-
Notifications
You must be signed in to change notification settings - Fork 0
Nginx
Johnson Fu edited this page Apr 1, 2020
·
13 revisions
to how how to configure NGINX as reverse proxy
edit the config file, in which located at \conf\nginx.conf
basic operations
run nginx to start the application
run nginx -t to check the syntax
run nginx -s reload to reload the configuration
run nginx -s stop to stop the server
import cert to java keystore for nginx
keytool -importcert -keystore cacerts -storepass changeit -file c:\xxxxxx\secure.crt
# basic setup
server{
listen 80;
server_name example.yourdomain.com;
location / {
proxy_pass http://www.your-real-domain.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_max_temp_file_size 0;
}
}
setup ssl to use as reverse proxy
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;
ssl_certificate private.crt;
ssl_certificate_key private.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
}
}
spring boot integration in application.yml
server:
port: 8080
use-forward-headers: true
tomcat:
remote-ip-header: "X-Forwarded-For"
protocol-header: "X-Forwarded-Proto"
add SameSite to cookie
https://serverfault.com/questions/849888/add-samesite-to-cookies-using-nginx-as-reverse-proxy
location / {
# your usual config ...
# hack, set all cookies to secure, httponly and samesite (strict or lax)
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
proxy_cookie_path /auth "/auth; secure; HttpOnly; SameSite=strict";
}
redirection
location = / {
return 301 /auth/admin/index.xhtml;
}
cache control in spring
@Configuration
@Slf4j
public class NoCacheFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate;");
chain.doFilter(request, response);
}
}
將 Nginx 註冊成 windows service
https://chaosweys.blogspot.com/2018/06/nginx-windows-service.html
Setting hash ip and pass client ip through the loading balance to down stream
https://serverfault.com/questions/832790/sticky-sessions-with-nginx-proxy
Hot reload configuration
https://serverfault.com/questions/378581/nginx-config-reload-without-downtime
service nginx reload or /etc/init.d/nginx reload
Nginx 設定反向代理 Reverse Proxy
- freemarker
- thymeleaf
- JMX (jconsole)
- ZeroMQ
- microk8s
- multipass
- pwsh (powershell)