...
Applicaion 서버 conf 설정
특정포트에서 ICE4를 실행하는 경우 conf파일을 생성하여 특정포트와 도메인을 80포트에 연결해야함
443(https)를 사용하기 위해서는 SSL 인증서 등록이 필요
Config File 생성
vi /etc/nginx/conf.d/api.conf
...
| Expand |
|---|
|
| Code Block |
|---|
server {
listen 80 ;
server_name api.justten.io;
charset utf-8;
rewrite_log on;
client_max_body_size 50M;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 10s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
send_timeout 10s;
}
} |
|
...
Http / Https 설정
브라우저 접근 시 Http / Https 중 설정하고자 하는 정책을 결정
80 port(Http) 통신만 사용
80(Http) & 443(https)을 동시에 사용
[Recommend] https만 사용, 80(http)포트 접속시 443(https)으로 redirect 설정
80 port(Http) 만 사용하는 경우
| Expand |
|---|
|
| Code Block |
|---|
server {
listen 80 ;
server_name api.justten.io;
charset utf-8;
rewrite_log on;
client_max_body_size 50M;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
} |
|
80(Http) & 443(https) 포트 동시 사용
attached listen 443; blow 80 port.
| Expand |
|---|
|
| Code Block |
|---|
server {
listen 80;
listen 443;
server_name api.justten.io;
charset utf-8;
rewrite_log on;
client_max_body_size 50M;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
} |
|
https만 사용 → 80(http)포트 접속시 443(https)으로 redirect 설정
To redirect 443 port from 80, attach blow on nignx.conf:
| Expand |
|---|
|
| Code Block |
|---|
server {
listen 80;
listen 443;
server_name api.justten.io;
charset utf-8;
rewrite_log on;
client_max_body_size 50M;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
if ($http_x_forwarded_proto = "http") {
return 301 https://$server_name$request_uri;
}
} |
|
...
Http2 적용
Attach http2 on config file(path: /home/ec2-user/nginx/conf.d/jenkins.conf/)
...
AWS ACM 사용시: listen 443 http2
...
설정 여부 확인
https://tools.keycdn.com/http2-test
...
Reference
Install Http2 as a nginx latest version
https://ma.ttias.be/enable-http2-in-nginx/
HTTP/1.1 vs HTTP/2 비교
https://www.digitalocean.com/community/tutorials/http-1-1-vs-http-2-what-s-the-difference
...