semi-optimal setup; ip_hash might give you issues if you have to server a lot of mobile-clients (at least here in europe), because of central proxies used by mobile-providers. this one might help if you need stickyness: https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/o...
instead of "if ($host !~ ^(api.yourdomain.com)$ )" you should use a "server_name api.yourdomain.com;" - directive for your proxy_config and a catch_all - server{} block that consist only of "return 444;" to avoid that "if"-processing on any request.
oh, and you might want to use "ssl_session_cache shared:SSL:1440m;" for better performance (adjust the timeframe accordingly, i've seen values from 10 minutes up to 48hours like google)
> SSL certs tend to be rather confusing ... no not, really, but i leave it up to you to figure out what a key is and what a cert :D
2 comments
[ 2.7 ms ] story [ 13.6 ms ] threadinstead of "if ($host !~ ^(api.yourdomain.com)$ )" you should use a "server_name api.yourdomain.com;" - directive for your proxy_config and a catch_all - server{} block that consist only of "return 444;" to avoid that "if"-processing on any request.
oh, and you might want to use "ssl_session_cache shared:SSL:1440m;" for better performance (adjust the timeframe accordingly, i've seen values from 10 minutes up to 48hours like google)
> SSL certs tend to be rather confusing ... no not, really, but i leave it up to you to figure out what a key is and what a cert :D
This is very helpful, I'll definitely be using this to update my nginx.conf file!