Last active
October 12, 2017 06:11
-
-
Save nbomberger/0f5559b3255abe6f20067a493fa5716b to your computer and use it in GitHub Desktop.
Example nginx configs with Rails 5.1 API only server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Configure the reverse-proxy on port 443 | |
# Supports CORS | |
# check it by running nginx -t -c nginx.conf | |
# restart nginx by runnging sudo service nginx restart | |
server { | |
# general configs | |
keepalive_timeout 30; | |
listen 127.0.0.1:443 ssl; | |
server_name api.example.com; # domain name goes here | |
# ssl configs | |
ssl_certificate /path/to/api.crt; # could also be .cer file must be apple compliant | |
ssl_certificate_key /path/to/api.key; # | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 10m; | |
# proxy to the rails API | |
location / { | |
# proxy to the rails application | |
client_max_body_size 8M; | |
proxy_pass http://127.0.0.1:3000; | |
# set additional security headers | |
add_header 'Cache-Control' 'no-cache, no-store, must-revalidate'; | |
add_header 'Content-Security-Policy' 'connect-src example.com'; | |
add_header 'Expires' '0'; | |
add_header 'Pragma' 'no-cache'; | |
add_header 'Strict-Transport-Security' 'max-age=31536000; includeSubDomains'; | |
add_header 'X-Content-Type-Options' 'nosniff'; | |
add_header 'X-Frame-Options' 'DENY'; | |
add_header 'X-XSS-Protection' '1; mode=block'; | |
} | |
# logs paths | |
access_log /path/to/access.log; | |
error_log /path/to/error.log; | |
} | |
# Rewrite all trafic on port 80 to 443 | |
server { | |
listen 127.0.0.1:80; | |
server_name api.example.com; | |
rewrite ^ https://$server_name:3000$request_uri? permanent; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment