My common nginx configs

README.md

TLS certificate

openssl req -x509 -nodes -days 36500 -newkey rsa:2048 \
  -keyout nginx.key -out nginx.crt -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost"

default.conf

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	server_name _;
	return 444;
}

server {
	listen 443 ssl;
	listen [::]:443 ssl;
	ssl_certificate /etc/nginx/ssl/nginx.crt;
	ssl_certificate_key /etc/nginx/ssl/nginx.key;
	server_name _;
	return 444;
}

nginx.conf

#- Default reverse proxy
location / {
proxy_pass http://127.0.0.1:3000;
include proxy_params;
}

#- Reverse proxy w/ path + path removal
location /api {
# Removes /api prefix
rewrite ^/api/(.*) /$1 break;
proxy_pass http://127.0.0.1:3032;
include proxy_params;
}

#- Remove www. prefix
if ($host = www.example.com) {
return 301 https://example.com$request_uri;
}

#- Certbot HTTPS no email
server_name example.com www.example.com;
# then run following commands
# $ sudo apt install nginx certbot python3-certbot-nginx
# $ certbot --nginx -d example.com -d www.example.com --register-unsafely-without-email

#- Minimal nginx server
server {
listen 80;
listen [::]:80;
server_name example.com;
add_header Content-Type "text/plain; charset=utf-8";
return 200 'healthy\n';
}