1. map $sent_http_content_type $expires {
  2.     "text/html"                 epoch;
  3.     "text/html; charset=utf-8"  epoch;
  4.     default                     off;
  5. }
  7. server {
  8.     listen          80;             # the port nginx is listening on
  9.     server_name     your-domain;    # setup your domain here
  11.     gzip            on;
  12.     gzip_types      text/plain application/xml text/css application/javascript;
  13.     gzip_min_length 1000;
  15.     location / {
  16.         expires $expires;
  18.         proxy_redirect                      off;
  19.         proxy_set_header Host               $host;
  20.         proxy_set_header X-Real-IP          $remote_addr;
  21.         proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
  22.         proxy_set_header X-Forwarded-Proto  $scheme;
  23.         proxy_read_timeout          1m;
  24.         proxy_connect_timeout       1m;
  25.         proxy_pass                          http://127.0.0.1:3000; # set the address of the Node.js instance here
  26.     }
  27. }

Using nginx with generated pages and a caching proxy as fallback:

If you have a high volume website with regularly changing content, you might want to benefit from Nuxt generate capabilities and nginx caching.

Below is an example configuration. Keep in mind that:

  • root folder should be the same as set by configuration generate.dir
  • expire headers set by Nuxt are stripped (due to the cache)
  • both Nuxt as nginx can set additional headers, it’s advised to choose one (if in doubt, choose nginx)
  • if your site is mostly static, increase the proxy_cache_path inactive and proxy_cache_valid numbers

If you don’t generate your routes but still wish to benefit from nginx cache:

  • remove the root entry
  • change location @proxy { to location / {
  • remove the other 2 location entries
  1. proxy_cache_path  /data/nginx/cache levels=1:2 keys_zone=nuxt-cache:25m max_size=1g inactive=60m use_temp_path=off;
  3. map $sent_http_content_type $expires {
  4.     "text/html"                 1h; # set this to your needs
  5.     "text/html; charset=utf-8"  1h; # set this to your needs
  6.     default                     7d; # set this to your needs
  7. }
  9. server {
  10.     listen          80;             # the port nginx is listening on
  11.     server_name     your-domain;    # setup your domain here
  13.     gzip            on;
  14.     gzip_types      text/plain application/xml text/css application/javascript;
  15.     gzip_min_length 1000;
  17.     charset utf-8;
  19.     root /var/www/NUXT_PROJECT_PATH/dist;
  21.     location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|js|css)$ {
  22.         expires $expires;
  23.         add_header Pragma public;
  24.         add_header Cache-Control "public";
  26.         try_files $uri $uri/ @proxy;
  27.     }
  29.     location / {
  30.         expires $expires;
  31.         add_header Content-Security-Policy "default-src 'self' 'unsafe-inline';";
  32.         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
  33.         add_header X-Frame-Options "SAMEORIGIN";
  35.         try_files $uri $uri/index.html @proxy; # for generate.subFolders: true
  36.         # try_files $uri $uri.html @proxy; # for generate.subFolders: false
  37.     }
  39.     location @proxy {
  40.         expires $expires;
  41.         add_header Content-Security-Policy "default-src 'self' 'unsafe-inline';";
  42.         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
  43.         add_header X-Frame-Options "SAMEORIGIN";
  44.         add_header X-Cache-Status $upstream_cache_status;
  46.         proxy_redirect                      off;
  47.         proxy_set_header Host               $host;
  48.         proxy_set_header X-Real-IP          $remote_addr;
  49.         proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
  50.         proxy_set_header X-Forwarded-Proto  $scheme;
  51.         proxy_ignore_headers        Cache-Control;
  52.         proxy_http_version          1.1;
  53.         proxy_read_timeout          1m;
  54.         proxy_connect_timeout       1m;
  55.         proxy_pass                  http://127.0.0.1:3000; # set the address of the Node.js instance here
  56.         proxy_cache                 nuxt-cache;
  57.         proxy_cache_bypass          $arg_nocache; # probably better to change this
  58.         proxy_cache_valid           200 302  60m; # set this to your needs
  59.         proxy_cache_valid           404      1m;  # set this to your needs
  60.         proxy_cache_lock            on;
  61.         proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
  62.         proxy_cache_key             $uri$is_args$args;
  63.     }
  64. }

nginx configuration for Laravel Forge:

Change YOUR_WEBSITE_FOLDER to your website folder and YOUR_WEBSITE_DOMAIN to your website URL. Laravel Forge will have filled out these values for you but be sure to double check.

  1. # FORGE CONFIG (DOT NOT REMOVE!)
  2. include forge-conf/YOUR_WEBSITE_FOLDER/before/*;
  4. map $sent_http_content_type $expires {
  5.     "text/html"                 epoch;
  6.     "text/html; charset=utf-8"  epoch;
  7.     default                     off;
  8. }
  10. server {
  11.     listen 80;
  12.     listen [::]:80;
  13.     server_name YOUR_WEBSITE_DOMAIN;
  15.     add_header X-Frame-Options "SAMEORIGIN";
  16.     add_header X-XSS-Protection "1; mode=block";
  17.     add_header X-Content-Type-Options "nosniff";
  19.     charset utf-8;
  21.     gzip            on;
  22.     gzip_types      text/plain application/xml text/css application/javascript;
  23.     gzip_min_length 1000;
  25.     # FORGE CONFIG (DOT NOT REMOVE!)
  26.     include forge-conf/YOUR_WEBSITE_FOLDER/server/*;
  28.     location / {
  29.         expires $expires;
  31.         proxy_redirect off;
  32.         proxy_set_header Host               $host;
  33.         proxy_set_header X-Real-IP          $remote_addr;
  34.         proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
  35.         proxy_set_header X-Forwarded-Proto  $scheme;
  36.         proxy_read_timeout          1m;
  37.         proxy_connect_timeout       1m;
  38.         proxy_pass                          http://127.0.0.1:3000; # set the address of the Node.js
  39.     }
  41.     access_log off;
  42.     error_log  /var/log/nginx/YOUR_WEBSITE_FOLDER-error.log error;
  44.     location ~ /\.(?!well-known).* {
  45.         deny all;
  46.     }
  47. }
  49. # FORGE CONFIG (DOT NOT REMOVE!)
  50. include forge-conf/YOUR_WEBSITE_FOLDER/after/*;

Secure Laravel Forge with TLS:

It’s best to let Laravel Forge do the editing of the nginx.conf for you, by clicking on Sites -> YOUR_WEBSITE_DOMAIN (SERVER_NAME) and then click on SSL and install a certificate from one of the providers. Remember to activate the certificate. Your nginx.conf should now look something like this:

  1. # FORGE CONFIG (DOT NOT REMOVE!)
  2. include forge-conf/YOUR_WEBSITE_FOLDER/before/*;
  4. map $sent_http_content_type $expires {
  5.     "text/html"                 epoch;
  6.     "text/html; charset=utf-8"  epoch;
  7.     default                     off;
  8. }
  10. server {
  11.     listen 443 ssl http2;
  12.     listen [::]:443 ssl http2;
  13.     server_name YOUR_WEBSITE_DOMAIN;
  15.     # FORGE SSL (DO NOT REMOVE!)
  16.     ssl_certificate /etc/nginx/ssl/YOUR_WEBSITE_FOLDER/258880/server.crt;
  17.     ssl_certificate_key /etc/nginx/ssl/YOUR_WEBSITE_FOLDER/258880/server.key;
  19.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  20.     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
  21.     ssl_prefer_server_ciphers on;
  22.     ssl_dhparam /etc/nginx/dhparams.pem;
  24.     add_header X-Frame-Options "SAMEORIGIN";
  25.     add_header X-XSS-Protection "1; mode=block";
  26.     add_header X-Content-Type-Options "nosniff";
  28.     charset utf-8;
  30.     gzip            on;
  31.     gzip_types      text/plain application/xml text/css application/javascript;
  32.     gzip_min_length 1000;
  34.     # FORGE CONFIG (DOT NOT REMOVE!)
  35.     include forge-conf/YOUR_WEBSITE_FOLDER/server/*;
  37.     location / {
  38.         expires $expires;
  40.         proxy_set_header Host               $host;
  41.         proxy_set_header X-Real-IP          $remote_addr;
  42.         proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
  43.         proxy_set_header X-Forwarded-Proto  $scheme;
  44.         proxy_redirect              off;
  45.         proxy_read_timeout          1m;
  46.         proxy_connect_timeout       1m;
  47.         proxy_pass                          http://127.0.0.1:3000; # set the address of the Node.js
  48.     }
  50.     access_log off;
  51.     error_log  /var/log/nginx/YOUR_WEBSITE_FOLDER-error.log error;
  53.     location ~ /\.(?!well-known).* {
  54.         deny all;
  55.     }
  56. }
  58. # FORGE CONFIG (DOT NOT REMOVE!)
  59. include forge-conf/YOUR_WEBSITE_FOLDER/after/*;