Skip to content

Commit

Permalink
adding documentation for forcing ssl and for nextjs (heroku#68)
Browse files Browse the repository at this point in the history
  • Loading branch information
niedfelj authored Oct 29, 2020
1 parent 53b03b0 commit e95211d
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 0 deletions.
46 changes: 46 additions & 0 deletions config/nginx-nextjs-with-forcessl.conf.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
daemon off;
#Heroku dynos have at least 4 cores.
worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>;

events {
use epoll;
accept_mutex on;
worker_connections <%= ENV['NGINX_WORKER_CONNECTIONS'] || 1024 %>;
}

http {
gzip on;
gzip_comp_level 2;
gzip_min_length 512;

server_tokens off;

log_format l2met 'measure#nginx.service=$request_time request_id=$http_x_request_id';
access_log <%= ENV['NGINX_ACCESS_LOG_PATH'] || 'logs/nginx/access.log' %> l2met;
error_log <%= ENV['NGINX_ERROR_LOG_PATH'] || 'logs/nginx/error.log' %>;

include mime.types;
default_type application/octet-stream;
sendfile on;

#Must read the body in 5 seconds.
client_body_timeout 5;

server {
listen <%= ENV["PORT"] %>;
server_name _;
keepalive_timeout 5;

location / {

if ($http_x_forwarded_proto != "https") {
return 301 https://$host$request_uri;
}

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:3000; #next serve listens here and receives nginx requests
}
}
}
5 changes: 5 additions & 0 deletions config/nginx.conf.erb
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@ http {
keepalive_timeout 5;

location / {
# Uncomment this if statement to force SSL/redirect http -> https
#if ($http_x_forwarded_proto != "https") {
# return 301 https://$host$request_uri;
#}

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
Expand Down
10 changes: 10 additions & 0 deletions readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,16 @@ $ heroku config:set NGINX_WORKER_CONNECTIONS=2048

You can provide your own NGINX config by creating a file named `nginx.conf.erb` in the config directory of your app. Start by copying the buildpack's [default config file](config/nginx.conf.erb).

### Force SSL

You can add a redirect/force SSL based on Heroku headers. Full, commented example in the [default config file](config/nginx.conf.erb) or in the [nextjs with forceSSL config file](config/nginx-nextjs-with-forcessl.conf.erb).

```
if ($http_x_forwarded_proto != "https") {
return 301 https://$host$request_uri;
}
```

### Customizable NGINX Compile Options

This requires a clone of this repository and [Docker](https://www.docker.com/). All you need to do is have Docker setup and running on your machine. The [`Makefile`](Makefile) will take care of the rest.
Expand Down

0 comments on commit e95211d

Please sign in to comment.