1. Install on CentOS 7
a. Install Nginx
yum install nginx
setsebool -P httpd_can_network_connect true
systemctl enable nginx
systemctl start nginx
b. Install Certbot Let’s Encrypt SSL
yum install epel-release
yum install certbot-nginx
2. Install On Ubuntu
sudo add-apt-repository ppa:nginx/stable
sudo apt install certbot python3-certbot-nginx nginx
3. Get SSL for domain
certbot --nginx -d <domain>
4. Config auto renew SSL
0 0 * * * /usr/bin/certbot renew --quiet
5. Config proxy
events {
...
worker_connections 4096;
...
}
http {
...
client_max_body_size 1024M;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
server_tokens on;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
...
}
server {
server_name trankhanhtoan.com;
location / {
proxy_pass http://192.168.0.84:30020;
}
}
server {
server_name example.com;
root /var/www/example.com;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
6. Configure Nginx as a Load Balancer
upstream backend_servers {
server 10.0.0.1:8000;
server 10.0.0.2:8000;
}
server {
server_name example.com;
location / {
proxy_pass http://backend_servers;
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Nginx-Upstream-LB-Method least_conn;
}
}