nginx obsluhuje >30% webového trafficu. Tady je jak ho nakonfigurovat.
Základní konfigurace¶
server {
listen 80;
server_name example.com;
root /var/www/html;
index index.html;
}
Reverse proxy¶
location /api/ {
proxy_pass http://localhost:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
SSL/TLS¶
server {
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
}
Load balancing¶
upstream backend {
least_conn;
server 10.0.0.1:3000;
server 10.0.0.2:3000;
}
Caching¶
location ~* .(jpg|css|js)$ {
expires 1y;
add_header Cache-Control “public, immutable”;
}
Gzip¶
gzip on; gzip_types text/plain text/css application/json application/javascript;
Rate limiting¶
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
Security¶
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security “max-age=31536000”;
Testování¶
Vždy: nginx -t před nginx -s reload. A monitorujte access + error logy.