Terminating SSL with NGINX
Using NGINX is a great way to add DNS and SSL termination to your npm Enterprise server.
Here's an example nginx.conf
configuration that you can use for
associating one DNS name with your npm Enterprise Website and an
alternative DNS name with your npm Enterprise Registry:
user root;
worker_processes 1;
pid /var/run/nginx.pid;
events {
# After increasing this value you should increase the limit
# of file descriptors (for example in start_precmd in startup script)
worker_connections 1024;
}
http {
upstream registry {
server 127.0.0.1:8080;
}
upstream www {
server 127.0.0.1:8081;
}
client_max_body_size 200M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
# npm Enterprise registry.
server {
listen 443;
server_name demo-registry.npmjs.com;
ssl on;
ssl_certificate /home/ubuntu/sslcerts/wildcard.pem;
ssl_certificate_key /home/ubuntu/sslcerts/wildcard.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
location / {
proxy_pass http://registry;
proxy_set_header Host $host;
}
}
# npm Enterprise Website
server {
listen 443;
server_name demo-www.npmjs.com;
ssl on;
ssl_certificate /home/ubuntu/sslcerts/wildcard.pem;
ssl_certificate_key /home/ubuntu/sslcerts/wildcard.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
location / {
proxy_pass http://www;
proxy_set_header Host $host;
}
}
}