Skip to content

Instantly share code, notes, and snippets.

@leosco
Last active January 23, 2019 01:14
Show Gist options
  • Save leosco/27afaf5742f980d7e8c955406538809a to your computer and use it in GitHub Desktop.
Save leosco/27afaf5742f980d7e8c955406538809a to your computer and use it in GitHub Desktop.
Nginx multi-core node processes w/ SSL termination and port 80 to 443 redirect; a config template
# one worker per CPU
worker_processes 4;
events {
# 256 times the number of CPUs you're using
worker_connections 1024;
}
http {
# websockets upgrade mapping
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# load balance 4 instances of a node process
upstream mysite {
server 127.0.0.1:3000;
server 127.0.0.1:3001;
server 127.0.0.1:3002;
server 127.0.0.1:3003;
}
# server endpoint configuration
server {
listen 80;
server_name mysite.name;
# redirect http to https
return 301 https://mysite.name$request_uri;
}
server {
listen 443 ssl;
keepalive_timeout 5m;
# SSL configuration
server_name mysite.name;
ssl_certificate /path/to/my/site.crt;
ssl_certificate_key /path/to/my/site.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
# websockets configuration, using our mapping
proxy_pass http://mysite;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
# you can declare special mime types to be processed here
types {
application/font-woff2 woff2;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment