Last active
December 18, 2015 09:18
-
-
Save naveen/5759939 to your computer and use it in GitHub Desktop.
nginx http+https (www.* and api.*)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Generate Certificates | |
| To generate private (dummy) certificates you can perform the following list of openssl commands. | |
| First change directory to where you want to create the certificate and private key, for example: | |
| $ cd /usr/local/nginx/conf | |
| Now create the server private key: | |
| $ openssl genrsa -out server.key 2048 | |
| You can also create a private key with a passphrase, but you will need to enter it every time you start nginx: | |
| $ openssl genrsa -des3 -out server.key 2048 | |
| Create the Certificate Signing Request (CSR): | |
| $ openssl req -new -key server.key -out server.csr | |
| Finally sign the certificate using the above private key and CSR: | |
| $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt | |
| Update Nginx configuration by including the newly signed certificate and private key: | |
| server { | |
| server_name YOUR_DOMAINNAME_HERE; | |
| listen 443; | |
| ssl on; | |
| ssl_certificate /usr/local/nginx/conf/server.crt; | |
| ssl_certificate_key /usr/local/nginx/conf/server.key; | |
| } | |
| Restart Nginx. | |
| Now we're ready to access the above host using: | |
| https://YOUR_DOMAINNAME_HERE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name localhost; | |
| #charset koi8-r; | |
| #access_log /var/log/nginx/log/host.access.log main; | |
| location / { | |
| root /usr/share/nginx/html; | |
| index index.html index.htm; | |
| } | |
| #error_page 404 /404.html; | |
| # redirect server error pages to the static page /50x.html | |
| # | |
| error_page 500 502 503 504 /50x.html; | |
| location = /50x.html { | |
| root /usr/share/nginx/html; | |
| } | |
| # proxy the PHP scripts to Apache listening on 127.0.0.1:80 | |
| # | |
| #location ~ \.php$ { | |
| # proxy_pass http://127.0.0.1; | |
| #} | |
| # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 | |
| # | |
| #location ~ \.php$ { | |
| # root html; | |
| # fastcgi_pass 127.0.0.1:9000; | |
| # fastcgi_index index.php; | |
| # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; | |
| # include fastcgi_params; | |
| #} | |
| # deny access to .htaccess files, if Apache's document root | |
| # concurs with nginx's one | |
| # | |
| #location ~ /\.ht { | |
| # deny all; | |
| #} | |
| } | |
| server { | |
| listen 443 ssl; | |
| server_name localhost; | |
| ssl on; | |
| ssl_certificate /etc/nginx/naveen-ssl.crt; | |
| ssl_certificate_key /etc/nginx/naveen-ssl.key; | |
| ssl_session_timeout 5m; | |
| ssl_protocols SSLv2 SSLv3 TLSv1; | |
| ssl_ciphers HIGH:!aNULL:!MD5; | |
| ssl_prefer_server_ciphers on; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user nginx; | |
| worker_processes 1; | |
| error_log /var/log/nginx/error.log warn; | |
| pid /var/run/nginx.pid; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| include /etc/nginx/mime.types; | |
| default_type application/octet-stream; | |
| log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
| '$status $body_bytes_sent "$http_referer" ' | |
| '"$http_user_agent" "$http_x_forwarded_for"'; | |
| access_log /var/log/nginx/access.log main; | |
| sendfile on; | |
| #tcp_nopush on; | |
| keepalive_timeout 65; | |
| gzip on; | |
| include /etc/nginx/conf.d/*.conf; | |
| include /etc/nginx/sites-enabled/*; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream api.naveen.com { | |
| ip_hash; | |
| server api1.naveen.com:8000 fail_timeout=0; | |
| server api2.naveen.com:8000 fail_timeout=0; | |
| } | |
| server { | |
| listen 80; | |
| listen 443; | |
| server_name api.naveen.com; | |
| access_log /var/log/nginx/api.naveen.com.access.log; | |
| location / { | |
| proxy_pass http://api.naveen.com/; | |
| proxy_next_upstream error timeout invalid_header http_500; | |
| proxy_connect_timeout 2; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_intercept_errors on; | |
| } | |
| } | |
| upstream naveen.com { | |
| ip_hash; | |
| server api1.naveen.com:8001 fail_timeout=0; | |
| server api2.naveen.com:8001 fail_timeout=0; | |
| } | |
| server { | |
| listen 80; | |
| listen 443; | |
| server_name naveen.com; | |
| access_log /var/log/nginx/naveen.com.access.log; | |
| location / { | |
| proxy_pass http://naveen.com/; | |
| proxy_next_upstream error timeout invalid_header http_500; | |
| proxy_connect_timeout 2; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_intercept_errors on; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment