Answer the question
In order to leave comments, you need to log in
Answer the question
In order to leave comments, you need to log in
No problem. Nginx can do this sort of thing by proxying from different DNS to a target IP address with different services. There are at least 2 options for using Nginx for this purpose:
1. Reverse proxy to local IP addresses;
2. Reverse proxy on UNIX socket.
Using Nginx, you can split your forums, for example, into different subdomains.
Let's say you lease the mydisc.com domain and you want one forum (service) to be on foo .mydisc.com and the other one on bar .mydisc.com. Let's also assume that you already rent a VPS with a dedicated IP (let it be 11.22.33.44).
Let's also assume that you have already created your domains and linked them to your VPS.
Then a configuration file is created in Nginx (simplified):
user sample;
worker_processes 4;
http {
include mime.types;
...
# если используете HTTPS - подключаете строки ниже:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_buffer_size 6k;
# здесь рекурсивно подключаете все свои сервисы
include /etc/nginx/servers-enabled/*;
}
upstream foo {
# здесь есть 2 способа проксировать своё приложение: UNIX-сокет (puma умеет такое делать)...
server unix:/srv/http/foo/shared/sockets/puma.sock fail_timeout=0;
# ... или адрес:
server 127.0.0.1:9292 fail_timeout=0;
}
server {
listen 80;
server_name foo.mydisc.com;
# если используете HTTPS - редирект
return https://foo.mydisc.com$request_uri;
}
server {
listen 443 ssl http2;
server_name foo.mydisc.com;
root /srv/http/foo/public;
ssl_certificate /etc/certs/mycert/fullchain.pem;
ssl_certificate /etc/certs/mycert/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security 'max-age=1209600'; # HSTS на 1 год
location {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass http://foo;
}
location ~ ^/(assets|fonts|system)/|favicon.ico|robots.txt { # папка с ассетами
gzip_static on;
expires max;
add_header Cache-Control public;
}
# можете настроить под себя
# error_page 500 502 503 504 /500.html;
# client_max_body_size 4G;
# keepalive_timeout 70;
}
upstream bar {
# здесь есть 2 способа проксировать своё приложение: UNIX-сокет (puma умеет такое делать)...
server unix:/srv/http/bar/shared/sockets/puma.sock fail_timeout=0;
# ... или адрес:
server 127.0.0.1:<b>9393</b> fail_timeout=0;
}
server {
listen 80;
server_name bar.mydisc.com;
# если используете HTTPS - редиректите
return https://bar.mydisc.com$request_uri;
}
server {
listen 443 ssl http2;
server_name bar.mydisc.com;
root /srv/http/bar/public;
ssl_certificate /etc/certs/mycert/fullchain.pem;
ssl_certificate /etc/certs/mycert/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security 'max-age=1209600'; # HSTS на 1 год
location {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass http://bar;
}
location ~ ^/(assets|fonts|system)/|favicon.ico|robots.txt { # папка с ассетами
gzip_static on;
expires max;
add_header Cache-Control public;
}
# можете настроить под себя
# error_page 500 502 503 504 /500.html;
# client_max_body_size 4G;
# keepalive_timeout 70;
}
ln -s ../servers-available/foo .
ln -s ../servers-available/bar .
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question