Last active
October 27, 2017 04:18
-
-
Save nethoncho/59838383cb8f063143c6655529978623 to your computer and use it in GitHub Desktop.
Meteor nginx application proxy on Ubuntu 16.04.3 LTS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Use sudo before each command if not logged in as root | |
| # | |
| # Install nginx https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04 | |
| apt-get update | |
| apt-get install nginx | |
| # Check that HTTP port 80 and HTTPS port 443 are open | |
| ufw app status | |
| # Make sure nginx starts on boot | |
| systemctl enable nginx | |
| # Install certbot https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04 | |
| add-apt-repository ppa:certbot/certbot | |
| apt-get update | |
| apt-get install python-certbot-ngin | |
| # Edit /etc/nginx/sites-available/default | |
| # Find server_name _; and replace _; with your domain. | |
| # server_name example.com www.example.com; | |
| systemctl reload nginx | |
| # Run certbot | |
| # Note: the current version of certbot will setup cron for you so it will automatically renew your certificates | |
| # Choose redirects from http to https when certbot asks | |
| certbot --nginx -d example.com | |
| systemctl reload nginx | |
| # See the included example nginx config | |
| # Now just start your meteor application with a non root user | |
| # meteor defaults to port 3009 | |
| meteor run |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # File /etc/nginx/sites-available/default | |
| server { | |
| listen 80 default_server; | |
| listen [::]:80 default_server; | |
| # Some options are not needed but left overs from the default install | |
| root /var/www/html; | |
| index index.html; | |
| server_name example.com; | |
| location / { | |
| # proxy_set_header X-Forwarded-For $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header Host $http_host; | |
| proxy_pass http://127.0.0.1:3000; | |
| # configure websockets handling | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| } | |
| listen 443 ssl; # managed by Certbot | |
| ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot | |
| ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot | |
| include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
| if ($scheme != "https") { | |
| return 301 https://$host$request_uri; | |
| } # managed by Certbot | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment