nginx Proxy

When Webman needs to provide direct access from the public internet, it is recommended to add an nginx proxy in front of Webman. This brings several benefits.

  • Static resources are handled by nginx, allowing Webman to focus on business logic processing.
  • Multiple Webman instances can share ports 80 and 443, distinguishing different sites by domain name, enabling multiple sites to be deployed on a single server.
  • It allows php-fpm and Webman architecture to coexist.
  • Nginx can implement SSL for HTTPS more simply and efficiently.
  • It can strictly filter some illegal requests from the public internet.

Example of nginx Proxy

upstream webman {
    server 127.0.0.1:8787;
    keepalive 10240;
}

server {
  server_name your_site_domain;
  listen 80;
  access_log off;
  # Note: Here, it must be the public directory under Webman, not the root directory of Webman.
  root /your/webman/public;

  location ^~ / {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_http_version 1.1;
      proxy_set_header Connection "";
      if (!-e $request_filename){
          proxy_pass http://webman;
      }
  }

  # Deny access to all files ending with .php
  location ~ \.php$ {
      return 404;
  }

  # Allow access to .well-known directory
  location ~ ^/\.well-known/ {
    allow all;
  }

  # Deny access to all files or directories starting with .
  location ~ /\. {
      return 404;
  }

}

In general, the developer only needs to configure the server_name and root to the actual values; no other fields need to be configured.

Note
It is particularly important that the root option be set to the public directory under Webman; do not set it directly to the Webman directory, or else all your files might be accessed and downloaded from the public internet, including sensitive files such as database configurations.