Nginx

Port

server { # http (IPv4) listen 80; # https (IPv4) listen 443 ssl; # http/2 listen 443 ssl http2; # http (IPv6) listen [::]:80; # http (IPv6 only) listen [::]:80 ipv6only=on; # https (IPv6) listen [::]:443 ssl http2; }

Host

# default server { listen 443 ssl http2; server_name my-domain.com www.my-domain.com; } server { listen 443 ssl http2; server_name my-domain.net www.my-domain.net; } server { listen 443 ssl http2; server_name my-domain.org www.my-domain.org; }

Static assets

server { listen 443 ssl http2; server_name my-domain.com www.my-domain.com; root /var/www/my-website; index index.html; }

Redirection

# Redirection from my-domain.com to my-other-domain.com server { listen 443 ssl http2; server_name my-domain.com www.my-domain.com; return 301 https://my-other-domain.com$request_uri; } # Redirection from http to https server { listen 80; server_name my-domain.com www.my-domain.com; return 301 https://$host$request_uri; }

Reverse proxy

server { listen 443 ssl http2; server_name my-domain.com www.my-domain.com; location / { proxy_pass http://0.0.0.0:3000; } }

Load balancing

upstream my-backend { # default load balancing method: round-robin server backend1.example.com; server backend2.example.com; server backend3.example.com; } server { listen 443 ssl http2; server_name my-domain.com www.my-domain.com; location / { proxy_pass https://my-backend; } }

SSL

server { listen 443 ssl http2; server_name my-domain.com www.my-domain.com; ssl_certificate /my-path/my-cert.pem; ssl_certificate_key /my-path/my-private-key.pem; # OSCP stapling ssl_stapling on; ssl_stapling_verify on; # optimizations keepalive 70; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; }