Skip to content

Instantly share code, notes, and snippets.

@elfefe

elfefe/Nginx-generate_certificates.md

Created June 15, 2023 18:14
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save elfefe/e53e2e1ef5dbb8301bbcb8d0aa03224d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save elfefe/e53e2e1ef5dbb8301bbcb8d0aa03224d to your computer and use it in GitHub Desktop.
Download ZIP
Nginx - Reverse proxy
Raw
Nginx-generate_certificates.md

Generate your certificates using certbot with the following command:

sudo certbot --nginx -d your-server-name.com -d www.your-server-name.com
Raw
Nginx-reverse_proxy.md

In /etc/nginx/sites-available/default write the following:

Replace your-server-name.com with the corresponding dns and 8080 with your local server port.

server {

	root /var/www/html;
	index index.html;

	server_name your-server-name.com;

	# websocket to server
	# user connects to "ws://your-server-name:80/ws"
	location ~ /ws {
  # Assuming your server is on 8080
		set $backend http://127.0.0.1:8080
		proxy_pass $backend;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/your-server-name.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your-server-name.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = your-server-name.com
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen 80 default_server;
	listen [::]:80 default_server;

	server_name your-server-name.com
    return 404; # managed by Certbot


}
Raw
Nginx-webgl_reverse_proxy.md

In /etc/nginx/sites-available/default write the following:

Replace your-server-name.com with the corresponding dns and 8080 with your local server port.

# This is an example setup for using welgl and websocket with Nginx

# This file contains http setup, Use cert bot to automatically edit this config

server {

	root /var/www/html;
	index index.html;

	server_name your-server-name.com;

	# webgl files
	location /game {
		try_files $uri $uri/ =404;
	}

	# websocket to game server
	# user connects to "ws://your-server-name.com:80/ws"
	location ~ /ws {
		set $backend http://127.0.0.1:7777;
		proxy_pass $backend;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}

	# On-disk Brotli-precompressed data files should be served with compression enabled:
	location ~ .+\.(data|symbols\.json)\.br$ {
		# Because this file is already pre-compressed on disk, disable the on-demand compression on it.
		# Otherwise nginx would attempt double compression.
		gzip off;
		add_header Content-Encoding br;
		default_type application/octet-stream;
	}

	# On-disk Brotli-precompressed JavaScript code files:
	location ~ .+\.js\.br$ {
		gzip off; # Do not attempt dynamic gzip compression on an already compressed file
		add_header Content-Encoding br;
		default_type application/javascript;
	}

	# On-disk Brotli-precompressed WebAssembly files:
	location ~ .+\.wasm\.br$ {
		gzip off; # Do not attempt dynamic gzip compression on an already compressed file
		add_header Content-Encoding br;
		# Enable streaming WebAssembly compilation by specifying the correct MIME type for
		# Wasm files.
		default_type application/wasm;
	}

	# On-disk gzip-precompressed data files should be served with compression enabled:
	location ~ .+\.(data|symbols\.json)\.gz$ {
		gzip off; # Do not attempt dynamic gzip compression on an already compressed file
		add_header Content-Encoding gzip;
		default_type application/gzip;
	}

	# On-disk gzip-precompressed JavaScript code files:
	location ~ .+\.js\.gz$ {
		gzip off; # Do not attempt dynamic gzip compression on an already compressed file
		add_header Content-Encoding gzip; # The correct MIME type here would be application/octet-stream, but due to Safari bug https://bugs.webkit.org/show_bug.cgi?id=247421, it's preferable to use MIME Type application/gzip instead.
		default_type application/javascript;
	}

	# On-disk gzip-precompressed WebAssembly files:
	location ~ .+\.wasm\.gz$ {
		gzip off; # Do not attempt dynamic gzip compression on an already compressed file
		add_header Content-Encoding gzip;
		# Enable streaming WebAssembly compilation by specifying the correct MIME type for
		# Wasm files.
		default_type application/wasm;
	}

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/your-server-name.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your-server-name.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = your-server-name.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen 80 default_server;
	listen [::]:80 default_server;

	server_name your-server-name.com;
    return 404; # managed by Certbot


}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment