Skip to content

Commit ba7ff85

Browse files
SimulatedGREGSimulatedGREG
authored
🎉 initial commit
0 parents  commit ba7ff85

File tree

1 file changed

+252
-0
lines changed

1 file changed

+252
-0
lines changed

README.md

+252
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,252 @@
1+
# nginx-cheatsheet
2+
> A quick reference to common server configurations from serving static files to using in congruency with Node.js applications.
3+
4+
Each configuration below is written with minimum requirements for their described function. Please know that real world applications will most likely use a combination of these settings. This cheatsheet is meant to provide a general overview of how to setup specific features of nginx.
5+
6+
These configurations are meant to be used as **Name-Based Virtual Hosts**, saved within `/etc/nginx/sites-enabled`.
7+
8+
#### Table of Configurations
9+
* [General Settings](#general-settings)
10+
* [Port (`listen`)](#port-listen)
11+
* [Domain name (`server_name`)](#domain-name-server_name)
12+
* [Access Logging (`access_log`)](#access-logging-access_log)
13+
* [Miscellaneous (`gzip`, `client_max_body_size`)](#miscellaneous-gzip-client_max_body_size)
14+
* [Serving Files](#serving-files)
15+
* [Static assets](#static-assets)
16+
* [Static assets with HTML5 History Mode](#static-assets-with-html5-history-mode)
17+
* [Redirects](#redirects)
18+
* [`301` Permanent](#301-permanent)
19+
* [`302` Temporary](#302-temporary)
20+
* [Redirect on specific URL](#redirect-on-specific-url)
21+
* [Reverse Proxy](#reverse-proxy)
22+
* [Basic](#basic)
23+
* [Basic+](#basic-1)
24+
* [Upgraded Connection (Recommended for Node.js Applications)](#upgraded-connection-recommended-for-nodejs-applications)
25+
* [TLS/SSL (HTTPS)](#tlsssl-https)
26+
* [Basic](#basic-2)
27+
* [Large Scale Applications](#large-scale-applications)
28+
* [Load Balancing](#load-balancing)
29+
30+
## General Settings
31+
#### Port (`listen`)
32+
```nginx
33+
server {
34+
# standard HTTP protocol
35+
listen 80;
36+
37+
# standard HTTPS protocol
38+
listen 443 ssl;
39+
40+
# listen on 80 using IPv6
41+
listen [::]:80;
42+
43+
# listen only on IPv6
44+
listen [::]:80 ipv6only=on;
45+
}
46+
```
47+
#### Domain name (`server_name`)
48+
```nginx
49+
server {
50+
# Listen to yourdomain.com
51+
server_name yourdomain.com;
52+
53+
# Listen to multiple domains
54+
server_name yourdomain.com www.yourdomain.com;
55+
56+
# Listen to all sub-domains
57+
server_name *.yourdomain.com;
58+
59+
# Listen to all top-level domains
60+
server_name yourdomain.*;
61+
62+
# Listen to unspecified hostnames (listens to IP address itself)
63+
server_name "";
64+
}
65+
```
66+
#### Access Logging (`access_log`)
67+
```nginx
68+
server {
69+
# Relative or full path to log file
70+
access_log /path/to/file.log;
71+
72+
# Turn 'on' or 'off'
73+
access_log on;
74+
}
75+
```
76+
#### Miscellaneous (`gzip`, `client_max_body_size`)
77+
```nginx
78+
server {
79+
# Turn gzip compression 'on' or 'off'
80+
gzip on;
81+
82+
# Limit client body size to 10mb
83+
client_max_body_size 10M;
84+
}
85+
```
86+
## Serving Files
87+
#### Static assets
88+
The traditional web server.
89+
```nginx
90+
server {
91+
listen 80;
92+
server_name yourdomain.com;
93+
94+
location / {
95+
root /path/to/website;
96+
}
97+
}
98+
```
99+
100+
#### Static assets with HTML5 History Mode
101+
Useful for Single-Page Applications like Vue, React, Angular, etc.
102+
```nginx
103+
server {
104+
listen 80;
105+
server_name yourdomain.com;
106+
root /path/to/website;
107+
108+
location / {
109+
try_files $uri $uri/ /index.html;
110+
}
111+
}
112+
```
113+
114+
## Redirects
115+
#### `301` Permanent
116+
