Let’s say one of your micro services is running on http://localhost:3000
If you already have a nginx service running on the server, create a server block like this:
1
| vim /etc/nginx/sites-available/domain.com.conf
|
Grab this content to paste in:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| server {
server_name domain.com;
root /var/www/html;
index index.html;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
|
For more advanced (more so production ready) configuration, use below instead:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
| server {
server_name domain.com;
root /var/www/html;
index index.html;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
if ($request_uri ~* ".(ico|css|js|gif|jpe?g|png)$") {
expires 30d;
access_log off;
add_header Pragma public;
add_header Cache-Control "public";
break;
}
}
client_max_body_size 50M;
keepalive_timeout 65s;
keepalive_requests 1000;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
error_log off;
access_log off;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied any;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/x-javascript
application/xml
application/xml+rss
application/vnd.ms-fontobject
font/eot
font/opentype
font/otf
application/font-woff
application/font-otf
application/font-ttf
application/x-font-opentype
application/x-font-truetype
application/x-font-woff
application/x-font-otf
application/x-font-ttf
image/svg+xml
image/x-icon
image/vnd.microsoft.icon;
}
|
Make a link of the config file:
1
| sudo ln -s /etc/nginx/sites-available/domain.com.conf /etc/nginx/sites-enabled/
|
Or in nginx v14+, just create the .conf file inside the conf.d directory then you are good to go.
Check the validity of your config file with this command
Now that it went well, you will be able to see your public domain will be showing your landing page or something like that.
It’s time to secure your service with Let’s Encrypt (Let’s just assume that the server is running Ubuntu 18.04 Bionic for simplicity):
1
2
3
4
5
6
7
| apt-get update
apt-get install software-properties-common
add-apt-repository universe
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot python-certbot-nginx
certbot --nginx
|
Now, you will have to configure a cron job for auto-renewing the received certificates.
1
2
| certbot renew --dry-run
crontab -e
|
Grab this code followed by an empty line
1
| 0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew
|
It seems you did an awesome job! 😉
A Bonus Tip: Nginx Purging - Right Way
1
| apt purge nginx nginx-common nginx-full
|
On CentOS 7/8, you need to configure SELinux as well like so:
1
| setsebool -P httpd_can_network_connect on
|
Happy networking! 😎