Created
March 27, 2012 22:22
-
-
Save Overbryd/2220961 to your computer and use it in GitHub Desktop.
Nginx configuration for a CouchDB reverse proxy, also very useful for hosting CouchApps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| worker_processes 4; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| default_type application/octet-stream; | |
| log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
| '$status $body_bytes_sent "$http_referer" ' | |
| '"$http_user_agent" "$http_x_forwarded_for"'; | |
| access_log logs/access.log; | |
| gzip on; | |
| gzip_buffers 16 8k; | |
| server { | |
| listen 443; | |
| server_name localhost; | |
| charset utf8; | |
| auth_basic "Restricted"; | |
| auth_basic_user_file passwd; | |
| location / { | |
| set $base_uri ""; | |
| set $required_request_method GET; | |
| # With a bunch of if statements you can define routes | |
| # If you want to be very strict, use $required_request_method too. | |
| # | |
| # if ( $request_uri ~ ^/(allowed_views|go|here) ) { | |
| # set $base_uri /database/_design/document/_view/$request_uri?$args | |
| # } | |
| # | |
| # if ( $request_uri = /database ) { | |
| # set $required_request_method POST; | |
| # } | |
| if ( $request_method != $required_request_method ) { | |
| return 405; | |
| } | |
| if ( $base_uri = "" ) { | |
| return 404; | |
| } | |
| proxy_pass http://127.0.0.1:5984$base_uri; | |
| proxy_redirect off; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Ssl on; | |
| proxy_set_header Authorization ""; # CouchDB is setup without basic auth | |
| # proxy_buffering off; # buffering would break CouchDB's _changes feed | |
| } | |
| ssl on; | |
| ssl_certificate cert.pem; | |
| ssl_certificate_key cert.key; | |
| ssl_session_timeout 5m; | |
| ssl_protocols SSLv2 SSLv3 TLSv1; | |
| ssl_ciphers HIGH:!aNULL:!MD5; | |
| ssl_prefer_server_ciphers on; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generate yourself a self signed certificate for the configuration above | |
| openssl genrsa -des3 -out cert.key.pass 2048 | |
| openssl rsa -in cert.key.pass -out cert.key | |
| openssl req -new -key cert.key -out cert.csr | |
| openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out cert.pem | |
| # Generate a basic htpasswd file for the configuration above | |
| htpasswd -c passwd username |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment