Difference between revisions of "Nginx"

Latest revision as of 01:24, 22 December 2025

Tip : if you don't want to write sudo every time write this once and enter password to access root

sudo -s

Install

sudo apt-get update
sudo apt-get install nginx

install curl to test setup but not mandatory

sudo apt install curl

Adjusting Firewall

sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'

sudo ufw status

sudo ufw enable

Checking web server

systemctl status nginx 
curl -4 logicmade.co.uk

parameter -4 represents ipv4

in the browser go to http://localhost to see if nginx working

Start Stop Reload Nginx

sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx

also reload, disable, enable parameters exists

Within the nginx commands

sudo ngninx -s stop     // fast shutdown
sudo ngninx -s quit     // graccefuly shutdown (wait for working processes)
sudo ngninx -s reload   // reload the conf file
sudo ngninx -s repoen   // reopen the log files (?)

Setting Up Server Blocks

Creating a site (XXX.COM)

sudo mkdir -p /var/www/XXX.COM/html
sudo chown -R $USER:$USER /var/www/XXX.COM/html
sudo chmod -R 755 /var/www/XXX.COM

place static site with index.html in /var/www/XXX.COM/html/

sudo vi /etc/nginx/sites-available/XXX.COM

site settings

server{
  listen 80;
  listen[::]:80;
 
  root:/var/www/XXX.COM/html;
  index index.html index.htm;

  server_name XXX.COM WWW.XXX.COM;
  location /{
    try-files $uri $uri/ =404;
  }
}

Creating a symlink

sudo ln -s /etc/nginx/sites-available/XXX.COM /etc/nginx/sites-enabled/

creating an alias

sudo vi /etc/nginx/nginx.conf

remove # in front of server_names_hash_bucket_size 64;

check if any problem exists

sudo nginx -t
sudo systemctl restart nginx

Creating a node js site (XXX.COM)

sudo vi /etc/nginx/conf.d/sysmon.conf 

server {
    listen 80;
    server_name XXX.COM;

    location / {
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   Host $http_host;
        proxy_pass         http://192.168.0.20:5000;
    }
}

Setting SSL

• Copy crt and key files into a folder ie: /home/ali/cert
• Open site definition file in /etc/nginx/sites-available/XXX.COM

server {
        listen 80;
        server_name xxx.com;
        return 301 https://$server_name$request_uri;
}

server{
        listen 443 ssl;
        server_name odyssey.sykesseafood.com;

        ssl_certificate /home/ali/cert/wildcard.crt;
        ssl_certificate_key /home/ali/cert/wildcard.key;

        location / {
                proxy_pass http://localhost:3000/;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;

                //proxy_set_header X-Real-IP $remote_addr;
                //proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                //proxy_set_header X-NginX-Proxy true;
                //proxy_redirect http://localhost:3000/ https://$server_name:3000;
        }
}

• • first server block is for redirecting non-ssl requests to ssl ones
  • second block points where the certificates are

if the certificate is created with a pass phrase

Additionally

• Create a file ie global.pass in a folder ie /home/ali/cert/global.pass and write passphrase in it
• go to /etc/nginx/nginx.conf file and in the http section ideally under ssl add this line

ssl_password_file /home/ali/cert/global.pass;

Nginx Configuration files

All NGINX configuration files are located in the /etc/nginx/ directory. The primary configuration file is /etc/nginx/nginx.conf The file starts with 4 directives: user, worker_processes, error_log, and pid

The events and http blocks are areas for additional directives, and they also exist in the main context.

File: /etc/nginx/nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
       . . .
}

http {
       . . .
}

The http Block

The http block contains directives for handling web traffic. These directives are often referred to as universal because they are passed on to all website configurations NGINX serves.

/etc/nginx/nginx.conf

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

Server Blocks

The http block above contains an include directive which tells NGINX where website configuration files are located.

Each website you host with NGINX should have its own configuration file in /etc/nginx/conf.d/, with the name formatted as example.com.conf

Sites which are disabled (not being served by NGINX) should be named example.com.conf.disabled.

