Below is a list of general nginx configurations (or nginx conf) that can be used for different type of applications. These configurations are web application type specific.
NGINX simple config
server {
listen 80;
server_tokens off;
server_name <host_name> www.<host_name>;
location / {
#-- Location to the website/webapp
#-- default: /var/www/html
root <path_to_web>;
#-- If serving a static HTML website
#index index.html index.htm;
try_files $uri $uri/ =404;
}
location ~ /\.ht {
deny all;
}
# case insensitive matching
if ($http_user_agent ~* (netcrawl|npbot|malicious|LWP::Simple|BBBike|wget|jorgee)) {
return 403;
}
add_header Allow "GET, POST, HEAD" always;
if ( $request_method !~ ^(GET|POST|HEAD)$ ) {
return 405;
}
}
NGINX serving php files
server {
listen 80;
server_tokens off;
server_name <host_name> www.<host_name>;
location / {
#-- Location to the website/webapp
#-- default: /var/www/html
root <path_to_web>;
#-- If serving php website
index index.php index.html index.htm;
try_files $uri $uri/ =404;
}
# to enable fastcgi when using php
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
# case insensitive matching
if ($http_user_agent ~* (netcrawl|npbot|malicious|LWP::Simple|BBBike|wget|jorgee)) {
return 403;
}
add_header Allow "GET, POST, HEAD" always;
if ( $request_method !~ ^(GET|POST|HEAD)$ ) {
return 405;
}
}
NGINX to serve react apps as reverse proxy
server {
listen 80;
server_tokens off;
server_name <host_name> www.<host_name>;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ /\.ht {
deny all;
}
# case insensitive matching
if ($http_user_agent ~* (netcrawl|npbot|malicious|LWP::Simple|BBBike|wget|jorgee)) {
return 403;
}
}
NGINX as a load balancer with proxy settings
upstream lbapp {
server <VM IP address(public|private)>;
server <VM IP address(public|private)>;
}
server {
listen 80;
server_tokens off;
server_name <host_name> www.<host_name>;
location / {
proxy_pass http://lbapp;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# case insensitive matching
if ($http_user_agent ~* (netcrawl|npbot|malicious|LWP::Simple|BBBike|wget|jorgee)) {
return 403;
}
}