Skip to content

Instantly share code, notes, and snippets.

@101t

101t/nginx.md

Last active February 22, 2026 14:09
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save 101t/9f11375860a7cc8ff923c23602c43873 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save 101t/9f11375860a7cc8ff923c23602c43873 to your computer and use it in GitHub Desktop.
Download ZIP
NGiNX my beloved server, OpenLiteSpeed reverse proxy
Raw
nginx.md

NGINX frequently used configurations

NGINX Static IP Proxy Forwarding

upstream git_server {
    server xx.xx.xx.xx:6060;
}
server {
    listen 80;
    server_name git.domainname.com;

    location / {
        client_max_body_size 0;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_pass http://git_server;
        proxy_pass_header Authorization;
        proxy_read_timeout 10000s;
        proxy_redirect off;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Increase NGINX upload size

By default, Nginx has a limit of 1MB on file uploads. To set file upload size, you can use the client_max_body_size directive, which is part of Nginx’s ngx_http_core_module module. This directive can be set in the http, server or location context.

It sets the maximum allowed size of the client request body, specified in the "Content-Length" request header field. Here’s an example of increasing the limit to 100MB in /etc/nginx/nginx.conf file.

http {
    ...
    client_max_body_size 100M;
}
@101t
Copy link
Author

101t commented Feb 22, 2026

Full CyberPanel Reverse Proxy Virtual Host Configuration

Configure custom domain using OpenLightSpeed for CyberPanel Administration instead of custom_ip:8090

create an empty website with issued SSL by navigating to "Create Website", then add this configuration to vhost for this virtual website:

docRoot                   $VH_ROOT/public_html
vhDomain                  $VH_NAME
vhAliases                 www.$VH_NAME
adminEmails               info@custom_domain.com
enableGzip                1
enableIpGeo               1

extprocessor cyberpanel_backend {
  type                    proxy
  address                 https://127.0.0.1:8090
  maxConns                20
  pcKeepAliveTimeout      60
  initTimeout             60
  retryTimeout            0
  respBuffer              0
}

context / {
  type                    proxy
  handler                 cyberpanel_backend
  addDefaultCharset       off
}

rewrite  {
  enable                  1
  autoLoadHtaccess        1
  rules                   <<<END_rules
    RewriteCond %{HTTPS} !on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
  END_rules
}

errorlog $VH_ROOT/logs/$VH_NAME.error_log {
  useServer               0
  logLevel                WARN
  rollingSize             10M
}

accesslog $VH_ROOT/logs/$VH_NAME.access_log {
  useServer               0
  logFormat               "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
  logHeaders              5
  rollingSize             10M
  keepDays                10
  compressArchive         1
}

module cache {
  storagePath             /usr/local/lsws/cachedata/$VH_NAME
}

vhssl  {
  keyFile                 /etc/letsencrypt/live/cyberpanel.custom_domain.com/privkey.pem
  certFile                /etc/letsencrypt/live/cyberpanel.custom_domain.com/fullchain.pem
  certChain               1
  sslProtocol             24
  enableECDHE             1
  renegProtection         1
  sslSessionCache         1
  enableSpdy              15
  enableStapling          1
  ocspRespMaxAge          86400
}

same in CLI:

nano /usr/local/lsws/conf/vhosts/cyberpanel.custom_domain.com/vhost.conf

Listener Configuration (Main Config)

Add/verify these in the main LiteSpeed config:

nano /usr/local/lsws/conf/httpd_config.conf

add these lines:

# ...existing code...

listener HTTP {
  address                 *:80
  secure                  0
  map                     cyberpanel.yaseir.com cyberpanel.yaseir.com, www.cyberpanel.yaseir.com
}

listener HTTPS {
  address                 *:443
  secure                  1
  keyFile                 /etc/letsencrypt/live/cyberpanel.yaseir.com/privkey.pem
  certFile                /etc/letsencrypt/live/cyberpanel.yaseir.com/fullchain.pem
  map                     cyberpanel.yaseir.com cyberpanel.yaseir.com, www.cyberpanel.yaseir.com
}

# ...existing code...

then restart lshttpd and lsws

systemctl restart {lshttpd,lsws}

# Test config
/usr/local/lsws/bin/lswsctrl status

configure firewall

firewall-cmd --remove-rich-rule 'rule family="ipv6" port port="8090" protocol="tcp" accept' --permanent
firewall-cmd --remove-rich-rule 'rule family="ipv4" source address="0.0.0.0/0" port port="8090" protocol="tcp" accept' --permanent
firewall-cmd --check-config
firewall-cmd --reload

Now everything should work properly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment