Nginx

From Logic Wiki
Jump to: navigation, search


Tip : if you don't want to write sudo every time write this once and enter password to access root

sudo -s

Install

sudo apt update
sudo apt install nginx

install curl to test setup but not mandatory

sudo apt install curl

Adjusting Firewall

sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'
sudo ufw status
sudo ufw enable

Checking web server

systemctl status nginx 
curl -4 logicmade.co.uk

parameter -4 represents ipv4

in the browser go to http://localhost to see if nginx working

Start Stop Reload Nginx

sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx

also reload, disable, enable parameters exists

Within the nginx commands

sudo ngninx -s stop     // fast shutdown
sudo ngninx -s quit     // graccefuly shutdown (wait for working processes)
sudo ngninx -s reload   // reload the conf file
sudo ngninx -s repoen   // reopen the log files (?)

Setting Up Server Blocks

Creating a site (XXX.COM)

sudo mkdir -p /var/www/XXX.COM/html
sudo chown -R $USER:$USER /var/www/XXX.COM/html
sudo chmod -R 755 /var/www/XXX.COM

place static site with index.html in /var/www/XXX.COM/html/

sudo vi /etc/nginx/sites-available/XXX.COM

site settings

server{
  listen 80;
  listen[::]:80;
 
  root:/var/www/XXX.COM/html;
  index index.html index.htm;

  server_name XXX.COM WWW.XXX.COM;
  location /{
    try-files $uri $uri/ =404;
  }
}
==== Creating a symlink ====
 sudo ln -s /etc/nginx/sites-available/XXX.COM /etc/nginx/sites-enabled/
==== creating an alias  ====
 sudo vi /etc/nginx/nginx.conf
remove # in front of '''server_names_hash_bucket_size 64;'''
==== check if any problem exists ====
 sudo nginx -t
 sudo systemctl restart nginx

Creating a node js site (XXX.COM)

sudo vi /etc/nginx/conf.d/sysmon.conf 
server {
    listen 80;
    server_name XXX.COM;

    location / {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass         http://192.168.0.20:5000;
    }
}

Setting SSL

  • Copy crt and key files into a folder ie: /home/ali/cert
  • Open site definition file in /etc/nginx/sites-available/XXX.COM
server {
        listen 80;
        server_name xxx.com;
        return 301 https://$server_name$request_uri;
}

server{
        listen 443 ssl;
        server_name odyssey.sykesseafood.com;

        ssl_certificate /home/ali/cert/wildcard.crt;
        ssl_certificate_key /home/ali/cert/wildcard.key;

        location / {
                proxy_pass http://localhost:3000/;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;

                //proxy_set_header X-Real-IP $remote_addr;
                //proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                //proxy_set_header X-NginX-Proxy true;
                //proxy_redirect http://localhost:3000/ https://$server_name:3000;
        }
}
    • first server block is for redirecting non-ssl requests to ssl ones
    • second block points where the certificates are

if the certificate is created with a pass phrase

Additionally

  • Create a file ie global.pass in a folder ie /home/ali/cert/global.pass and write passphrase in it
  • go to /etc/nginx/nginx.conf file and in the http section ideally under ssl add this line
ssl_password_file /home/ali/cert/global.pass;

Nginx Configuration files

All NGINX configuration files are located in the /etc/nginx/ directory. The primary configuration file is /etc/nginx/nginx.conf The file starts with 4 directives: user, worker_processes, error_log, and pid

The events and http blocks are areas for additional directives, and they also exist in the main context.

File: /etc/nginx/nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
       . . .
}

http {
       . . .
}

The http Block

The http block contains directives for handling web traffic. These directives are often referred to as universal because they are passed on to all website configurations NGINX serves.

/etc/nginx/nginx.conf

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

Server Blocks

The http block above contains an include directive which tells NGINX where website configuration files are located.

Each website you host with NGINX should have its own configuration file in /etc/nginx/conf.d/, with the name formatted as example.com.conf

Sites which are disabled (not being served by NGINX) should be named example.com.conf.disabled.

Regardless of the installation source, server configuration files will contain a server block (or blocks) for a website. For example:

File: /etc/nginx/conf.d/example.com.conf

server {
    listen         80 default_server;
    listen         [::]:80 default_server;
    server_name    example.com www.example.com;
    root           /var/www/example.com;
    index          index.html;
    try_files $uri /index.html;
}

Listening Ports

The listen directive tells NGINX the hostname/IP and the TCP port where it should listen for HTTP connections. The argument default_server means this virtual host will answer requests on port 80 that don’t specifically match another virtual host’s listen statement. The second statement listens over IPv6 and behaves similarly.

Name-Based Virtual Hosting

The server_name directive allows multiple domains to be served from a single IP address. The server decides which domain to serve based on the request header it receives.

You typically should create one file per domain or site you want to host on your server. Here are some examples:

File: /etc/nginx/conf.d/example.com.conf

server_name   example.com www.example.com;

The server_name directive can also use wildcards. *.example.com and .example.com both instruct the server to process requests for all subdomains of example.com:

server_name   *.example.com;
server_name   .example.com;

Process requests for all domain names beginning with example.:

server_name   example.*;

NGINX allows you to specify server names that are not valid domain names. NGINX uses the name from the HTTP header to answer requests, regardless of whether the domain name is valid or not.

Using non-domain hostnames is useful if your server is on a LAN, or if you already know all of the clients that will be making requests of the server. This includes front-end proxy servers with /etc/hosts entries configured for the IP address on which NGINX is listening.

Location Blocks

The location setting lets you configure how NGINX will respond to requests for resources within the server. Just like the server_name directive tells NGINX how to process requests for the domain, location directives cover requests for specific files and folders, such as http://example.com/blog/. Here are some examples:

File: /etc/nginx/sites-available/example.com

location / { }
location /images/ { }
location /blog/ { }
location /planet/ { }
location /planet/blog/ { }

The locations above are literal string matches, which match any part of an HTTP request that comes after the host segment:

Request: http://example.com/

Returns: Assuming that there is a server_name entry for example.com, the location / directive will determine what happens with this request.

NGINX always fulfills requests using the most specific match:

Request: http://example.com/planet/blog/ or http://example.com/planet/blog/about/

Returns: This is fulfilled by the location /planet/blog/ directive because it is more specific, even though location /planet/ also matches this request.



https://www.linode.com/docs/guides/how-to-configure-nginx/

https://nginx.org/en/docs/ngx_core_module.html

https://nginx.org/en/docs/http/ngx_http_core_module.html