1
1
mirror of https://github.com/namibia/awesome-cheatsheets.git synced 2024-11-21 12:25:14 +00:00
awesome-cheatsheets/tools/nginx.sh
Steven Tracey c64afd2158
Use http2
http2 is a more secure connection and in some cases can improve load times.
2021-09-29 10:10:15 -04:00

216 lines
5.0 KiB
Bash

##############################################################################
# NGINX
# DOCUMENTATION: https://nginx.org/en/docs/
##############################################################################
sudo nginx -t # Check syntax
sudo systemctl status nginx # nginx current status
sudo systemctl reload nginx # Reload nginx
sudo systemctl restart nginx # Restart nginx
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/ # Link website
# *****************************************************************************
# General Settings
# *****************************************************************************
# Ports
server {
# Use HTTP protocol
listen 80;
# Use HTTPS protocol
listen 443 ssl;
# Listen on port 80 using IPv6
listen [::]:80;
# Listen on port 80 using **only** IPv6
listen [::]:80 ipv6only=on;
}
# Domain name (server_name)
server {
# Listen to example.com
server_name example.com;
# Listen to multiple domains
server_name example.com www.example.com;
# Listen to all sub-domains
server_name *.example.com;
# Listen to all top-level domains
server_name example.*;
# Listen to unspecified hostnames (listens to IP address itself)
server_name "";
}
# *****************************************************************************
# Serving Files
# *****************************************************************************
# Static assets (traditional web server)
server {
listen 80;
server_name example.com;
root /path/to/website;
# root /www/data/ for example
# If there's no 'root' inside, it will look for /www/data/index.html
location / {
}
# If there's no 'root' inside, it will look for /www/data/images/index.html
location /images/ {
}
# Since there's 'root' inside, it will look for /www/media/videos/index.html
location /videos/ {
root /www/media;
}
}
# *****************************************************************************
# Redirects
# *****************************************************************************
# 301 Permanent
server {
# Redirect www.example.com to example.com
listen 80;
server_name www.example.com;
return 301 http://example.com$request_uri;
}
server {
# Redirect http to https
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
# 302 Temporary
server {
listen 80;
server_name yourdomain.com;
return 302 http://otherdomain.com;
}
# *****************************************************************************
# Reverse proxy
# *****************************************************************************
# Useful for Node.js, Streamlit, Jupyter, etc
# Basic
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://0.0.0.0:3000;
# where 0.0.0.0:3000 is your Node.js Server bound on 0.0.0.0 listing on port 3000
}
}
# Basic + (upstream)
upstream node_js {
server 0.0.0.0:3000;
# where 0.0.0.0:3000 is your Node.js Server bound on 0.0.0.0 listing on port 3000
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://node_js;
}
}
# Upgraded Connection (useful for applications with support for WebSockets)
upstream node_js {
server 0.0.0.0:3000;
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://node_js;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
# *****************************************************************************
# HTTPS Protocol
# *****************************************************************************
# The majority of SSL options depend on what your application does or needs
server {
listen 443 ssl http2;
server_name example.com;
ssl on;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/fullchain.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
add_header Strict-Transport-Security max-age=15768000;
}
# Permanent redirect to HTTPS secured domain
server {
listen 80;
server_name yourdomain.com;
return 301 https://$host$request_uri;
}
# You can easily secure you website/app using Let's Encrypt.
# Go https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx.html for more information
# *****************************************************************************
# Load Balancing
# *****************************************************************************
# Useful for large applications running in multiple instances. Below example is for reverse proxy
upstream node_js {
server 0.0.0.0:3000;
server 0.0.0.0:4000;
server 127.155.142.421;
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://node_js;
}
}