...
Configuring Nginx as a reverse-proxy using the self-signed SSL certificate
Example configurations
...
Code Block |
---|
# CentOS sudo yum -y update sudo yum install -y epel-release sudo yum install -y nginx # Amazon Linux 2 # sudo amazon-linux-extras install nginx1.12 # Ubuntu # sudo apt update # sudo apt install nginx |
Configuring Nginx as Reverse-Proxy
Configuration of Nginx is modular. Global configuration is located in /etc/nginx/nginx.conf
. One could create server
blocks in this file. However, a better practice is to separate server
definitions in separate configuration files that are sourced into the main configuration when it starts.
...
Code Block |
---|
export CERT_KEY='/etc/pki/tls/private/domain.key' # Default CentOS certificate key export CERT='/etc/pki/tls/certs/domain.crt' # Default CentOS certificate path export SERVER_FQDN="{{ .serverFqdn }}" export BACKEND_PORT="{{ .backEndPort }}" # change {{}} to the port the webapp is listening on. sudo tee /etc/nginx/conf.d/reverse-proxy-tls.conf<<-EOF upstream backend { server localhost:${BACKEND_PORT}; } server { listen 80; listen [::]:80; server_name ${SERVER_FQDN}; # redirect all HTTP requests to HTTPS with a 301 Moved Permanently response. return 301 https://${SERVER_FQDN}\$request_uri; } server { listen 443; server_name ${SERVER_FQDN}; ssl on; ssl_session_cache shared:SSL:40m; ssl_session_timeout 4h; ssl_protocols TLSv1.2; ssl_ciphers ECDH+AESGCM:ECDH+AES256-CBC:ECDH+AES128-CBC:DH+3DES:!ADH:!AECDH:!MD5; ssl_prefer_server_ciphers on; ssl_certificate ${CERT}; ssl_certificate_key ${CERT_KEY}; access_log /var/log/nginx/${SERVER_FQDN//./_}.log; error_log /var/log/nginx/${SERVER_FQDN//./_}-error.log error; location / { proxy_pass http://backend; proxy_buffers 16 4k; proxy_buffer_size 2k; proxy_set_header Host \$http_host; proxy_set_header ServerName \$server_name; proxy_set_header ServerPort 443; proxy_set_header X-Real-IP: \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Scheme https; proxy_set_header X-Forwarded-URL-Scheme https; proxy_redirect default; } } EOF |
...
Example Configurations
Example: uWSGI
Code Block |
---|
server { # .... Omitted location / { include uwsgi_params; uwsgi_pass unix:///home/klo9/webapp/webapp.sock; } } |
...