Link Search Menu Expand Document

Create the origin server on AWS EC2

fastcgi_cache_path /tmp/simple_cache levels=1:2 keys_zone=zone_origin.example.com:50m inactive=60m use_temp_path=off;
fastcgi_cache_key $scheme$request_method$host$request_uri$http_x_custom_header$http_cookie;

server {
        listen 80; 
        root /var/www/origin.example.com;
        index index.html index.php index.htm index.nginx-debian.html;
        server_name origin.example.com;

        # 0=no, 1=yes, cache things by default
        set $skip_cache 0;  

        if ($query_string) {
                set $skip_cache 1;
        }

        if ($request_method = POST) {
                        set $skip_cache 1;
                        return 200 "Hello World!";
        }

        location / {
                try_files $uri $uri/ =404;
                allow 192.25.25.0; 
                deny all;
                # say your reverse proxy IP is 192.25.25.0,
                # by defining here, you are allowing only this IP,
                # to access this origin for better security
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
                include /etc/nginx/fastcgi_params;
                include /etc/nginx/fastcgi.conf;
                fastcgi_cache zone_origin.example.com;
                fastcgi_cache_valid 200 5m;
                fastcgi_cache_valid 404 1m; 
                fastcgi_cache_bypass $skip_cache;
                fastcgi_no_cache $skip_cache;
                add_header php-cache-5m $upstream_cache_status;
                # this whole block is to cache PHP generated files
        }

        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
                        expires 1h;
                        log_not_found off;
        }

        listen 443 ssl; 
        ssl_certificate /etc/letsencrypt/live/origin.example.com/fullchain.pem; 
        ssl_certificate_key /etc/letsencrypt/live/origin.example.com/privkey.pem; 
        include /etc/letsencrypt/options-ssl-nginx.conf; 
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 
}