osamaqarem · July 20, 2025 15:50 · Oct 24, 2020 · Oct 24, 2020 · Oct 24, 2020 · Oct 24, 2020
diff --git a/nginx_macos.md b/nginx_macos.md
@@ -40,6 +40,8 @@ In the block shown below - we created a web server:
 Therefore, this block is saying: proxy all requests at http://localhost:80 to http://localhost:3000.
 
 ```nginx
+# nginx.conf
+
 server {
         listen 80;
         server_name localhost;
@@ -100,6 +102,8 @@ The location of the files generated will be at /etc/letsencrypt/archive. It also
 To change our initial basic setup to use SSL and our domain name, this is how it would look like:
 
 ```nginx
+# nginx.conf
+
 server {
     listen 443 ssl;
     server_name mydomain.com;

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -115,7 +115,7 @@ server {
 
 - "Managed by certbot" is a line added by certbot automatically after adjusting your nginx.conf file if you ran the automatic command. Otherwise you can amend your nginx.conf manually to include your SSL certificates.
 
-- One issue faced here is that the user process running nginx did not have the required permissions to read the certificates (error when running nginx -t). Grant the necessary permissions using chmod on the real SSL files at /etc/letsencrypt/archive/ekyc-demo.xyz/ and the symbolic ones at /etc/letsencrypt/live/ekyc-demo.xyz/.
+- One issue faced here is that the user process running nginx did not have the required permissions to read the certificates (error when running nginx -t). Grant the necessary permissions using chmod on the real SSL files at /etc/letsencrypt/archive/mydomain.com/ and the symbolic ones at /etc/letsencrypt/live/mydomain.com/.
 
 Perform a comprehensive SSL test using [SSL Labs](https://www.ssllabs.com/ssltest/).
 

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -236,6 +236,8 @@ http {
 
 ### Suggestions
 
-- A cleaner solution would have regex based HTTP redirects to HTTPS subdomains instead of multiple HTTP server blocks and wildcard SSL certificates instead of different SSL certificates for each subdomain.
+- Regex based HTTP redirects to HTTPS subdomains instead of multiple HTTP server blocks. 
+
+- Wildcard SSL certificate instead of different SSL certificates for each subdomain.
 
 - The SSL certificate generated here achieves a rating of B on [SSL labs](https://www.ssllabs.com/ssltest/). Todo for A+?
diff --git a/nginx_macos.md b/nginx_macos.md
@@ -234,4 +234,8 @@ http {
 }
 ```
 
+### Suggestions
+
 - A cleaner solution would have regex based HTTP redirects to HTTPS subdomains instead of multiple HTTP server blocks and wildcard SSL certificates instead of different SSL certificates for each subdomain.
+
+- The SSL certificate generated here achieves a rating of B on [SSL labs](https://www.ssllabs.com/ssltest/). Todo for A+?
diff --git a/nginx_macos.md b/nginx_macos.md
@@ -55,7 +55,7 @@ server {
 
 The webserver server_name will usually point to a domain name - which DNS records should be set up for so it resolves to our public IP address. However, if that IP is dynamic its a problem as it eventually changes.
 
-In my case, I had a domain with namecheap and they allow you to update the IP address that a special DNS record points to with a GET request.
+In my case, I had a domain with namecheap and they allow you to update the IP address that a special DNS record points to with a [GET request](https://www.namecheap.com/support/knowledgebase/article.aspx/29/11/how-do-i-use-a-browser-to-dynamically-update-the-hosts-ip/).
 
 Therefore, we can automate that process with a bash script and a cronjob:
 

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -32,7 +32,9 @@ The full nginx.conf file will be at the end - this here is a basic proxy example
 In the block shown below - we created a web server:
 
 1- 80 is the web server port.
+
 2- localhost is where the web server is listening.
+
 3- proxy_pass is the location we would like to proxy to. Should be the app server.
 
 Therefore, this block is saying: proxy all requests at http://localhost:80 to http://localhost:3000.

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -1,6 +1,10 @@
 ## Install nginx (Homebrew)
 `brew install nginx`
 
+Configuration file for nginx will be at /usr/local/etc/nginx/nginx.conf
+
+Web apps can be stored at /usr/local/var/www
+
 ## Commands
 Start:
 
@@ -10,7 +14,7 @@ Stop:
 
 `nginx -s stop`
 
-Restart:
+Reload config:
 
 `nginx -s reload`
 
@@ -22,17 +26,22 @@ Lint:
 - Firewall was already disabled.
 - Port forward 80 & 443 in router settings.
 
-## Simple Reverse Proxy
+## Basic Reverse Proxy with Nginx
+The full nginx.conf file will be at the end - this here is a basic proxy example.
+
+In the block shown below - we created a web server:
+
+1- 80 is the web server port.
+2- localhost is where the web server is listening.
+3- proxy_pass is the location we would like to proxy to. Should be the app server.
+
+Therefore, this block is saying: proxy all requests at http://localhost:80 to http://localhost:3000.
 
 ```nginx
 server {
         listen 80;
-        server_name 192.168.100.190;
-
+        server_name localhost;
         location / {
-            proxy_set_header   X-Forwarded-For $remote_addr;
-            proxy_set_header   Host $http_host;
-            # node app server IP
             proxy_pass         http://192.168.100.190:3000; 
         }
     }
@@ -42,9 +51,11 @@ server {
 
 ### 1. Dynamic IP
 
-- In my case, the domain was under namecheap and they allow you to update the IP with a [GET request](https://www.namecheap.com/support/knowledgebase/article.aspx/29/11/how-do-i-use-a-browser-to-dynamically-update-the-hosts-ip/).
+The webserver server_name will usually point to a domain name - which DNS records should be set up for so it resolves to our public IP address. However, if that IP is dynamic its a problem as it eventually changes.
+
+In my case, I had a domain with namecheap and they allow you to update the IP address that a special DNS record points to with a GET request.
 
-- Shell script to update DDNS namecheap record.
+Therefore, we can automate that process with a bash script and a cronjob:
 
 ```sh
 #!/usr/bin/env sh
@@ -56,7 +67,7 @@ curl --request GET \
   --url $URL
 ```
 
-Executed via a Cronjob. Commands:
+Crontab:
 
 - List cronjobs:
 
@@ -68,30 +79,49 @@ Executed via a Cronjob. Commands:
 
 ### 2. SSL
 
+Using Certbot (Let's Encrypt client) guide it is straightforward:
+
+Install certbot:
+
 `brew install certbot`
 
-Manual:
+To only generate certificate:
 
 `sudo certbot certonly --standalone -d mydomain.com`
 
-Auto adjust nginx config:
+To generate certificate and update nginx.conf file automatically:
 
 `sudo certbot --nginx`
 
-After this, nginx didn't have the permissions to access the certificates.
+The location of the files generated will be at /etc/letsencrypt/archive. It also generates symbolic links to those files at /etc/letsencrypt/live.
 
-Temporary solution to folder permissions issue (probably very dangerous):
+To change our initial basic setup to use SSL and our domain name, this is how it would look like:
 
+```nginx
+server {
+    listen 443 ssl;
+    server_name mydomain.com;
+
+    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
+
+    location / {
+        proxy_pass         http://localhost:3000; 
+    }
+}
 ```
-# Grant recursive read write permissions
-sudo chmod -R 777 /etc/letsencrypt/archive 
-sudo chmod -R 777 /etc/letsencrypt/live 
-```
+
+- "Managed by certbot" is a line added by certbot automatically after adjusting your nginx.conf file if you ran the automatic command. Otherwise you can amend your nginx.conf manually to include your SSL certificates.
+
+- One issue faced here is that the user process running nginx did not have the required permissions to read the certificates (error when running nginx -t). Grant the necessary permissions using chmod on the real SSL files at /etc/letsencrypt/archive/ekyc-demo.xyz/ and the symbolic ones at /etc/letsencrypt/live/ekyc-demo.xyz/.
+
+Perform a comprehensive SSL test using [SSL Labs](https://www.ssllabs.com/ssltest/).
 
 ## Full Setup
 
 - 2 Apps on localhost 3000 and 5000.
 - Each with own subdomain and SSL certificates.
+- HTTP redirects to HTTPS.
 
 ```nginx
 #user  nobody;
@@ -201,3 +231,5 @@ http {
     }
 }
 ```
+
+- A cleaner solution would have regex based HTTP redirects to HTTPS subdomains instead of multiple HTTP server blocks and wildcard SSL certificates instead of different SSL certificates for each subdomain.
diff --git a/nginx_macos.md b/nginx_macos.md
@@ -50,7 +50,7 @@ server {
 #!/usr/bin/env sh
 IP4=$(dig @resolver1.opendns.com ANY myip.opendns.com +short)
 echo "$IP4"
-URL="https://dynamicdns.park-your-domain.com/update?host=%40&domain=ekyc-demo.xyz&password=mypassword&ip=""${IP4}"
+URL="https://dynamicdns.park-your-domain.com/update?host=%40&domain=mydomain.com&password=mypassword&ip=""${IP4}"
 echo "$URL"
 curl --request GET \
   --url $URL
@@ -72,7 +72,7 @@ Executed via a Cronjob. Commands:
 
 Manual:
 
-`sudo certbot certonly --standalone -d ekyc-demo.xyz`
+`sudo certbot certonly --standalone -d mydomain.com`
 
 Auto adjust nginx config:
 
@@ -147,24 +147,24 @@ http {
     # Root domain HTTP #
     server {
         listen 80;
-        server_name ekyc-demo.xyz;
+        server_name mydomain.com;
         return 301 https://$server_name$request_uri;
     }
     server {
         listen 80;
-        server_name app1.ekyc-demo.xyz;
+        server_name app1.mydomain.com;
         return 301 https://$server_name$request_uri;
     }
     server {
         listen 80;
-        server_name app2.ekyc-demo.xyz;
+        server_name app2.mydomain.com;
         return 301 https://$server_name$request_uri;
     }
     # Root domain HTTPS #
     server {
         listen 443 ssl;
-        ssl_certificate      /etc/letsencrypt/live/ekyc-demo.xyz/fullchain.pem;
-        ssl_certificate_key  /etc/letsencrypt/live/ekyc-demo.xyz/privkey.pem;
+        ssl_certificate      /etc/letsencrypt/live/mydomain.com/fullchain.pem;
+        ssl_certificate_key  /etc/letsencrypt/live/mydomain.com/privkey.pem;
 
         ssl_session_cache    shared:SSL:1m;
         ssl_session_timeout  5m;
@@ -179,9 +179,9 @@ http {
     # App 1 #    
     server {
         listen 443 ssl;
-        server_name app1.ekyc-demo.xyz;
-        ssl_certificate /etc/letsencrypt/live/app1.ekyc-demo.xyz/fullchain.pem; # managed by Certbot
-        ssl_certificate_key /etc/letsencrypt/live/app1.ekyc-demo.xyz/privkey.pem; # managed by Certbot
+        server_name app1.mydomain.com;
+        ssl_certificate /etc/letsencrypt/live/app1.mydomain.com/fullchain.pem; # managed by Certbot
+        ssl_certificate_key /etc/letsencrypt/live/app1.mydomain.com/privkey.pem; # managed by Certbot
 
         location / {
             proxy_pass         http://localhost:3000;
@@ -191,9 +191,9 @@ http {
     # App 2 #    
     server {
          listen 443 ssl;
-         server_name app2.ekyc-demo.xyz;
-         ssl_certificate /etc/letsencrypt/live/app2.ekyc-demo.xyz/fullchain.pem; # managed by Certbot
-         ssl_certificate_key /etc/letsencrypt/live/app2.ekyc-demo.xyz/privkey.pem; # managed by Certbot
+         server_name app2.mydomain.com;
+         ssl_certificate /etc/letsencrypt/live/app2.mydomain.com/fullchain.pem; # managed by Certbot
+         ssl_certificate_key /etc/letsencrypt/live/app2.mydomain.com/privkey.pem; # managed by Certbot
 
          location / {
             proxy_pass         http://localhost:5000;

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -66,9 +66,7 @@ Executed via a Cronjob. Commands:
 
 `crontab -e`
 
-### 2. Browser Caches Page Until Manual Referesh
-
-### 3. SSL
+### 2. SSL
 
 `brew install certbot`
 
@@ -185,12 +183,6 @@ http {
         ssl_certificate /etc/letsencrypt/live/app1.ekyc-demo.xyz/fullchain.pem; # managed by Certbot
         ssl_certificate_key /etc/letsencrypt/live/app1.ekyc-demo.xyz/privkey.pem; # managed by Certbot
 
-        # Forward the headers to the proxied server #   
-        proxy_set_header  X-Forwarded-For $remote_addr;
-        proxy_set_header  Host $http_host;
-        proxy_set_header  X-Real-IP $remote_addr;
-        proxy_set_header  X-Forwarded-Proto https;
-
         location / {
             proxy_pass         http://localhost:3000;
         }
@@ -203,16 +195,9 @@ http {
          ssl_certificate /etc/letsencrypt/live/app2.ekyc-demo.xyz/fullchain.pem; # managed by Certbot
          ssl_certificate_key /etc/letsencrypt/live/app2.ekyc-demo.xyz/privkey.pem; # managed by Certbot
 
-         # Forward the headers to the proxied server #   
-         proxy_set_header  X-Forwarded-For $remote_addr;
-         proxy_set_header  Host $http_host;
-         proxy_set_header  X-Real-IP $remote_addr;
-         proxy_set_header  X-Forwarded-Proto https;
-        
          location / {
-             proxy_pass         http://localhost:5000;
+            proxy_pass         http://localhost:5000;
          }
     }
 }
-
 ```
diff --git a/nginx_macos.md b/nginx_macos.md
@@ -66,9 +66,9 @@ Executed via a Cronjob. Commands:
 
 `crontab -e`
 
-### 1. Users see old page until refreshing.
+### 2. Browser Caches Page Until Manual Referesh
 
-### 2. SSL
+### 3. SSL
 
 `brew install certbot`
 

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -18,9 +18,8 @@ Lint:
 
 `nginx -t`
 
-## Expose Public IP
+## Firewall
 - Firewall was already disabled.
-- Changed nginx port to 80 in `nginx.conf`.
 - Port forward 80 & 443 in router settings.
 
 ## Simple Reverse Proxy

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -21,8 +21,7 @@ Lint:
 ## Expose Public IP
 - Firewall was already disabled.
 - Changed nginx port to 80 in `nginx.conf`.
-- Port forward 80 in router settings.
-- Public IP now visible.
+- Port forward 80 & 443 in router settings.
 
 ## Simple Reverse Proxy
 

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -42,17 +42,9 @@ server {
 
 ## Issues
 
-### IP change. How to get a Static Public IP Address?
-- Get a Dynamic DNS Service for your domain. Your machine will ping the service to with the latest Public IP address using DDNS client e.g. (https://github.com/troglobit/inadyn).
+### 1. Dynamic IP
 
-- In my case, my D-LINK router had a DDNS client.
-https://www.namecheap.com/support/knowledgebase/article.aspx/9356/11/how-to-configure-a-ddwrt-router
-
-- Therefore, The DNS record will be updated with the latest Public IP address. The DNS servers will always resolve yourdomainname to the latest Public IP address.
-
-- Namecheap provides a free one with their domains.
-To use it: 
-https://www.namecheap.com/support/knowledgebase/article.aspx/36/11/how-do-i-start-using-dynamic-dns
+- In my case, the domain was under namecheap and they allow you to update the IP with a [GET request](https://www.namecheap.com/support/knowledgebase/article.aspx/29/11/how-do-i-use-a-browser-to-dynamically-update-the-hosts-ip/).
 
 - Shell script to update DDNS namecheap record.
 
@@ -76,9 +68,9 @@ Executed via a Cronjob. Commands:
 
 `crontab -e`
 
-### Users see old page until refreshing.
+### 1. Users see old page until refreshing.
 
-### SSL
+### 2. SSL
 
 `brew install certbot`
 

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -40,7 +40,70 @@ server {
     }
 ```
 
-## Multi Server/Subdomain
+## Issues
+
+### IP change. How to get a Static Public IP Address?
+- Get a Dynamic DNS Service for your domain. Your machine will ping the service to with the latest Public IP address using DDNS client e.g. (https://github.com/troglobit/inadyn).
+
+- In my case, my D-LINK router had a DDNS client.
+https://www.namecheap.com/support/knowledgebase/article.aspx/9356/11/how-to-configure-a-ddwrt-router
+
+- Therefore, The DNS record will be updated with the latest Public IP address. The DNS servers will always resolve yourdomainname to the latest Public IP address.
+
+- Namecheap provides a free one with their domains.
+To use it: 
+https://www.namecheap.com/support/knowledgebase/article.aspx/36/11/how-do-i-start-using-dynamic-dns
+
+- Shell script to update DDNS namecheap record.
+
+```sh
+#!/usr/bin/env sh
+IP4=$(dig @resolver1.opendns.com ANY myip.opendns.com +short)
+echo "$IP4"
+URL="https://dynamicdns.park-your-domain.com/update?host=%40&domain=ekyc-demo.xyz&password=mypassword&ip=""${IP4}"
+echo "$URL"
+curl --request GET \
+  --url $URL
+```
+
+Executed via a Cronjob. Commands:
+
+- List cronjobs:
+
+`crontab -l`
+
+- Add cronjob (useful: https://crontab.guru)
+
+`crontab -e`
+
+### Users see old page until refreshing.
+
+### SSL
+
+`brew install certbot`
+
+Manual:
+
+`sudo certbot certonly --standalone -d ekyc-demo.xyz`
+
+Auto adjust nginx config:
+
+`sudo certbot --nginx`
+
+After this, nginx didn't have the permissions to access the certificates.
+
+Temporary solution to folder permissions issue (probably very dangerous):
+
+```
+# Grant recursive read write permissions
+sudo chmod -R 777 /etc/letsencrypt/archive 
+sudo chmod -R 777 /etc/letsencrypt/live 
+```
+
+## Full Setup
+
+- 2 Apps on localhost 3000 and 5000.
+- Each with own subdomain and SSL certificates.
 
 ```nginx
 #user  nobody;
@@ -75,8 +138,6 @@ http {
         default                                             1;
         ~*\.(ico|css|js|gif|jpg|jpeg|png|svg|woff|ttf|eot)$ 0;
     }
-    # store request body in temp file for debugging #
-    # client_body_in_file_only on;
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$request_body_file"';
@@ -87,101 +148,81 @@ http {
     keepalive_timeout  65;
     #gzip  on;
         
-    server {
-        listen 80;
-        server_name ekyc-demo.xyz www.ekyc-demo.xyz;
-        
-        # Max user upload size #
-        client_max_body_size 20M;
-        # Uploaded file RAM buffer instead of temp file #
-        client_body_buffer_size 20M;
+    # Max user upload size #
+    client_max_body_size 20M;
+    # Uploaded file RAM buffer instead of temp file #
+    client_body_buffer_size 20M;
+    # store request body in temp file for debugging #
+    # client_body_in_file_only on;
 
-        # Forward the client's IP address to the proxied server #   
-        proxy_set_header   X-Forwarded-For $remote_addr;
-        proxy_set_header   Host $http_host;
 
-        location / {
-            return 403;
-        }
+    # Root domain HTTP #
+    server {
+        listen 80;
+        server_name ekyc-demo.xyz;
+        return 301 https://$server_name$request_uri;
     }
-        
     server {
         listen 80;
         server_name app1.ekyc-demo.xyz;
-        location / {
-            proxy_pass         http://localhost:3000;
-        }
+        return 301 https://$server_name$request_uri;
     }
-        
     server {
         listen 80;
         server_name app2.ekyc-demo.xyz;
-        location / {
-            proxy_pass         http://localhost:5000;
-        }
+        return 301 https://$server_name$request_uri;
     }
+    # Root domain HTTPS #
+    server {
+        listen 443 ssl;
+        ssl_certificate      /etc/letsencrypt/live/ekyc-demo.xyz/fullchain.pem;
+        ssl_certificate_key  /etc/letsencrypt/live/ekyc-demo.xyz/privkey.pem;
 
-    # HTTPS server
-    #
-    #server {
-    #    listen       443 ssl;
-    #    server_name  localhost;
-
-    #    ssl_certificate      cert.pem;
-    #    ssl_certificate_key  cert.key;
+        ssl_session_cache    shared:SSL:1m;
+        ssl_session_timeout  5m;
+        ssl_ciphers  HIGH:!aNULL:!MD5;
+        ssl_prefer_server_ciphers  on;
 
-    #    ssl_session_cache    shared:SSL:1m;
-    #    ssl_session_timeout  5m;
+        location / {
+            return 403;
+        }
+    }
 
-    #    ssl_ciphers  HIGH:!aNULL:!MD5;
-    #    ssl_prefer_server_ciphers  on;
+    # App 1 #    
+    server {
+        listen 443 ssl;
+        server_name app1.ekyc-demo.xyz;
+        ssl_certificate /etc/letsencrypt/live/app1.ekyc-demo.xyz/fullchain.pem; # managed by Certbot
+        ssl_certificate_key /etc/letsencrypt/live/app1.ekyc-demo.xyz/privkey.pem; # managed by Certbot
 
-    #    location / {
-    #        root   html;
-    #        index  index.html index.htm;
-    #    }
-    #}
+        # Forward the headers to the proxied server #   
+        proxy_set_header  X-Forwarded-For $remote_addr;
+        proxy_set_header  Host $http_host;
+        proxy_set_header  X-Real-IP $remote_addr;
+        proxy_set_header  X-Forwarded-Proto https;
 
-    include servers/*;
+        location / {
+            proxy_pass         http://localhost:3000;
+        }
+    }
+    
+    # App 2 #    
+    server {
+         listen 443 ssl;
+         server_name app2.ekyc-demo.xyz;
+         ssl_certificate /etc/letsencrypt/live/app2.ekyc-demo.xyz/fullchain.pem; # managed by Certbot
+         ssl_certificate_key /etc/letsencrypt/live/app2.ekyc-demo.xyz/privkey.pem; # managed by Certbot
+
+         # Forward the headers to the proxied server #   
+         proxy_set_header  X-Forwarded-For $remote_addr;
+         proxy_set_header  Host $http_host;
+         proxy_set_header  X-Real-IP $remote_addr;
+         proxy_set_header  X-Forwarded-Proto https;
+        
+         location / {
+             proxy_pass         http://localhost:5000;
+         }
+    }
 }
-```
 
-## Issues
-
-### IP change. How to get a Static Public IP Address?
-- Get a Dynamic DNS Service for your domain. Your machine will ping the service to with the latest Public IP address using DDNS client e.g. (https://github.com/troglobit/inadyn).
-
-- In my case, my D-LINK router had a DDNS client.
-https://www.namecheap.com/support/knowledgebase/article.aspx/9356/11/how-to-configure-a-ddwrt-router
-
-- Therefore, The DNS record will be updated with the latest Public IP address. The DNS servers will always resolve yourdomainname to the latest Public IP address.
-
-- Namecheap provides a free one with their domains.
-To use it: 
-https://www.namecheap.com/support/knowledgebase/article.aspx/36/11/how-do-i-start-using-dynamic-dns
-
-- Shell script to update DDNS namecheap record.
-
-```sh
-#!/usr/bin/env sh
-IP4=$(dig @resolver1.opendns.com ANY myip.opendns.com +short)
-echo "$IP4"
-URL="https://dynamicdns.park-your-domain.com/update?host=%40&domain=ekyc-demo.xyz&password=mypassword&ip=""${IP4}"
-echo "$URL"
-curl --request GET \
-  --url $URL
 ```
-
-Executed via a Cronjob. Commands:
-
-- List cronjobs:
-
-`crontab -l`
-
-- Add cronjob (useful: https://crontab.guru)
-
-`crontab -e`
-
-### Users see old page until refreshing.
-
-### SSL
diff --git a/nginx_macos.md b/nginx_macos.md
@@ -40,7 +40,7 @@ server {
     }
 ```
 
-## Multi Server/Subdomain Setup `nginx.conf`
+## Multi Server/Subdomain
 
 ```nginx
 #user  nobody;

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -24,8 +24,7 @@ Lint:
 - Port forward 80 in router settings.
 - Public IP now visible.
 
-## Reverse Proxy
-- Add reverse proxy server block for nginx:
+## Simple Reverse Proxy
 
 ```nginx
 server {

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -1,4 +1,4 @@
-## Install nginx with Homebrew
+## Install nginx (Homebrew)
 `brew install nginx`
 
 ## Commands

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -1,7 +1,4 @@
-- You have a NodeJS server running at `192.168.100.190:3000` and you want to proxy it from your public IP with nginx.
-- You have Homebrew.
-
-## Install nginx
+## Install nginx with Homebrew
 `brew install nginx`
 
 ## Commands

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -44,7 +44,7 @@ server {
     }
 ```
 
-## Full `nginx.conf` File
+## Multi Server/Subdomain Setup `nginx.conf`
 
 ```nginx
 #user  nobody;

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -164,6 +164,28 @@ https://www.namecheap.com/support/knowledgebase/article.aspx/9356/11/how-to-conf
 To use it: 
 https://www.namecheap.com/support/knowledgebase/article.aspx/36/11/how-do-i-start-using-dynamic-dns
 
+- Shell script to update DDNS namecheap record.
+
+```sh
+#!/usr/bin/env sh
+IP4=$(dig @resolver1.opendns.com ANY myip.opendns.com +short)
+echo "$IP4"
+URL="https://dynamicdns.park-your-domain.com/update?host=%40&domain=ekyc-demo.xyz&password=mypassword&ip=""${IP4}"
+echo "$URL"
+curl --request GET \
+  --url $URL
+```
+
+Executed via a Cronjob. Commands:
+
+- List cronjobs:
+
+`crontab -l`
+
+- Add cronjob (useful: https://crontab.guru)
+
+`crontab -e`
+
 ### Users see old page until refreshing.
 
 ### SSL
diff --git a/nginx_macos.md b/nginx_macos.md
@@ -84,7 +84,7 @@ http {
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$request_body_file"';
-    access_log  logs/access.log  main buffer=32k flush=10s if=$loggable;
+    access_log  logs/access.log  main buffer=32k flush=30m if=$loggable;
 
     sendfile        on;
     #tcp_nopush     on;
@@ -93,20 +93,35 @@ http {
         
     server {
         listen 80;
-        server_name 192.168.100.190;
+        server_name ekyc-demo.xyz www.ekyc-demo.xyz;
         
         # Max user upload size #
         client_max_body_size 20M;
         # Uploaded file RAM buffer instead of temp file #
         client_body_buffer_size 20M;
 
-        location / {
-            proxy_set_header   X-Forwarded-For $remote_addr;
-            proxy_set_header   Host $http_host;
-            proxy_pass         http://192.168.100.190:3000;
+        # Forward the client's IP address to the proxied server #   
+        proxy_set_header   X-Forwarded-For $remote_addr;
+        proxy_set_header   Host $http_host;
 
-            # expires 30d;
-            # expires @15h30m;
+        location / {
+            return 403;
+        }
+    }
+        
+    server {
+        listen 80;
+        server_name app1.ekyc-demo.xyz;
+        location / {
+            proxy_pass         http://localhost:3000;
+        }
+    }
+        
+    server {
+        listen 80;
+        server_name app2.ekyc-demo.xyz;
+        location / {
+            proxy_pass         http://localhost:5000;
         }
     }
 

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -17,6 +17,10 @@ Restart:
 
 `nginx -s reload`
 
+Lint:
+
+`nginx -t`
+
 ## Expose Public IP
 - Firewall was already disabled.
 - Changed nginx port to 80 in `nginx.conf`.

diff --git a/nginx_macos.md b/nginx_macos.md
@@ -5,6 +5,10 @@
 `brew install nginx`
 
 ## Commands
+Start:
+
+`nginx`
+
 Stop:
 
 `nginx -s stop`

diff --git a/ngninx_macos.md → nginx_macos.md b/ngninx_macos.md → nginx_macos.md
@@ -1,8 +1,8 @@
 - You have a NodeJS server running at `192.168.100.190:3000` and you want to proxy it from your public IP with nginx.
 - You have Homebrew.
 
-## Install ngnix
-`brew install ngnix`
+## Install nginx
+`brew install nginx`
 
 ## Commands
 Stop:

diff --git a/ngninx_macos.md b/ngninx_macos.md
@@ -1,9 +1,8 @@
-## Assumptions
-- You have Node.JS
-- You have Homebrew
+- You have a NodeJS server running at `192.168.100.190:3000` and you want to proxy it from your public IP with nginx.
+- You have Homebrew.
 
 ## Install ngnix
-`brew install nodejs`
+`brew install ngnix`
 
 ## Commands
 Stop:

diff --git a/ngninx_macos.md b/ngninx_macos.md
@@ -129,7 +129,6 @@ http {
 ```
 
 ## Issues
-### Users see old page until refreshing.
 
 ### IP change. How to get a Static Public IP Address?
 - Get a Dynamic DNS Service for your domain. Your machine will ping the service to with the latest Public IP address using DDNS client e.g. (https://github.com/troglobit/inadyn).
@@ -142,4 +141,7 @@ https://www.namecheap.com/support/knowledgebase/article.aspx/9356/11/how-to-conf
 - Namecheap provides a free one with their domains.
 To use it: 
 https://www.namecheap.com/support/knowledgebase/article.aspx/36/11/how-do-i-start-using-dynamic-dns
+
+### Users see old page until refreshing.
+
 ### SSL
diff --git a/ngninx_macos.md b/ngninx_macos.md
@@ -131,9 +131,6 @@ http {
 ## Issues
 ### Users see old page until refreshing.
 
-### API Call -> Request entity too large.
-- Add the following to server block to increase the maximum client request size to 5M: `client_max_body_size 5M;`
-
 ### IP change. How to get a Static Public IP Address?
 - Get a Dynamic DNS Service for your domain. Your machine will ping the service to with the latest Public IP address using DDNS client e.g. (https://github.com/troglobit/inadyn).
 

diff --git a/ngninx_macos.md b/ngninx_macos.md
@@ -1,5 +1,10 @@
+## Assumptions
+- You have Node.JS
+- You have Homebrew
+
 ## Install ngnix
 `brew install nodejs`
+
 ## Commands
 Stop:
 
@@ -11,9 +16,10 @@ Restart:
 
 ## Expose Public IP
 - Firewall was already disabled.
-- Changed nginx port to 80.
+- Changed nginx port to 80 in `nginx.conf`.
 - Port forward 80 in router settings.
 - Public IP now visible.
+
 ## Reverse Proxy
 - Add reverse proxy server block for nginx:
 

diff --git a/ngninx_macos.md b/ngninx_macos.md
@@ -16,7 +16,8 @@ Restart:
 - Public IP now visible.
 ## Reverse Proxy
 - Add reverse proxy server block for nginx:
-```
+
+```nginx
 server {
         listen 80;
         server_name 192.168.100.190;

diff --git a/ngninx_macos.md b/ngninx_macos.md
@@ -29,6 +29,98 @@ server {
         }
     }
 ```
+
+## Full `nginx.conf` File
+
+```nginx
+#user  nobody;
+
+# Number of processes should not exceed number of cores #
+worker_processes  1;
+
+# MINIMUM (probably too low): worker_connections * 2 file descriptors = 512 #
+# No need to multiply by worker_prcocesses as the limit is applied to each worker #
+# 1 descriptor for client connection, 1 for proxied server #
+# Could be more based on conf. Could be limited by system (ulimit -n) #
+worker_rlimit_nofile 1024;
+
+events {
+    # Default 1024 #
+    worker_connections  256;
+}
+
+# Error Log #
+error_log  logs/error.log;
+error_log  logs/error.log  notice;
+error_log  logs/error.log  info;
+# Process ID Log #
+pid        logs/nginx.pid;
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    # Access Logs #
+    map $request_uri $loggable {
+        default                                             1;
+        ~*\.(ico|css|js|gif|jpg|jpeg|png|svg|woff|ttf|eot)$ 0;
+    }
+    # store request body in temp file for debugging #
+    # client_body_in_file_only on;
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                     '$status $body_bytes_sent "$http_referer" '
+                     '"$http_user_agent" "$request_body_file"';
+    access_log  logs/access.log  main buffer=32k flush=10s if=$loggable;
+
+    sendfile        on;
+    #tcp_nopush     on;
+    keepalive_timeout  65;
+    #gzip  on;
+        
+    server {
+        listen 80;
+        server_name 192.168.100.190;
+        
+        # Max user upload size #
+        client_max_body_size 20M;
+        # Uploaded file RAM buffer instead of temp file #
+        client_body_buffer_size 20M;
+
+        location / {
+            proxy_set_header   X-Forwarded-For $remote_addr;
+            proxy_set_header   Host $http_host;
+            proxy_pass         http://192.168.100.190:3000;
+
+            # expires 30d;
+            # expires @15h30m;
+        }
+    }
+
+    # HTTPS server
+    #
+    #server {
+    #    listen       443 ssl;
+    #    server_name  localhost;
+
+    #    ssl_certificate      cert.pem;
+    #    ssl_certificate_key  cert.key;
+
+    #    ssl_session_cache    shared:SSL:1m;
+    #    ssl_session_timeout  5m;
+
+    #    ssl_ciphers  HIGH:!aNULL:!MD5;
+    #    ssl_prefer_server_ciphers  on;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+    include servers/*;
+}
+```
+
 ## Issues
 ### Users see old page until refreshing.