Cấu hình Nginx chuẩn cho Nodejs



  • Cho mình hỏi các bác cấu hình Nginx Config cho Nodejs như thế nào vậy?

    Có những tiêu chuẩn gì cần lưu ý.

    Dưới đây là một số config http và ssl mà mình đang dùng tham khảo với các bác (y)

    ######################## http.conf ######################
    server {
    listen 80;
    server_name xxx.vn;

    access_log /var/log/nginx/xxx.access.log main;
    error_log /var/log/nginx/xxx.error.log error;

    root /opt;
    location / {
    proxy_pass http://127.0.0.1:XXX/;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_read_timeout 300s;
    proxy_cache_bypass $http_upgrade;
    }
    }

    ######################## SSL xxx.conf ######################

    server {
    listen 443 ssl http2;
    server_name xxx.vn;
    ssl_certificate /etc/letsencrypt/live/xxx.vn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxx.vn/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers EECDH+CHACHA20...!MD5;

    #Improve HTTPS performance with session resumption
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;

    #DH parameters
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
    #Enable HSTS
    add_header Strict-Transport-Security "max-age=31536000" always;

    access_log /var/log/nginx/xxx.vn.access.log main;
    error_log /var/log/nginx/xxx.vn.error.log error;

    root /opt;
    location / {
    proxy_pass http://127.0.0.1:XXX;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_read_timeout 300s;
    proxy_cache_bypass $http_upgrade;
    }
    location /install_sensu {
    try_files $uri /install_sensu.sh;
    }
    }

    server {
    listen 80;
    server_name xxx.vn;
    rewrite ^(.*) https://xxx.vn$1 permanent;
    }

    ####################### default.conf ##############################
    server {
    listen 80;
    server_name localhost;

    #charset koi8-r;
    #access_log /var/log/nginx/log/host.access.log main;

    location / {
    root /usr/share/nginx/html;
    index index.html index.htm;
    }

    #error_page 404 /404.html;

    #redirect server error pages to the static page /50x.html

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    root /usr/share/nginx/html;
    }

    #proxy the PHP scripts to Apache listening on 127.0.0.1:80

    #location ~ .php$ {
    #proxy_pass http://127.0.0.1;
    #}

    #pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

    #location ~ .php$ {
    #root html;
    #fastcgi_pass 127.0.0.1:9000;
    #fastcgi_index index.php;
    #fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
    #include fastcgi_params;
    #}

    #deny access to .htaccess files, if Apache's document root
    #concurs with nginx's one

    #location ~ /.ht {
    #deny all;
    #}
    }

    ######################## SSL ##############################
    server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;
    server_name  example.com www.example.com;
    
      listen 443 ssl; # managed by Certbot
    

    RSA certificate

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    
    # Redirect non-https traffic to https
    # if ($scheme != "https") {
    #     return 301 https://$host$request_uri;
    # } # managed by Certbot

    @AntoniD

    0

Log in to reply