Skip to content

Instantly share code, notes, and snippets.

@brooksphilip

brooksphilip/nginx.conf

Last active February 3, 2025 19:04
Show Gist options
  • Save brooksphilip/56131ffd188acd49dcbb27632c1744cd to your computer and use it in GitHub Desktop.
Save brooksphilip/56131ffd188acd49dcbb27632c1744cd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nginx.conf
# HTTP Configuration with WebSocket Support
server {
listen 80 bind 192.168.1.100; # Bind to eth1's IP for HTTP
server_name yourdomain.com;
location / {
proxy_pass http://backend_server_ip:port;
# WebSocket Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Standard Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# HTTPS Configuration with WebSocket Support
server {
listen 443 ssl bind 192.168.1.100; # Bind to eth1's IP for HTTPS
server_name yourdomain.com;
ssl_certificate /path/to/your/cert.pem;
ssl_certificate_key /path/to/your/key.pem;
location / {
proxy_pass https://backend_server_ip:port;
# WebSocket Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Standard Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Raw
nginx2.conf
# -----------------------------
# SSL Passthrough Configuration (TCP Layer)
# -----------------------------
stream {
# SSL Passthrough for HTTPS (Port 443)
upstream backend_https {
server backend_server_ip:443; # Replace with your backend server IP
}
server {
listen 443 bind 192.168.1.100; # Bind to eth1's IP for passthrough
proxy_pass backend_https;
proxy_protocol on; # Optional: Enables PROXY protocol to forward client IPs
}
# Optional: TCP Forwarding for HTTP (Passthrough, not recommended unless needed)
upstream backend_http {
server backend_server_ip:80;
}
server {
listen 80 bind 192.168.1.100; # Passthrough for raw HTTP (rarely needed)
proxy_pass backend_http;
}
}
# -----------------------------
# HTTP/HTTPS Termination with WebSocket Support
# -----------------------------
http {
include mime.types;
default_type application/octet-stream;
# WebSocket & Standard Proxy Settings
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# HTTP Proxy with WebSocket Support
server {
listen 8080 bind 192.168.1.100; # Use port 8080 to avoid conflict with SSL passthrough
server_name yourdomain.com;
location / {
proxy_pass http://backend_server_ip:port; # Replace with actual backend IP:port
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# HTTPS Termination with WebSocket Support
server {
listen 8443 ssl bind 192.168.1.100; # Use port 8443 for SSL termination
server_name yourdomain.com;
ssl_certificate /path/to/your/cert.pem;
ssl_certificate_key /path/to/your/key.pem;
location / {
proxy_pass https://backend_server_ip:port; # Replace with actual backend IP:port
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment