Re: [Mojolicious] Nginx and Hypnotoad multiple apps and static files

[Rob Willett]

We have a few Mojo applications behind Nginx and we run them without any issues. 

We run Nginx on port 3000 and redirect to port 3001 OR 4,000 and redirect to 4001. These are all SSL connections as well. 

The config for our Nginx server is

server {

        listen 3000;

        server_name <<REDACTED URL>>;

        root html;

        index index.html index.htm;

        ssl on;

        ssl_certificate /etc/ssl/certs/SSL.crt;

        ssl_certificate_key /etc/ssl/private/server.key;

        ssl_session_timeout 5m;

        # ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; # NOTE WE REMOVE SSLv3

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

        ssl_prefer_server_ciphers on;

        ssl_dhparam /etc/ssl/private/dhparams.pem;

        location / {

                 proxy_set_header        Host $host;

                 proxy_set_header        X-Real-IP $remote_addr;

                 proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

                 proxy_set_header        X-Forwarded-Proto $scheme;

                 # Fix the “It appears that your reverse proxy set up is broken" error.

                 proxy_pass          http://127.0.0.1:3001;

                 proxy_read_timeout  90;

                 proxy_redirect      http://127.0.0.1:3001 https://<<REDACTED URL>>;

        }

}

This is pretty simple (as we're not very clever). This also passes the SSL checks to validate your SSL config (which is nice).

Rob

On Tue, Feb 14, 2017 at 7:14 PM, StarX <mje...@me.com> wrote:

Hi,

I know this has been asked many times and there are various posts addressing this but I'm struggling to find a concrete example, maybe my approach is wrong but I'd appreciate some help.

So, I have a number of mojo applicaitons, say app1, app2, appN, they all work great when I spin them up with hypnotoad on their own ports, app1 runs on 5000, app2 on 5001, appN 5..N.  Can I put all these seperate apps behind Nginx and have Nginx serve the js/css content from the public folder of each app on a single vhost? I have spent weeks trying to work this out so I may be on completely the wrong track. 

Here is my Nginx conf on my dev box:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
    
        # Root for stuff like default index.html
        root /var/www/html;




I've also looked at Toadfarm but I'm concerned about scalability, doesn't Toadfarm check each route until it finds a match?  If I have 15 mojo apps running how is this going to impact on performance?

--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+unsubscribe@googlegroups.com.
To post to this group, send email to mojol...@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.