Nginx
Tip : if you don't want to write sudo every time write this once and enter password to access root
sudo -s
Contents
Install
sudo apt update sudo apt install nginx
install curl to test setup but not mandatory
sudo apt install curl
Adjusting Firewall
sudo ufw app list sudo ufw allow 'Nginx HTTP' sudo ufw allow 'Nginx HTTPS'
sudo ufw status
sudo ufw enable
Checking web server
systemctl status nginx curl -4 logicmade.co.uk
parameter -4 represents ipv4
in the browser go to http://localhost to see if nginx working
Start Stop Reload Nginx
sudo systemctl start nginx sudo systemctl stop nginx sudo systemctl restart nginx
also reload, disable, enable parameters exists
Within the nginx commands
sudo ngninx -s stop // fast shutdown sudo ngninx -s quit // graccefuly shutdown (wait for working processes) sudo ngninx -s reload // reload the conf file sudo ngninx -s repoen // reopen the log files (?)
Setting Up Server Blocks
Creating a site (XXX.COM)
sudo mkdir -p /var/www/XXX.COM/html sudo chown -R $USER:$USER /var/www/XXX.COM/html sudo chmod -R 755 /var/www/XXX.COM
place static site with index.html in /var/www/XXX.COM/html/
sudo vi /etc/nginx/sites-available/XXX.COM
site settings
server{ listen 80; listen[::]:80; root:/var/www/XXX.COM/html; index index.html index.htm; server_name XXX.COM WWW.XXX.COM; location /{ try-files $uri $uri/ =404; } } ==== Creating a symlink ==== sudo ln -s /etc/nginx/sites-available/XXX.COM /etc/nginx/sites-enabled/ ==== creating an alias ==== sudo vi /etc/nginx/nginx.conf remove # in front of '''server_names_hash_bucket_size 64;''' ==== check if any problem exists ==== sudo nginx -t sudo systemctl restart nginx
Creating a node js site (XXX.COM)
sudo vi /etc/nginx/conf.d/sysmon.conf
server { listen 80; server_name XXX.COM; location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; proxy_pass http://192.168.0.20:5000; } }
Setting SSL
- Copy crt and key files into a folder ie: /home/ali/cert
- Open site definition file in /etc/nginx/sites-available/XXX.COM
server { listen 80; server_name xxx.com; return 301 https://$server_name$request_uri; } server{ listen 443 ssl; server_name odyssey.sykesseafood.com; ssl_certificate /home/ali/cert/wildcard.crt; ssl_certificate_key /home/ali/cert/wildcard.key; location / { proxy_pass http://localhost:3000/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; //proxy_set_header X-Real-IP $remote_addr; //proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; //proxy_set_header X-NginX-Proxy true; //proxy_redirect http://localhost:3000/ https://$server_name:3000; } }
- first server block is for redirecting non-ssl requests to ssl ones
- second block points where the certificates are
if the certificate is created with a pass phrase
Additionally
- Create a file ie global.pass in a folder ie /home/ali/cert/global.pass and write passphrase in it
- go to /etc/nginx/nginx.conf file and in the http section ideally under ssl add this line
ssl_password_file /home/ali/cert/global.pass;
Nginx Configuration files
All NGINX configuration files are located in the /etc/nginx/ directory. The primary configuration file is /etc/nginx/nginx.conf The file starts with 4 directives: user, worker_processes, error_log, and pid
The events and http blocks are areas for additional directives, and they also exist in the main context.
File: /etc/nginx/nginx.conf
user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { . . . } http { . . . }
The http Block
The http block contains directives for handling web traffic. These directives are often referred to as universal because they are passed on to all website configurations NGINX serves.
/etc/nginx/nginx.conf
http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; }
Server Blocks
The http block above contains an include directive which tells NGINX where website configuration files are located.
Each website you host with NGINX should have its own configuration file in /etc/nginx/conf.d/, with the name formatted as example.com.conf
Sites which are disabled (not being served by NGINX) should be named example.com.conf.disabled.
Regardless of the installation source, server configuration files will contain a server block (or blocks) for a website. For example:
File: /etc/nginx/conf.d/example.com.conf
server { listen 80 default_server; listen [::]:80 default_server; server_name example.com www.example.com; root /var/www/example.com; index index.html; try_files $uri /index.html; }
Listening Ports
The listen directive tells NGINX the hostname/IP and the TCP port where it should listen for HTTP connections. The argument default_server means this virtual host will answer requests on port 80 that don’t specifically match another virtual host’s listen statement. The second statement listens over IPv6 and behaves similarly.
Name-Based Virtual Hosting
The server_name directive allows multiple domains to be served from a single IP address. The server decides which domain to serve based on the request header it receives.
You typically should create one file per domain or site you want to host on your server. Here are some examples:
File: /etc/nginx/conf.d/example.com.conf
server_name example.com www.example.com;
The server_name directive can also use wildcards. *.example.com and .example.com both instruct the server to process requests for all subdomains of example.com:
server_name *.example.com; server_name .example.com;
Process requests for all domain names beginning with example.:
server_name example.*;
NGINX allows you to specify server names that are not valid domain names. NGINX uses the name from the HTTP header to answer requests, regardless of whether the domain name is valid or not.
Using non-domain hostnames is useful if your server is on a LAN, or if you already know all of the clients that will be making requests of the server. This includes front-end proxy servers with /etc/hosts entries configured for the IP address on which NGINX is listening.
Location Blocks
The location setting lets you configure how NGINX will respond to requests for resources within the server. Just like the server_name directive tells NGINX how to process requests for the domain, location directives cover requests for specific files and folders, such as http://example.com/blog/. Here are some examples:
File: /etc/nginx/sites-available/example.com
location / { } location /images/ { } location /blog/ { } location /planet/ { } location /planet/blog/ { }
The locations above are literal string matches, which match any part of an HTTP request that comes after the host segment:
Request: http://example.com/
Returns: Assuming that there is a server_name entry for example.com, the location / directive will determine what happens with this request.
NGINX always fulfills requests using the most specific match:
Request: http://example.com/planet/blog/ or http://example.com/planet/blog/about/
Returns: This is fulfilled by the location /planet/blog/ directive because it is more specific, even though location /planet/ also matches this request.
https://www.linode.com/docs/guides/how-to-configure-nginx/