Nginx
To configure nginx as a reverse proxy, we need to create a new file (e.g. app
) in the directory /etc/nginx/sites-enabled
.
Info
Don't forget to replace the placeholders with the actual values:
[DOMAIN]
Domain name (e.g. app.example.com)[CLIENT_WEB_PORT]
: Port of the client web application.[SERVER_CORE_PORT]
: Port of the server core application.
txt
map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}
server {
server_name [DOMAIN];
listen 80;
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:[CLIENT_WEB_PORT];
}
location /api/ {
rewrite ^/api(/.*)$ $1 break;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 2m;
proxy_connect_timeout 2m;
proxy_pass http://127.0.0.1:[SERVER_CORE_PORT];
}
}
map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}
server {
server_name [DOMAIN];
listen 80;
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:[CLIENT_WEB_PORT];
}
location /api/ {
rewrite ^/api(/.*)$ $1 break;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 2m;
proxy_connect_timeout 2m;
proxy_pass http://127.0.0.1:[SERVER_CORE_PORT];
}
}
Certificate
The easiest way to set up a certificate is with the help of certbot. On a Linux based system, letsencrypt can be installed with the following command.
shell
sudo apt install certbot python3-certbot-nginx
sudo apt install certbot python3-certbot-nginx
A certificate can be requested and installed with the following command.
shell
sudo certbot --nginx -d [DOMAIN]
sudo certbot --nginx -d [DOMAIN]