Difference between revisions of "Nginx"
From HackerNet
| Line 18: | Line 18: | ||
} | } | ||
| − | ==Redirect HTTP till HTTPS== | + | ==HTTPS== |
| + | Konfigurationsexempel med säkerhet i fokus | ||
| + | |||
| + | server { | ||
| + | listen 443 ssl; | ||
| + | server_name secure.domän.se; | ||
| + | add_header Strict-Transport-Security max-age=15768000; | ||
| + | add_header X-Frame-Options DENY; | ||
| + | add_header X-Content-Type-Options nosniff; | ||
| + | ssl_certificate /path/to/cert.crt; | ||
| + | ssl_certificate_key /path/to/key.pem; | ||
| + | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ||
| + | ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!DSS:!RC4'; | ||
| + | ssl_prefer_server_ciphers on; | ||
| + | ssl_dhparam /path/to/dhparam.pem; | ||
| + | ... | ||
| + | } | ||
| + | |||
| + | ===Redirect HTTP till HTTPS=== | ||
server { | server { | ||
| Line 26: | Line 44: | ||
# 301 = permanent redirect, 302 = temporary redirect | # 301 = permanent redirect, 302 = temporary redirect | ||
return 301 https://domän.se$request_uri; | return 301 https://domän.se$request_uri; | ||
| + | } | ||
| + | |||
| + | ===Redirect HTTP till HTTPS, ej standardport=== | ||
| + | Nginx har en egen HTTP-statuskod för detta. | ||
| + | |||
| + | server { | ||
| + | listen 1234 ssl; | ||
| + | server_name sub.domän.se; | ||
| + | ... | ||
| + | error_page 497 https://$host:1234$request_uri; | ||
| + | ... | ||
} | } | ||
Revision as of 14:26, 21 December 2014
nginx är en lättviktig webbserver och proxy.
Installation
sudo add-apt-repository ppa:nginx/stable && sudo apt-get update && sudo apt-get install nginx
Contents
Reverse Proxy
Nginx fungerar utmärkt som en reverse proxy för webbtrafik.
Exempel
server {
listen 80;
server_name sub.domän.se;
location / {
proxy_pass http://10.0.0.10:3000;
include /etc/nginx/proxy_params;
}
}
HTTPS
Konfigurationsexempel med säkerhet i fokus
server {
listen 443 ssl;
server_name secure.domän.se;
add_header Strict-Transport-Security max-age=15768000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_certificate /path/to/cert.crt;
ssl_certificate_key /path/to/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!DSS:!RC4';
ssl_prefer_server_ciphers on;
ssl_dhparam /path/to/dhparam.pem;
...
}
Redirect HTTP till HTTPS
server {
listen 80;
server_name domän.se;
# 301 = permanent redirect, 302 = temporary redirect
return 301 https://domän.se$request_uri;
}
Redirect HTTP till HTTPS, ej standardport
Nginx har en egen HTTP-statuskod för detta.
server {
listen 1234 ssl;
server_name sub.domän.se;
...
error_page 497 https://$host:1234$request_uri;
...
}
