[elixir! 50] 使用 nginx 爲 phoenix 應用作 https 轉發
安裝 nginx 以後, 將 /etc/nginx/nginx.conf 修改爲:html
# extract Phoenix app upstream for better readability
upstream myapp {
server localhost:34567;
}
# hide server information
http {
server_tokens off;
}
# redirect all http requests to https
# and also listen on IPv6 addresses
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name myapp.com www.myapp.com;
return 301 https://$server_name$request_uri;
}
# the main server directive for ssl connections
# where we also use http2 (see asset delivery)
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name myapp.com www.myapp.com;
# paths to certificate and key provided by Let's Encrypt
ssl_certificate /etc/letsencrypt/live/myapp.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myapp.com/privkey.pem;
# SSL settings that currently offer good results in the SSL check
# and have a reasonable backwards-compatibility, taken from
# - https://cipherli.st/
# - https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# security enhancements
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# Let's Encrypt keeps its files here
location ~ /.well-known {
root /var/www/html;
allow all;
}
# besides referencing the extracted upstream this stays the same
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_redirect off;
proxy_pass http://myapp;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
保存後運行 sudo service nginx reload 便可.nginx
注意 nginx 會自動忽略帶有下劃線 _ 的 http headers. 因此儘可能使用 X-My-Header 來定義 headers.bash
相關文章
- 1. 使用 edeliver 部署 Elixir 應用程序
- 2. phoenix elixir 框架簡單試用
- 3. Elixir Plug: 使用Plug開發Web應用程序
- 4. [elixir! #0036]關於 elixir 應用的配置
- 5. 網站轉爲https協議,蘋果商店應用轉爲https協議總結
- 6. nginx https 轉發
- 7. 使用nginx(https)爲tomcat(http)作反向代理
- 8. 【ELIXIR】struct的應用
- 9. 使用nginx搭建https服務器 (轉)
- 10. 爲何要用elixir編寫併發應用
- 更多相關文章...
- • 爲什麼使用 Web Services? - Web Services 教程
- • 爲什麼使用 XML Schemas? - XML Schema 教程
- • Composer 安裝與使用
- • 使用Rxjava計算圓周率
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. python的安裝和Hello,World編寫
- 2. 重磅解讀:K8s Cluster Autoscaler模塊及對應華爲雲插件Deep Dive
- 3. 鴻蒙學習筆記2(永不斷更)
- 4. static關鍵字 和構造代碼塊
- 5. JVM筆記
- 6. 無法啓動 C/C++ 語言服務器。IntelliSense 功能將被禁用。錯誤: Missing binary at c:\Users\MSI-NB\.vscode\extensions\ms-vsc
- 7. 【Hive】Hive返回碼狀態含義
- 8. Java樹形結構遞歸(以時間換空間)和非遞歸(以空間換時間)
- 9. 數據預處理---缺失值
- 10. 都要2021年了,現代C++有什麼值得我們學習的?
歡迎關注本站公眾號,獲取更多信息
