Created
January 30, 2018 07:17
-
-
Save gtarun/412c556d0d5361770d39788c33e7d42a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
# You should look at the following URL's in order to grasp a solid understanding | |
# of Nginx configuration files in order to fully unleash the power of Nginx. | |
# http://wiki.nginx.org/Pitfalls | |
# http://wiki.nginx.org/QuickStart | |
# http://wiki.nginx.org/Configuration | |
# | |
# Generally, you will want to move this file somewhere, and start with a clean | |
# file but keep this around for reference. Or just disable in sites-enabled. | |
# | |
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. | |
## | |
# Default server configuration | |
# | |
#http to https | |
server { | |
listen 80 default_server; | |
listen [::]:80 default_server; | |
# server_name _; | |
return 301 https://$host$request_uri; | |
} | |
upstream backend { | |
least_conn; | |
server localhost:1336; | |
server localhost:1338; | |
server localhost:1337; | |
server localhost:1335; | |
} | |
#server { | |
#listen 80 default_server; | |
#listen [::]:80 default_server; | |
# SSL configuration | |
# | |
# listen 443 ssl default_server; | |
# listen [::]:443 ssl default_server; | |
# | |
# Note: You should disable gzip for SSL traffic. | |
# See: https://bugs.debian.org/773332 | |
# | |
# Read up on ssl_ciphers to ensure a secure configuration. | |
# See: https://bugs.debian.org/765782 | |
# | |
# Self signed certs generated by the ssl-cert package | |
# Don't use them in a production server! | |
# | |
# include snippets/snakeoil.conf; | |
#root /var/www/html; | |
# Add index.php to the list if you are using PHP | |
#index index.html index.htm index.nginx-debian.html; | |
#server_name _; | |
#location / { | |
# First attempt to serve request as file, then | |
# as directory, then fall back to displaying a 404. | |
#try_files $uri $uri/ =404; | |
#} | |
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 | |
# | |
#location ~ \.php$ { | |
# include snippets/fastcgi-php.conf; | |
# | |
# # With php7.0-cgi alone: | |
# fastcgi_pass 127.0.0.1:9000; | |
# # With php7.0-fpm: | |
# fastcgi_pass unix:/run/php/php7.0-fpm.sock; | |
#} | |
# deny access to .htaccess files, if Apache's document root | |
# concurs with nginx's one | |
# | |
#location ~ /\.ht { | |
# deny all; | |
#} | |
#} | |
# Virtual Host configuration for example.com | |
# | |
# You can move that to a different file under sites-available/ and symlink that | |
# to sites-enabled/ to enable it. | |
# | |
server { | |
listen 80; | |
#server_name my.domain.com; | |
return 301 https://$server_name$request_uri; | |
} | |
server { | |
#listen 80; | |
#listen [::]:80; | |
listen 443 ssl; | |
server_name api-n.outgrow.co; | |
ssl_certificate /etc/nginx/ssl/nginx.crt; | |
ssl_certificate_key /etc/nginx/ssl/nginx.key; | |
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_protocols TLSv1.2 TLSv1.1 TLSv1; | |
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; | |
ssl_prefer_server_ciphers on; | |
gzip on; | |
gzip_http_version 1.1; | |
gzip_comp_level 5; | |
gzip_vary on; | |
gzip_proxied any; | |
gzip_min_length 10; | |
gzip_buffers 16 8k; | |
gzip_types text/plain text/css application/json application/x-javascript text/javascript image/png image/gif image/x-icon; | |
location / { | |
proxy_pass http://backend; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection 'upgrade'; | |
proxy_set_header Host $host; | |
proxy_cache_bypass $http_upgrade; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-NginX-Proxy true; | |
} | |
} | |
# Server for Cron | |
server { | |
#listen 80; | |
#listen [::]:80; | |
listen 443 ssl; | |
server_name api-c.outgrow.co; | |
ssl_certificate /etc/nginx/ssl/nginx.crt; | |
ssl_certificate_key /etc/nginx/ssl/nginx.key; | |
gzip on; | |
gzip_http_version 1.1; | |
gzip_comp_level 5; | |
gzip_vary on; | |
gzip_proxied any; | |
gzip_min_length 10; | |
gzip_buffers 16 8k; | |
gzip_types text/plain text/css application/json application/x-javascript text/javascript image/png image/gif image/x-icon; | |
location / { | |
proxy_pass http://localhost:1340; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection 'upgrade'; | |
proxy_set_header Host $host; | |
proxy_cache_bypass $http_upgrade; | |
proxy_set_header X-Real-IP $remote_addr; | |
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-NginX-Proxy true; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment