This document outlines the Nginx configuration used for `domain.com`. It includes basic server settings, proxy configurations, and security enhancements.

Nginx Configuration.md

Here's a Markdown (.md) file detailing the Nginx setup:

# Nginx Configuration for domain.com

This document outlines the Nginx configuration used for `domain.com`. It includes basic server settings, proxy configurations, and security enhancements.

## Nginx Configuration

```nginx
server {
    listen 80;
    # Uncomment the following line for SSL setup
    # listen 443 ssl http2;
    
    server_name domain.com;

    sendfile on;  # Enables efficient file transfer
    client_max_body_size 20M;  # Limits client request body size

    # Uncomment and add your SSL certificate details for HTTPS setup
    # ssl_certificate /path/to/certificate.crt;
    # ssl_certificate_key /path/to/private.key;

    location / {
        proxy_pass http://127.0.0.1:8000;  # Forward requests to backend server
        proxy_set_header Host $host;  # Pass the host header
        proxy_set_header X-Real-IP $remote_addr;  # Forward the real IP address
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  # Forward forwarded IPs
        proxy_set_header REMOTE-HOST $remote_addr;  # Pass the remote host address
        add_header X-Cache $upstream_cache_status;  # Include cache status header
        
        # Timeouts for connecting, reading, and sending requests
        proxy_connect_timeout 30s;
        proxy_read_timeout 86400s;  # Long timeout for long-running requests
        proxy_send_timeout 30s;
        
        proxy_http_version 1.1;  # Use HTTP/1.1 for better compatibility with WebSockets
        proxy_set_header Upgrade $http_upgrade;  # Support WebSocket upgrade requests
        proxy_set_header Connection "upgrade";  # WebSocket connection upgrade header
        proxy_cookie_path / "/; secure; HttpOnly; SameSite=None";  # Cookie settings for security
    }

    # Log file configuration
    access_log /var/log/nginx/domain.com.log;
    error_log /var/log/nginx/domain.com.error.log;
}

Key Configurations

• Listening Ports:

  • Port 80 (HTTP) is used by default.
  • Port 443 (HTTPS) can be enabled by uncommenting the corresponding line and adding your SSL certificate details.

• Proxy Settings:

  • Requests are forwarded to the backend server running on http://127.0.0.1:8000.
  • Headers related to the client's real IP and forwarded information are passed for accurate logging and debugging.

• Timeouts:

  • Connection timeout is set to 30 seconds.
  • Read timeout is set to a maximum of 86400 seconds (24 hours).
  • Send timeout is set to 30 seconds.

• Cookie Security:

  • Ensures cookies are secure, HttpOnly, and have a SameSite attribute set to None for cross-site requests.

• Log Files:

  • Access and error logs are stored in /var/log/nginx/domain.com.log and /var/log/nginx/domain.com.error.log respectively.

SSL Configuration (Optional)

If you plan to use HTTPS, uncomment the listen 443 ssl line and add your SSL certificate paths:

ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/private.key;

This will secure the communication between clients and the server.

Reload Nginx

After updating the configuration, reload Nginx to apply changes:

sudo nginx -t  # Test the configuration for syntax errors
sudo systemctl reload nginx  # Reload Nginx with the new configuration

Ensure that your backend server (127.0.0.1:8000) is running and accessible for the proxy to function correctly.

Troubleshooting

• Logs: Check /var/log/nginx/domain.com.error.log for any issues related to Nginx configuration or connectivity.
• Access Denied: Ensure proper permissions for the Nginx log directory and SSL certificates.

This `.md` file explains the setup clearly and provides guidance on configuration adjustments.