Skip to content

Instantly share code, notes, and snippets.

@rhoboat

rhoboat/nginx_conf.md

Last active January 27, 2017 23:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rhoboat/8170458a34c363a2356f6f318c3f0409 to your computer and use it in GitHub Desktop.
Save rhoboat/8170458a34c363a2356f6f318c3f0409 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nginx_conf.md

Using nginx locally

brew install nginx
  • nginx.conf lives in /usr/local/etc/nginx/nginx.conf
  • Custom server setups go in /usr/local/etc/nginx/servers/*.conf
server {
  listen       8080;
  server_name  mywebsite.local.com;

  location / {
    root   /Users/path/to/dir/;
    index  index.html index.htm;
  }

  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
    root   html;
  }
}
  • server_name must exist in /private/etc/hosts
  • location sets up a route and describes where it should point. root sub-attribute should be a path from / to your project on your local machine.
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##

127.0.0.1 localhost

# mywebsite
127.0.0.1 mywebsite.local.com
Raw
nginx_conf_for_node.md

Using nginx with node locally

Assuming I am starting my node server on localhost, port 3000, this is what goes in my custom nginx server config inside of /user/local/etc/nginx/servers/whatever.conf:

upstream my_nodejs_upstream {
    server 127.0.0.1:3000;
    keepalive 64;
}

server {
    listen 8080;
    server_name whatever.io; # this needs to be a host in /private/etc/hosts
    root /Users/archana/Development/root-of-my-app;
    
    location / {
    	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    	proxy_set_header Host $http_host;
    	proxy_set_header X-NginX-Proxy true;
    	proxy_http_version 1.1;
    	proxy_set_header Upgrade $http_upgrade;
    	proxy_set_header Connection "upgrade";
    	proxy_max_temp_file_size 0;
    	proxy_pass http://my_nodejs_upstream/; # this needs to match the upstream block
    	proxy_redirect off;
    	proxy_read_timeout 240s;
    }
}
Raw
server_notes.md

CORS

You only need Cross-Origin Resource Sharing (CORS) or JSONP if JavaScript which is client side and in a webpage needs to make an HTTP request to an HTTP server with a different origin (scheme, hostname and/or port). (Exception: If it is a simple request and you do not need the response data to be available to the JS).

If the JavaScript error console complains about Origin foo is not allowed by Access-Control-Allow-Origin, you need CORS.

Same-Origin Policy (SOP) allows any JavaScript to make an HTTP request to the origin of the page into which it is loaded. The JavaScript could be hosted on a different origin, but it is still loaded into a page whose origin it makes the request to. The origin is determined by the URL of HTML document the script is loaded into, not the URL the script is loaded from.

So you don't need CORS if you're providing a client-side script to a customer that hits the customer's API. You do need CORS if that script is loaded on the customer's origin and makes a request to your API.

Websocket

SOP/CORS does not apply to WebSocket, but browsers will send an origin header that contains the hostname of the server that served the HTML with the JS that opened the WebSocket connection. A WebSocket server can then restrict access by checking origin.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment