Nginx conf with automatically renewed ssl certificate (cerbot) for NodeJS or React app (or any static files
# first install certbot and then run this command on your server | |
# certbot certonly --authenticator standalone --pre-hook "nginx -s stop" --post-hook "nginx" | |
# this will stop for a few seconds your nginx server and generate your Let's Encrypt ssl certificates, and configure | |
# cron so that certificates are renewed automatically \o/ | |
# now create your nginx conf for your nodejs app : | |
# on port 80 (http), redirect to httpS (443) | |
server { | |
if ($host = www.your-domain.com) { | |
return 301 https://$host$request_uri; | |
} | |
listen 80; | |
server_name www.your-domain.com; | |
return 404; # managed by Certbot | |
} | |
server { | |
server_name www.your-domain.com; | |
location / { | |
# serve the node process running on port 3000 | |
proxy_pass http://localhost:3000; | |
} | |
# use certificates managed by certbot | |
listen 443 ssl; # managed by Certbot | |
ssl_certificate /etc/letsencrypt/live/www.your-domain.com/fullchain.pem; # managed by Certbot | |
ssl_certificate_key /etc/letsencrypt/live/www.your-domain.com/privkey.pem; # managed by Certbot | |
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
} | |
This comment has been minimized.
This comment has been minimized.
Cache the ssl handshake
|
This comment has been minimized.
This comment has been minimized.
Add http2 outside but keep http 1.1 between the node app and nginx. Require => nginx 1.10.0 for http2 support
|
This comment has been minimized.
This comment has been minimized.
WebSocket support
|
This comment has been minimized.
This comment has been minimized.
load balancing
|
This comment has been minimized.
This comment has been minimized.
gzip
|
This comment has been minimized.
This comment has been minimized.
cache expires
|
This comment has been minimized.
This comment has been minimized.
@Goopil thx ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
get the incoming connection ip not the local one