
return 301 https://www.mydomain.com$request_uri; | |
} | |
server { | |
listen 443 ssl; | |
server_name www.mydomain.com; | |
# SSL config goes here (removed for brevity) | |
add_header Strict-Transport-Security max-age=31536000 | |
error_page 502 503 504 /5xx.html; | |
location = /5xx.html { | |
root /public; | |
} | |
location /favicon.ico { | |
root /public; | |
} | |
location /robots.txt { | |
root /public; | |
} | |
location / { | |
proxy_pass http://myapp; | |
proxy_redirect off; | |
# Security headers removed, but think about X-Frame-Options, Content-Security-Policy, etc | |
# Enable HTTP keep-alives | |
proxy_http_version 1.1; | |
proxy_set_header Connection ""; | |
# Buffers | |
# Buffers should be greater than the mean response size to allow effective caching | |
proxy_buffering on; | |
proxy_buffers 32 16k; | |
proxy_buffer_size 32k; | |
proxy_busy_buffers_size 64k; | |
proxy_temp_file_write_size 64k; | |
# Caching | |
# Note that routes with Set-Cookie will not be cached so we do not need to be specific here | |
add_header Cache-Control "max-age=0, private, must-revalidate"; | |
proxy_cache cache_name; | |
proxy_cache_key "$scheme$host$request_uri"; | |
proxy_cache_valid 200 302 303 30s; | |
proxy_cache_valid 404 30s; | |
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; | |
add_header X-Cache $upstream_cache_status; | |
# Pass scheme and remote host IP to proxied application | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Scheme $scheme; | |
proxy_set_header Referer $http_referer; | |
proxy_set_header Host $http_host; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment