Nginx Configs

Mar 25, 2018 18:59 · 380 words · 2 minute read Nginx

Digital Ocean Source

Proxing to a pool of hosts

upstream backend_hosts {
    server host1.example.com;
    server host2.example.com;
    server host3.example.com;
}

server {
    listen 80;
    server_name example.com;

    location /proxy-me {
        proxy_pass http://backend_hosts;
    }
}

Caching proxied calls

# This is the origin server
server {
        listen 8000 default_server;
        listen [::]:80 default_server;
        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;
        server_name _;
        # Origin server sets the cache and the front facing cache server will use this number
        location ~* \.css {
                expires 5s;
                add_header Cache-Control "public";
        }
}
# Levels are for directory storage layout
# zone is name and size in megabyte
# inactive will remove caches that aren't fetched regularly
proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:10m inactive=60m;
proxy_cache_key "$scheme$request_method$host$request_uri";
server {
    listen 80;
    location / {
        proxy_cache my_zone;
        # This header will tell you if you hit or missed the cache
        add_header X-Proxy-Cache $upstream_cache_status;
        # url?nocache=true will punch through
        proxy_cache_bypass $arg_nocache;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header host      $http_host;
        proxy_pass       http://127.0.0.1:8000/;
    }
}

Proxy to a port

server {
    listen 80;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header host      $http_host;
        proxy_pass       http://127.0.0.1:8000/;
    }
}

PKI Validation (Cerbot)

server {
    listen 80;
    server_name www.example.com

    location /.well-known/ {
        proxy_pass http://localhost:8080;
    }
    location / {
        return 301 https://www.example.com
    }

Then run the command to test against certbot staging (allows for more retries)

sudo certbot certonly --standalone --test-cert --http-01-port 8080 --preferred-challenges http -d www.example.com

If this passes then remove the --test-cert directive

PKI Validation (File Based)

server {
    listen 80;
    server_name www.example.com

    location /.well-known/pki-validation {
        allow all;
        root /usr/share/nginx/html;
        try_files $uri =404;
    }

    location / {
        return 301 https://www.example.com
    }

Then place the file at /usr/share/nginx/html/.well-known/pki-validation

Redirect subdomain to another subdomain (sample.test.com -> sample.example.com)

server {
    listen 80;
    server_name ~^(?<sub>\w+)\.test\.com$;
    rewrite ^ $scheme://$sub.example.com$request_uri?;
}

Setup Maintenance Page

server {
    listen 80;
    server_name www.example.com;

    location / {
        root /folder/where/file/is;
        try_files $uri /maintenance.html;
    }

Entirely Replace nginx.conf file (for docker apps)

user  nginx;
worker_processes  1;


error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"'

    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    keepalive_timeout  65;
    gzip  on;

    server {
        listen       80;

        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }

}