Skip to content

Instantly share code, notes, and snippets.

@goodGid
Last active March 5, 2022 03:14
Show Gist options
  • Save goodGid/19aceb989a86adbb4560e976cf437453 to your computer and use it in GitHub Desktop.
Save goodGid/19aceb989a86adbb4560e976cf437453 to your computer and use it in GitHub Desktop.
Nginx Conf
# Set Load Balance
upstream odot_servers {
# Traffic Distribute Strategy
# 1. Round Robin
# Default Strategy
# 2. ip_hash;
# Same ip address are always assigned to the same server
# 3. least_conn;
# Distribute reqeust to the server with the fewest connections.
ip_hash;
server localhost:8080;
server localhost:8081;
}
server {
listen 80;
server_name 1.1.1.1;
# The nginx version is not specified in the response header Because of security.
# default : on
server_tokens off;
# Protect XSS Attack
add_header X-XSS-Protection "1; mode=block";
location / {
# Set Custom Header
add_header author "goodGid";
# If you want to request directly
proxy_pass http://localhost:8080;
# If you want to use Load Balancer
# proxy_pass http://odot_servers;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# If 'access.log' file doesn't exist, it was automatically generated.
# However, the 'nginx_log' directory must be created.
access_log /home/ubuntu/.../nginx_log/access.log;
}
}
# If you want to use HTTPS
server {
listen 443 ssl;
server_name {{Domain Name}};
# ex) server_name goodgid.ga;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!DH;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/{{Domain Name}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{Domain Name}}/privkey.pem;
# The nginx version is not specified in the response header Because of security.
# default : on
server_tokens off;
# Protect XSS Attack
add_header X-XSS-Protection "1; mode=block";
location / {
# Set Custom Header
add_header author "goodGid";
# If you want to request directly
proxy_pass http://localhost:8080;
# If you want to use Load Balancer
# proxy_pass http://odot_servers;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# If 'access.log' file doesn't exist, it was automatically generated.
# However, the 'nginx_log' directory must be created.
access_log /home/ubuntu/.../nginx_log/access.log;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment