This is explained in detail in the express behind the proxies guide By enabling the “trust proxy” setting via app.enable(‘trust proxy’), Express will have knowledge that it’s sitting behind a proxy and that the X-Forwarded-* header fields may be trusted, which otherwise may be easily spoofed. Enabling this setting has several subtle effects. The first … Read more
Your Nginx config is correct, you just miss few lines. Here is a “magic trio” making EventSource working through Nginx: proxy_set_header Connection ”; proxy_http_version 1.1; chunked_transfer_encoding off; Place them into location section and it should work. You may also need to add proxy_buffering off; proxy_cache off; That’s not an official way of doing it. I … Read more
As of Nginx 1.9.2 you can dump the Nginx config with the -T flag: -T — same as -t, but additionally dump configuration files to standard output (1.9.2). Source: http://nginx.org/en/docs/switches.html This is not the same as dumping for a specific process. If your Nginx is using a different config file, check the output for ps … Read more
Ok, guys this confusion is because of lack of detail from several sources, and the naming of these protocols, and what WSGI actually is. Summary: WSGI and uwsgi both ARE protocols, not servers. It is used to communicate with web servers for load balancing and especially to take advantage of extra features that pure HTTP … Read more
I’ll have to disagree with the answers here. While Node will do fine, nginx will most definitely be faster when configured correctly. nginx is implemented efficiently in C following a similar pattern (returning to a connection only when needed) with a tiny memory footprint. Moreover, it supports the sendfile syscall to serve those files which … Read more
You should give nginx permissions to read the file. That means you should give the user that runs the nginx process permissions to read the file. This user that runs the nginx process is configurable with the user directive in the nginx config, usually located somewhere on the top of nginx.conf: user www-data http://wiki.nginx.org/CoreModule#user The … Read more
They are not forbidden, it’s CGI legacy. See “Missing (disappearing) HTTP Headers”. If you do not explicitly set underscores_in_headers on;, nginx will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables, as both dashes and … Read more
It doesn’t just force your browser to redirect HTTP to HTTPS. It also sets your cookies to be marked “secure”, and it enables HSTS, each of which are very good protections against SSL stripping. Even though HTTPS protects your app at “https://example.com/yourapp” against MITM attacks, if someone gets between your client and your server they … Read more
It depends. Out of the box, putting nginx in front as a reverse proxy is going to give you: Access logs Error logs Easy SSL termination SPDY support gzip support Easy ways to set HTTP headers for certain routes in a couple of lines Very fast static asset serving (if you’re serving off S3/etc. though, … Read more
I think the proxy_set_header directive could help: location / { proxy_pass http://my_app_upstream; proxy_set_header Host $host; # … }