Last active
March 5, 2022 03:14
-
-
Save goodGid/19aceb989a86adbb4560e976cf437453 to your computer and use it in GitHub Desktop.
Nginx Conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Set Load Balance | |
upstream odot_servers { | |
# Traffic Distribute Strategy | |
# 1. Round Robin | |
# Default Strategy | |
# 2. ip_hash; | |
# Same ip address are always assigned to the same server | |
# 3. least_conn; | |
# Distribute reqeust to the server with the fewest connections. | |
ip_hash; | |
server localhost:8080; | |
server localhost:8081; | |
} | |
server { | |
listen 80; | |
server_name 1.1.1.1; | |
# The nginx version is not specified in the response header Because of security. | |
# default : on | |
server_tokens off; | |
# Protect XSS Attack | |
add_header X-XSS-Protection "1; mode=block"; | |
location / { | |
# Set Custom Header | |
add_header author "goodGid"; | |
# If you want to request directly | |
proxy_pass http://localhost:8080; | |
# If you want to use Load Balancer | |
# proxy_pass http://odot_servers; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
# If 'access.log' file doesn't exist, it was automatically generated. | |
# However, the 'nginx_log' directory must be created. | |
access_log /home/ubuntu/.../nginx_log/access.log; | |
} | |
} | |
# If you want to use HTTPS | |
server { | |
listen 443 ssl; | |
server_name {{Domain Name}}; | |
# ex) server_name goodgid.ga; | |
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!DH; | |
ssl_prefer_server_ciphers on; | |
ssl_certificate /etc/letsencrypt/live/{{Domain Name}}/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/{{Domain Name}}/privkey.pem; | |
# The nginx version is not specified in the response header Because of security. | |
# default : on | |
server_tokens off; | |
# Protect XSS Attack | |
add_header X-XSS-Protection "1; mode=block"; | |
location / { | |
# Set Custom Header | |
add_header author "goodGid"; | |
# If you want to request directly | |
proxy_pass http://localhost:8080; | |
# If you want to use Load Balancer | |
# proxy_pass http://odot_servers; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
# If 'access.log' file doesn't exist, it was automatically generated. | |
# However, the 'nginx_log' directory must be created. | |
access_log /home/ubuntu/.../nginx_log/access.log; | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment