"Better" nginx configuration.

1) Use "review" subdomain instead of "reviews" to be consistent with rest of the documentation. 2) Remove "/r/" from proxy_pass, because it isn't needed. 3) Remove "X-Real-IP" header, because it's ignored by Jetty anyway. 4) Use $remote_addr in "X-Forwarder-For". $proxy_add_x_forwarded_for isn't secure, because it is based on client's input and should be used only internally in proxy chains and not on the edge. 5) Use $host variable instead of $http_host, to make it work with HTTP/1.0 requests. Change-Id: I01755e860e32f67469091b4f2b8368ee9a2cea89 Signed-off-by: Piotr Sikora <piotr.sikora@frickle.com>
2011-04-13 17:11:18 +00:00
parent 624f447d4c
commit 2e6a4ae7b2
1 changed files with 5 additions and 5 deletions
--- a/Documentation/config-reverseproxy.txt
+++ b/Documentation/config-reverseproxy.txt
@@ -89,13 +89,12 @@ as this one:
 ----
 	server {
 	  listen 80;
-	  server_name reviews.example.com;
+	  server_name review.example.com;

 	  location /r/ {
-	    proxy_pass       http://127.0.0.1:8081/r/;
-	    proxy_set_header X-Real-IP        $remote_addr;
-	    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
-	    proxy_set_header Host             $http_host;
+	    proxy_pass        http://127.0.0.1:8081;
+	    proxy_set_header  X-Forwarded-For $remote_addr;
+	    proxy_set_header  Host $host;
 	  }
 	}
 ----
@@ -110,6 +109,7 @@ the SSL engine in the Nginx server statement:
 ----
 	server {
 	  listen 443;
+	  server_name review.example.com;

 	  ssl  on;
 	  ssl_certificate      conf/server.crt;