Useful for handling `www.yourdomain.com` vs. `yourdomain.com` or redirecting `http` to `https`. In this case we will redirect `www.yourdomain.com` to `yourdomain.com`.
117+
```nginx
118+
server {
119+
listen 80;
120+
server_name www.yourdomain.com;
121+
return 301 http://yourdomain.com$request_uri;
122+
}
123+
```
124+
#### `302` Temporary
125+
```nginx
126+
server {
127+
listen 80;
128+
server_name yourdomain.com;
129+
return 302 http://otherdomain.com;
130+
}
131+
```
132+
#### Redirect on specific URL
133+
Can be permanent (`301`) or temporary (`302`).
134+
```nginx
135+
server {
136+
listen 80;
137+
server_name yourdomain.com;
138+
139+
location /redirect-url {
140+
return 301 http://otherdomain.com;
141+
}
142+
}
143+
```
144+
## Reverse Proxy
145+
Useful for Node.js applications like express.
146+
147+
#### Basic
148+
```nginx
149+
server {
150+
listen 80;
151+
server_name yourdomain.com;
152+
153+
location / {
154+
proxy_pass http://0.0.0.0:3000;
155+
# where 0.0.0.0:3000 is your Node.js Server bound on 0.0.0.0 listing on port 3000
156+
}
157+
}
158+
```
159+
160+
#### Basic+
161+
```nginx
162+
upstream node_js {
163+
server 0.0.0.0:3000;
164+
# where 0.0.0.0:3000 is your Node.js Server bound on 0.0.0.0 listing on port 3000
165+
}
166+
167+
server {
168+
listen 80;
169+
server_name yourdomain.com;
170+
171+
location / {
172+
proxy_pass http://node_js;
173+
}
174+
}
175+
```
176+
177+
#### Upgraded Connection (Recommended for Node.js Applications)
178+
Useful for Node.js applications with support for WebSockets like socket.io.
179+
```nginx
180+
upstream node_js {
181+
server 0.0.0.0:3000;
182+
}
183+
184+
server {
185+
listen 80;
186+
server_name yourdomain.com;
187+
188+
location / {
189+
proxy_pass http://node_js;
190+
proxy_redirect off;
191+
proxy_http_version 1.1;
192+
proxy_set_header Upgrade $http_upgrade;
193+
proxy_set_header Connection "upgrade";
194+
proxy_set_header Host $host;
195+
196+
# not required but useful for applications with heavy WebSocket usage
197+
# as it increases the default timeout configuration of 60
198+
proxy_read_timeout 80;
199+
}
200+
}
201+
```
202+
## TLS/SSL (HTTPS)
203+
#### Basic
204+
**The below configuration is only an example of what a TLS/SSL setup should look like. Please do not take these settings as the perfect secure solution for your applications. Please do research the proper settings that best fit with your Certificate Authority.**
205+
206+
If you are looking for free SSL certificates, [**Let's Encrypt**](https://letsencrypt.org/) is a free, automated, and open Certificate Authority. Also, here is a wonderful [step-by-step guide from Digital Ocean](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04) on how to setup TLS/SSL on Ubuntu 16.04.
207+
```nginx
208+
server {
209+
listen 443 ssl;
210+
server_name yourdomain.com;
211+
212+
ssl on;
213+
214+
ssl_certificate /path/to/cert.pem;
215+
ssl_certificate_key /path/to/privkey.pem;
216+
217+
ssl_stapling on;
218+
ssl_stapling_verify on;
219+
ssl_trusted_certificate /path/to/fullchain.pem;
220+
221+
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
222+
ssl_session_timeout 1d;
223+
ssl_session_cache shared:SSL:50m;
224+
add_header Strict-Transport-Security max-age=15768000;
225+
}
226+
227+
# Permanent redirect for HTTP to HTTPS
228+
server {
229+
listen 80;
230+
server_name yourdomain.com;
231+
return 301 https://$host$request_uri;
232+
}
233+
```
234+
## Large Scale Applications
235+
#### Load Balancing
236+
Useful for large applications running multiple instances.
237+
```nginx
238+
upstream node_js {
239+
server 0.0.0.0:3000;
240+
server 0.0.0.0:4000;
241+
server 123.131.121.122;
242+
}
243+
244+
server {
245+
listen 80;
246+
server_name yourdomain.com;
247+
248+
location / {
249+
proxy_pass http://node_js;
250+
}
251+
}
252+
```

0 commit comments

Comments
 (0)