Here are some historic notes on installing and configuring Nginx as a reverse proxy in front of Federated Wiki. These notes are from installing Federated Wiki on Digital Ocean.
These notes do not include details on setting up TLS, or getting certificates from Let's Encrypt. It is suggested that you will want to do both. How to do this can be found in the Nginx and Let's Encrypt documentation.
## Nginx Install
We will use Nginx as a reverse proxy in front of the Federated Wiki server.
* How to Install Nginx on Ubuntu 14.04 LTS tutorial
The tutorial walks you though installing Nginx, and the basics of managing the Nginx process.
We now need to configure Nginx to pass requests to the federated wiki software. tutorial
In `/etc/nginx/sites-available/default` we add
map $http_upgrade $connection_upgrade { default upgrade; '' close; }
before the `server` definition.
Following the tutorial, replace `example.com` with your domain name. This can contain a list, or wildcard, so that multiple names can be passed to the Wiki Farm. If for example I had registered the domain `example.wiki`, and wanted Federated Wiki sites to be any domain ending `example.wiki` I would use
server_name *.example.wiki;
if I also wanted a wiki site at `example.wiki` I would need to use
server_name example.wiki *.example.wiki;
We also need to use a slightly different location than that shown in the tutorial. Our modified server definition will look like that below:
server { listen 80; server_name example.wiki *.example.wiki; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:3000; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } }
We also add a default route, to catch any requests for HOSTs we do not recognise.
server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; server_name _; return 444; }
It is also good practice to not advertise which version of Nginx we are running. This is done by turning off server tokens. In `/etc/nginx/nginx.conf` uncomment the line `server_tokens off;`.
Restart Nginx:
sudo service nginx restart