nginx Proxy
When Webman needs to provide direct access from the public internet, it is recommended to add an nginx proxy in front of Webman. This brings several benefits.
- Static resources are handled by nginx, allowing Webman to focus on business logic processing.
- Multiple Webman instances can share ports 80 and 443, distinguishing different sites by domain name, enabling multiple sites to be deployed on a single server.
- It allows php-fpm and Webman architecture to coexist.
- Nginx can implement SSL for HTTPS more simply and efficiently.
- It can strictly filter some illegal requests from the public internet.
Example of nginx Proxy
upstream webman {
server 127.0.0.1:8787;
keepalive 10240;
}
server {
server_name your_site_domain;
listen 80;
access_log off;
# Note: Here, it must be the public directory under Webman, not the root directory of Webman.
root /your/webman/public;
location ^~ / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Connection "";
if (!-e $request_filename){
proxy_pass http://webman;
}
}
# Deny access to all files ending with .php
location ~ \.php$ {
return 404;
}
# Allow access to .well-known directory
location ~ ^/\.well-known/ {
allow all;
}
# Deny access to all files or directories starting with .
location ~ /\. {
return 404;
}
}
In general, the developer only needs to configure the server_name and root to the actual values; no other fields need to be configured.
Note
It is particularly important that the root option be set to the public directory under Webman; do not set it directly to the Webman directory, or else all your files might be accessed and downloaded from the public internet, including sensitive files such as database configurations.