-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf
73 lines (57 loc) · 2.79 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# Start by defining an upstream to send requests to. This helps organization.
upstream netlify {
# Make sure to add the port after the server name, because nginx won't do this
# automatically, even if proxying to a https target.
server marketing.plural.sh:443;
}
# Make sure nginx can resolve the netlify domain correctly
resolver 1.1.1.1 8.8.8.8 8.8.4.4;
server {
listen 8080;
# The server name of our primary domain. Note that this configuration will be used for
# both the old _and_ the new website.
server_name www.plural.sh;
# This named location is only routed internally, and will proxy any requests to the
# netlify upstream with the proper configuration set.
location @netlify {
# Note the "https" here, making sure the request is re-encrypted
proxy_pass https://marketing.plural.sh;
# # Set the host header of our current request (probably www.domain.com). We want to
# # forward that to the upstream, so they can properly route the request.
# proxy_set_header Host $host;
# # Setting these is good faith
# proxy_set_header X-Real-Ip $remote_addr;
# proxy_set_header X-Forwarded-For $remote_addr;
# proxy_set_header X-Forwarded-Proto https;
# # Disable SSL verification: As we don't own the Webflow upstream, we can't keep
# # track of their certificate. We trust their upstream anyway, so if they went rogue,
# # we couldn't do anything about it otherwise, either.
# proxy_ssl_verify off;
# Reuse SSL sessions: This prevents having to perform a separate SSL handshake for
# every single request, but pool connections instead.
# proxy_ssl_session_reuse on;
# # SSL server name: This is the crucial bit. During SNI (server name identification),
# # nginx uses the name of the upstream by default, which would be Webflow's
# # proxy-ssl.webflow.com in our case. Here, we enable manual ambiguation.
# proxy_ssl_server_name on;
# # Set the actual SNI name to send: Here, we use our Host header value instead, so
# # the request can be identified on the Webflow origin server.
# proxy_ssl_name $host;
# proxy_ssl_protocols TLSv1.2;
# proxy_ssl_ciphers HIGH:!aNULL:!MD5;
}
location = /__health {
access_log off;
add_header 'Content-Type' 'text/plain';
return 200 "healthy\n";
}
location = /robots.txt {
root /usr/share/nginx/html;
add_header Content-Type text/plain;
}
# This block matches all requests for the homepage (eg. a single "/"), and forwards them
# to the netlify named location.
location ~* /.* {
try_files /dev/null @netlify;
}
}