Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

443(https)를 사용하기 위해서는 SSL 인증서 등록이 필요

Config File 생성

  • Backend: core.conf

  • BackOffice: admin.conf

  • FrontOffice: web.conf

vi /etc/nginx/conf.d/apicore.conf

  • server_name: 도메인

  • proxy_pass: {Domain}:{Port}

    • 서버내 어플리케이션 실행하는 포트번호

Expand
titleapicore.conf
Code Block
server {
    listen       80 ;
    server_name  api.justten.io;
    charset utf-8;
    rewrite_log  on;
    client_max_body_size 50M;
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_connect_timeout 10s;
        proxy_send_timeout 10s;
        proxy_read_timeout 10s;
        send_timeout 10s;
    }

}

...

  • 80 port(Http) 통신만 사용

  • 80(Http) & 443(https)을 동시에 사용

  • [Recommend] https만 사용, 80(http)포트 접속시 443(https)으로 redirect 설정

    • https가 보안 및 http2 적용시 병렬처리 가능하여 성능 개선

...

80 port(Http) 만 사용하는 경우

Expand
titlejenkinscore.conf
Code Block
server {
    listen       80 ;
    server_name  api.justten.io;
    charset utf-8;
    rewrite_log  on;
    client_max_body_size 50M;
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_connect_timeout 300;
        proxy_send_timeout 300;
        proxy_read_timeout 300;
        send_timeout 300;
    }

}

...

attached listen 443; blow 80 port.

Expand
titlejenkinscore.conf
Code Block
server {
    listen       80;
    listen       443;
    server_name  api.justten.io;
    charset utf-8;
    rewrite_log  on;
    client_max_body_size 50M;
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_connect_timeout 300;
        proxy_send_timeout 300;
        proxy_read_timeout 300;
        send_timeout 300;
    }

}

...

To redirect 443 port from 80, attach blow on nignx.conf:

Expand
titlejenkinscore.conf
Code Block
server {
    listen       80;
    listen       443;
    server_name  api.justten.io;
    charset utf-8;
    rewrite_log  on;
    client_max_body_size 50M;
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_connect_timeout 300;
        proxy_send_timeout 300;
        proxy_read_timeout 300;
        send_timeout 300;
    }

    if ($http_x_forwarded_proto = "http") {
        return    301 https://$server_name$request_uri;
    }

}

...