Skip to content

Instantly share code, notes, and snippets.

@msankhala
Forked from apollolm/nginx-ssl-config
Created September 9, 2020 06:50
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save msankhala/4cf4fe7fbef8c7a4b54793a6c82bd7a9 to your computer and use it in GitHub Desktop.
Save msankhala/4cf4fe7fbef8c7a4b54793a6c82bd7a9 to your computer and use it in GitHub Desktop.
Nginx Configuration with multiple port apps on same domain, with SSL.
# the IP(s) on which your node server is running. I chose port 3000.
upstream app_geoforce {
server 127.0.0.1:3000;
}
upstream app_pcodes{
server 127.0.0.1:3001;
}
#Point http requests to https
server {
listen 0.0.0.0:80;
server_name sub.domain.org;
server_tokens off;
return 301 https://$host$request_uri;
}
# the secure nginx server instance
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/public.crt;
ssl_certificate_key /etc/nginx/ssl/private.rsa;
server_name sub.domain.org;
access_log /var/log/nginx/myapp.log;
error_log /var/log/nginx/myapp_error.log;
# pass the request to the node.js server with the correct headers and much more can be added, see nginx config options
location /favicon.ico { alias /home/ubuntu/img/favicon_rc.ico; }
location / {
# auth_basic "Restricted";
# auth_basic_user_file /home/ubuntu/app/.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Ssl on;
proxy_pass https://app_geoforce;
proxy_redirect off;
}
location /pcodes/ {
rewrite /pcodes/(.*)$ /$1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Ssl on;
proxy_pass https://app_pcodes;
proxy_redirect off;
}
}
@fcoder
Copy link

fcoder commented Apr 7, 2023

(1) Why is the "location" for app_geoforce "/", but the "location" for app_pcodes is "/pcodes/"? Is it because the code for app_pcodes installed in a sub directory of the root directory for app_geoforce?

(2) What is the purpose of the following line?
rewrite /pcodes/(.*)$ /$1 break;

Thanks

@fcoder
Copy link

fcoder commented Apr 7, 2023

Should "https" in
proxy_pass https://app_geoforce;
proxy_pass https://app_pcodes;
be "http"? The nginx has already decrypted SSL data to clear data, it should relay the data to the proxied servers with http.

@msankhala
Copy link
Author

Yes proxy_pass should be done with http instead of https.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment