|
|
| Line 5: |
Line 5: |
| * '''Apache''': https://gist.github.com/719014 | | * '''Apache''': https://gist.github.com/719014 |
| * '''Nginx''': https://gist.github.com/1355430 | | * '''Nginx''': https://gist.github.com/1355430 |
|
| |
| The reverse Proxy is quite Tricky if you have no idea what nginx does.
| |
| ive searched the web and merged some configs, this one works for me,
| |
| cut and paste replace SERVERNAME.NET for your domain name. and ofcourse the PATH for PUBLIC and Certifactes
| |
|
| |
| Problem here is not really NGinX but centos AUDIT, it took me a LONG while to figure out
| |
| that the AUDIT system was blocking requests
| |
| Basically this fixed it (+ disabling all hidden firewalls and just enabling iptables)
| |
|
| |
| cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mydiaspora
| |
|
| |
|
| |
| cat nginx.conf
| |
|
| |
| worker_processes 1;
| |
| daemon on;
| |
| events {
| |
| worker_connections 1024;
| |
| }
| |
| http {
| |
| include mime.types;
| |
| default_type application/octet-stream;
| |
| sendfile on;
| |
| keepalive_timeout 65;
| |
| gzip on;
| |
| gzip_http_version 1.0;
| |
| gzip_comp_level 2;
| |
| gzip_proxied any;
| |
| gzip_buffers 16 8k;
| |
| gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
| |
| gzip_disable "MSIE [1-6]\.(?!.*SV1)";
| |
| server_names_hash_bucket_size 128;
| |
| upstream thin_cluster {
| |
| server 0.0.0.0:3000;
| |
| }
| |
| server {
| |
| listen 80;
| |
| server_name 192.168.11.100 SERVERNAME.NET ;
| |
| rewrite ^(.*) https://SERVERNAME.NET$1 permanent;
| |
| }
| |
| server {
| |
| listen 443 default_server ssl;
| |
| server_name 192.168.11.100 SERVERNAME.NET;
| |
| root /home/diaspora/diaspora/public/;
| |
| ssl on;
| |
| ssl_certificate /etc/nginx/ssl-unified.crt;
| |
| ssl_certificate_key /etc/nginx/ssl.key;
| |
| location /uploads/images {
| |
| expires 1d;
| |
| add_header Cache-Control public;
| |
| }
| |
| location /assets {
| |
| expires 1d;
| |
| add_header Cache-Control public;
| |
| }
| |
| location ~ .php$ {
| |
| try_files $uri =404;
| |
| fastcgi_split_path_info ^(.+\.php)(/.+)$;
| |
| fastcgi_pass unix:/var/run/php5-fpm.sock;
| |
| fastcgi_index index.php;
| |
| fastcgi_buffers 8 16k;
| |
| fastcgi_buffer_size 32k;
| |
| fastcgi_connect_timeout 300;
| |
| fastcgi_send_timeout 300;
| |
| fastcgi_read_timeout 300;
| |
| include fastcgi_params;
| |
| }
| |
| location / {
| |
| proxy_set_header X-Real-IP $remote_addr;
| |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
| |
| proxy_set_header Host $http_host;
| |
| proxy_set_header X-Forwarded-Proto https;
| |
| proxy_redirect off;
| |
| client_max_body_size 4M;
| |
| client_body_buffer_size 128K;
| |
| if (-f $request_filename/index.html) {
| |
| rewrite (.*) $1/index.html break;
| |
| }
| |
| if (-f $request_filename.html) {
| |
| rewrite (.*) $1.html break;
| |
| }
| |
| if (!-f $request_filename) {
| |
| proxy_pass http://thin_cluster;
| |
| break;
| |
| }
| |
| }
| |
| error_page 500 502 503 504 /50x.html;
| |
| location = /50x.html {
| |
| root html;
| |
| proxy_pass http://localhost:3000;
| |
| proxy_read_timeout 90;
| |
| proxy_redirect http://localhost:3000 https://SERVERNAME.NET;
| |
| }
| |
| }
| |
| }
| |