Nginx Configuration

Nginx Configuration

Nginx will act as a reverse-proxy and redirect users requests that come through port 443 to the correct destinations.

1. Nginx configuration file can be edited using the following command:

   vim/etc/nginx/sites-enabled/default

2. Search for the server bracket that is listening to port 443. Certbot configuration can be found here.

3. Edit and add the locations to redirect traffic. For Tomcat:

   # Default server configuration
   #
   server {
       listen 80 default_server;
       listen [::]:80 default_server;
   
       root /var/www/html;
   
       # Add index.php to the list if you are using PHP
       index index.html index.htm index.nginx-debian.html;
   
       server_name _;
   
       location / {
               # First attempt to serve request as file, then
               # as directory, then fall back to displaying a 404.
               try_files $uri $uri/ =404;
       }
   }
   
   server {
           listen 80;  # Redirect from HTTP to HTTPS
           server_name  dev.zwe-wfa.psidigital.org;  # domain
   
           return 301 https://$host$request_uri;  # redirect
       }
   
   server {
       listen 443 ssl;
       server_name 3.130.224.234; # TODO: do we need another domain.
   
       location / {
           proxy_pass http://localhost:8080;
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $scheme;
       }
   
       ssl_certificate /etc/letsencrypt/live/dev.zwe-wfa.psidigital.org/fullchain.pem; # managed by Certbot
       ssl_certificate_key /etc/letsencrypt/live/dev.zwe-wfa.psidigital.org/privkey.pem; # managed by Certbot
       include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
       ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
   }
   
   server {
       root /var/www/html;
   
       # Add index.php to the list if you are using PHP
       index index.html index.htm index.nginx-debian.html;
       # server_name dev.zwe-wfa.psidigital.org; # managed by Certbot
       server_name  dev.zwe-wfa.psidigital.org;  # domain
   
       location / {
           rewrite ^/(.*)$ /wfa/$1 break;
           proxy_pass http://localhost:8080;  # redirect to  WFA
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $scheme;
       }
   
   
       listen [::]:443 ssl ipv6only=on; # managed by Certbot
       listen 443 ssl; # managed by Certbot
       ssl_certificate /etc/letsencrypt/live/dev.zwe-wfa.psidigital.org/fullchain.pem; # managed by Certbot
       ssl_certificate_key /etc/letsencrypt/live/dev.zwe-wfa.psidigital.org/privkey.pem; # managed by Certbot
       include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
       ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
   }
   
   server {
       if ($host = dev.zwe-wfa.psidigital.org) {
           return 301 https://$host$request_uri;
       } # managed by Certbot
   
   
       listen 80 ;
       listen [::]:80 ;
       #server_name dev.zwe-wfa.psidigital.org;
       server_name dev.zwe-wfa.psidigital.org;  # domain
       return 404; # managed by Certbot
   }
   

systemctl restart nginx