Last active
July 31, 2016 15:45
-
-
Save moshest/4c5b29b6e8e5c26ca754b249994ff41e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo yum install epel-release | |
sudo yum install nginx | |
#mkdir cert && cd ./cert | |
#openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr | |
sudo /etc/init.d/nginx start | |
update-rc.d nginx defaults | |
#nano /etc/nginx/nginx.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#user nobody; | |
worker_processes 1; | |
#error_log logs/error.log; | |
#error_log logs/error.log notice; | |
#error_log logs/error.log info; | |
#pid logs/nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
include mime.types; | |
default_type application/octet-stream; | |
#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
# '$status $body_bytes_sent "$http_referer" ' | |
# '"$http_user_agent" "$http_x_forwarded_for"'; | |
#access_log logs/access.log main; | |
sendfile on; | |
#tcp_nopush on; | |
#keepalive_timeout 0; | |
keepalive_timeout 65; | |
#gzip on; | |
upstream instances { | |
server 52.28.203.194; | |
} | |
server { | |
listen 80; | |
listen 443 default_server ssl; | |
server_name $hostname; | |
ssl_certificate /home/ec2-user/cert/ca.crt; | |
ssl_certificate_key /home/ec2-user/cert/server.key; | |
#ssl_client_certificate /home/ec2-user/cert/ca.crt; | |
ssl_session_timeout 5m; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; | |
location / { | |
proxy_pass http://instances:8080; | |
proxy_redirect off; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade \$http_upgrade; | |
proxy_set_header Connection 'upgrade'; | |
proxy_set_header Host \$host; | |
proxy_set_header X-NginX-Proxy true; | |
proxy_set_header X-Real-IP \$remote_addr; | |
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_cache_bypass \$http_upgrade; | |
client_max_body_size 16m; | |
client_body_buffer_size 128k; | |
proxy_buffering on; | |
proxy_connect_timeout 90; | |
proxy_send_timeout 90; | |
proxy_read_timeout 120; | |
proxy_buffer_size 16k; | |
proxy_buffers 32 32k; | |
proxy_busy_buffers_size 64k; | |
proxy_temp_file_write_size 64k; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment