LINUX, NGINX, SERVERBLOCKS, SERVER, HTTP, HTTPS, PROXY, SSL, CERTIFICATES, REVERSEPROXY

Useful Nginx Server Blocks

In the past weeks, I set up some different web servers with Nginx. Nginx is more lightweight and easier to handle than Apache2.

There are a lot of different uses for web servers. Some are reverse proxy, HTTPS, static sites, clouds, or PHP. In this article, I want to share my experiences with different server blocks for some of these cases. It’s basically more of a little wiki.

Redirect www to non-www Traffic

This solution works for any subdomain. You can also adjust the server_name to redirect from non-www to www traffic.

# redirect all www to non-www traffic server { listen 443 ssl; listen [::]:443 ssl; server_name www.example.com; ssl_certificate /path/to/certificate.pem; ssl_certificate_key /path/to/certificate.pem; return 301 https://example.com$request_uri; }

Redirect Http to Https Traffic 

# redirect all http to https traffic server { listen 80; listen [::]:80; # the underscore is a wildcard for every server name server_name _; return 301 https://$host$request_uri; }

SSL Optimization

This server block is 90% based on this article about optimizing your HTTPS server block. It also explains what every line is doing.

ssl on; ssl_session_cache shared:SSL:20m; ssl_session_timeout 120m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5; ssl_dhparam /etc/nginx/cert/dhparam.pem; ssl_stapling on; ssl_stapling_verify on;

Serving Static Files with SSL 

server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name example.com; # include SSL custom settings for more safety and faster loading # optional (see chapter 'SSL optimization') #include /path/to/ssl/optimization.conf; ssl_certificate /path/to/certificate.pem; ssl_certificate_key /path/to/certificate.pem; # path to root directory for your files root /var/www/homepage; # paths for custom index and error pages (optional) # error_page 404 404.html; # index index.html; # deny all requests for any access files location ~ /\.ht { deny all; } # try to serve files, otherwise show 404 page location / { try_files $uri $uri/ =404; } }

Reverse Proxy for large File-Transfer

I struggled a lot when using a reverse proxy for large file transfers, for example when setting up a cloud (like NextCloud) behind a reverse proxy.
These are my recommended settings, which caused the least problems.

server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name example.com; # include SSL custom settings for more safety and faster loading # optional (see chapter 'SSL optimization') #include /path/to/ssl/optimization.conf; ssl_certificate /path/to/certificate.pem; ssl_certificate_key /path/to/certificate.pem; # zero means unlimited. You can upload any file size you want client_max_body_size 0; underscores_in_headers on; location ~ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Accept-Encoding ""; proxy_set_header Proxy_Connection $http_connection; resolver 8.8.8.8; proxy_headers_hash_max_size 512; proxy_headers_hash_bucket_size 64; add_header Front-End-Https on; proxy_redirect off; proxy_buffering off; proxy_max_temp_file_size 0; proxy_pass http://domaintopass.com; } }