Nginx Configuration
| Note |
|---|
It is recommended to install the SSL certificate using Certbot before going through this section of the configuration. |
Nginx will act as a reverse-proxy and redirect users requests that come through port 443 to the correct destinations.
Nginx configuration file can be edited using the following command:
Code Block vim/etc/nginx/sites-enabled/defaultSearch for the server bracket that is listening to port 443. Certbot configuration can be found here.
Edit and add the locations to redirect traffic. For Tomcat:
Code Block # Default server configuration # server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } } server { listen 80; # Redirect from HTTP to HTTPS server_name dev.zwe-wfa.psidigital.org; # domain return 301 https://$host$request_uri; # redirect } server { listen 443 ssl; server_name 3.130.224.234; # TODO: do we need another domain. location / { proxy_pass http://localhost:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } ssl_certificate /etc/letsencrypt/live/dev.zwe-wfa.psidigital.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/dev.zwe-wfa.psidigital.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; # server_name dev.zwe-wfa.psidigital.org; # managed by Certbot server_name dev.zwe-wfa.psidigital.org; # domain location / { rewrite ^/(.*)$ /wfa/$1 break; proxy_pass http://localhost:8080; # redirect to WFA proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/dev.zwe-wfa.psidigital.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/dev.zwe-wfa.psidigital.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = dev.zwe-wfa.psidigital.org) { return 301 https://$host$request_uri; } # managed by Certbot listen 80 ; listen [::]:80 ; #server_name dev.zwe-wfa.psidigital.org; server_name dev.zwe-wfa.psidigital.org; # domain return 404; # managed by Certbot }
Remember that after any modification to a nginx configuration file, its is required to restart the service.
| Code Block |
|---|
systemctl restart nginx |