Overview
/etc/nginx/nginx.conf
...
...
Applicaion 서버 conf 설정
특정포트에서 ICE4를 실행하는 경우 conf파일을 생성하여 특정포트와 도메인을 80포트에 연결해야함
443(https)를 사용하기 위해서는 SSL 인증서 등록이 필요
Config File 생성
...
vi /etc/nginx/nginx.conf. This is where you can change settings like the user that runs the Nginx daemon processes, and the number of worker processes that get spawned when Nginx is running, among other things.
Create nginx.conf
Location
Linux: /etc/nginx/nginx.conf
AWS: /home/ec2-user/nginx/nginx.conf
Process
Create nginx directory(Path: /home/ec2-user/nginx)
mkdir nginx && chmod 775 -R nginx
Create nginx.conf file (Path: /home/ec2-user/nginx/nginx.conf)
vi nginx.conf
press i to insert information
Attache below information
press esc to exit edit
write :wq to sava and exit
Optimization
AWS t2.large spec: CPU 2 core, RAM 8 GB
...
worker_processes 2;
Ram up to 8GB
worker_rlimit_nofile 8192;
worker_priority: Range: -10 ~ 20
worker_priority 0;
Simultaneous connection
conf.d/api.conf
server_name: 도메인
proxy_pass: 서버내 어플리케이션 실행하는 포트번호
| Expand |
|---|
|
| Code Block |
|---|
server {
listen 80 ;
server_name api.justten.io;
charset utf-8;
rewrite_log on;
client_max_body_size 50M;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 10s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
send_timeout 10s;
}
} |
|
...
Http / Https 설정
브라우저 접근 시 Http / Https 중 설정하고자 하는 정책을 결정
80 port(Http) 통신만 사용
80(Http) & 443(https)을 동시에 사용
[Recommend] https만 사용, 80(http)포트 접속시 443(https)으로 redirect 설정
80 port(Http) 만 사용하는 경우
| Expand |
|---|
|
| Code Block |
|---|
server {
listen 80 ;
server_name api.justten.io;
charset utf-8;
rewrite_log on;
client_max_body_size 50M;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
} |
|
80(Http) & 443(https) 포트 동시 사용
attached listen 443; blow 80 port.
| Expand |
|---|
|
| Code Block |
|---|
server {
listen 80;
listen 443;
server_name api.justten.io;
charset utf-8;
rewrite_log on;
client_max_body_size 50M;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
} |
|
https만 사용 → 80(http)포트 접속시 443(https)으로 redirect 설정
To redirect 443 port from 80, attach blow on nignx.conf:
| Expand |
|---|
|
| Code Block |
|---|
server {
listen 80;
listen 443;
server_name api.justten.io;
charset utf-8;
rewrite_log on;
client_max_body_size 50M;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
if ($http_x_forwarded_proto = "http") {
return 301 https://$server_name$request_uri;
}
} |
|