-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvirtual.conf
160 lines (132 loc) · 4.56 KB
/
virtual.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
server {
listen 80;
listen [::]:80;
server_name example.de example2.de;
return 301 https://$server_name$request_uri;
}
upstream myApp_en {
# point to the running node
server 127.0.0.1:8888;
}
server {
# users using this port and domain will be directed to the node app defined above
# listen 80 default_server;
# listen [::]:80 default_server ipv6only=on;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
# If you want to run more then one node app, they either have to be assigned different web domains (server_name) or ports!
server_name example.de;
# Adding the SSL Certificates
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;
ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;
# set the default public directory for your node
root /opt/myApp_en/build/public;
# Optimizing Nginx for Best Performance
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 1h;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_pass http://myApp_en;
proxy_redirect off;
proxy_read_timeout 240s;
# Authentication can be activated during development
# auth_basic "Username and Password are required";
# the user login has to be generated
# auth_basic_user_file /etc/nginx/.htpasswd;
}
# use NGINX to cache static resources that are requested regularly
location ~* \.(css|js|jpg|png|ico)$ {
expires 168h;
}
}
upstream myApp_de {
# point to the second running node
server 127.0.0.1:8484;
}
server {
# users using this port and domain will be directed to the second node app
# listen 80;
# listen [::]:8080 ipv6only=on;
listen 443 ssl http2;
# The IPv6 address is unique - only one app can use the default port 443!
listen [::]:444 ssl http2;
server_name example2.de;
# adding the SSL Certificates
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;
ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;
# set the default public directory for your second node
root /opt/myApp_de/build/public;
# optimizing Nginx for Best Performance
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 1h;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_pass http://myApp_de;
proxy_redirect off;
proxy_read_timeout 240s;
# auth_basic "Username and Password are required";
# auth_basic_user_file /etc/nginx/.htpasswd;
}
# use NGINX to cache static resources that are requested regularly
location ~* \.(css|js|jpg|png|ico)$ {
expires 168h;
}
}
upstream elasticsearch {
# point to the second running node
server 127.0.0.1:9200;
}
server {
# users using this port will be directed to Elasticsearch
listen 8080;
listen [::]:8080 ipv6only=on;
server_name SERVER_IP_ADDRESS;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_read_timeout 240s;
auth_basic "Username and Password are required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
server {
# users using this port and will be directed to Elasticsearch/Kibana
listen 8181;
listen [::]:8181 ipv6only=on;
server_name SERVER_IP_ADDRESS;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}