Regardless of the installation source, server configuration files will contain a server block (or blocks) for a website. For example:

File: /etc/nginx/conf.d/example.com.conf

server {
    listen         80 default_server;
    listen         [::]:80 default_server;
    server_name    example.com www.example.com;
    root           /var/www/example.com;
    index          index.html;
    try_files $uri /index.html;
}

Listening Ports

The listen directive tells NGINX the hostname/IP and the TCP port where it should listen for HTTP connections. The argument default_server means this virtual host will answer requests on port 80 that don’t specifically match another virtual host’s listen statement. The second statement listens over IPv6 and behaves similarly.

Name-Based Virtual Hosting

The server_name directive allows multiple domains to be served from a single IP address. The server decides which domain to serve based on the request header it receives.

You typically should create one file per domain or site you want to host on your server. Here are some examples:

File: /etc/nginx/conf.d/example.com.conf

server_name   example.com www.example.com;

The server_name directive can also use wildcards. *.example.com and .example.com both instruct the server to process requests for all subdomains of example.com:

server_name   *.example.com;
server_name   .example.com;

Process requests for all domain names beginning with example.:

server_name   example.*;

NGINX allows you to specify server names that are not valid domain names. NGINX uses the name from the HTTP header to answer requests, regardless of whether the domain name is valid or not.

Using non-domain hostnames is useful if your server is on a LAN, or if you already know all of the clients that will be making requests of the server. This includes front-end proxy servers with /etc/hosts entries configured for the IP address on which NGINX is listening.

Location Blocks

The location setting lets you configure how NGINX will respond to requests for resources within the server. Just like the server_name directive tells NGINX how to process requests for the domain, location directives cover requests for specific files and folders, such as http://example.com/blog/. Here are some examples:

File: /etc/nginx/sites-available/example.com

location / { }
location /images/ { }
location /blog/ { }
location /planet/ { }
location /planet/blog/ { }

The locations above are literal string matches, which match any part of an HTTP request that comes after the host segment:

Request: http://example.com/

Returns: Assuming that there is a server_name entry for example.com, the location / directive will determine what happens with this request.

NGINX always fulfills requests using the most specific match:

Request: http://example.com/planet/blog/ or http://example.com/planet/blog/about/

Returns: This is fulfilled by the location /planet/blog/ directive because it is more specific, even though location /planet/ also matches this request.

.net installation

If you receive error like Unable to locate package dotnet-sdk do this

 sudo add-apt-repository ppa:dotnet/backports

and then

sudo apt-get update && \
 sudo apt-get install -y dotnet-sdk-9.0

Then install dotnet host (I'm not sure if they're necessary)

sudo apt-get install -y dotnet-host
sudo apt-get install aspnetcore-runtime-9.0

Just runtime :

sudo apt-get install dotnet-runtime-9.0

Check if dotnet is OK ?

dotnet --info

Setting up Reverse proxy

add missing location blog to site settings in /etc/nginx/sites-available/default file

server {
	listen 80 default_server;
	listen [::]:80 default_server;


	root /var/www/html;

	index index.html index.htm index.nginx-debian.html;

	server_name identity.totalasstets.co.uk;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
 
		proxy_pass http://127.0.0.1:5000/;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection keep-alive;
		proxy_set_header Host $host;
		proxy_cache_bypass $http_upgrade;
		
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
	}

Creating a service

in /etc/systemd/system create a file like kpa-identity.service and change mod to 777

sudo touch kpa-identity.service
sudo chmod 777 kpa-identity.service

content is as follows

[Unit]
Description=kpa_identity

[Service]
WorkingDirectory=/var/www/kpa_identity/
ExecStart=/usr/bin/dotnet /var/www/kpa_identity/identity.api.dll
Restart=always
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=dotnet-kpa_identity
User=root
Environment=ASPNETCORE_ENVIRONMENT=Development
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
Environment=ASPNETCORE_URLS=http://localhost:5001

[Install]
WantedBy=multi-user.target

Environment=ASPNETCORE_URLS=http://localhost:5001 is important to run multiple dotnet applications at the same time.

enable it

 sudo systemctl enable kpa-identity.service

start it

sudo systemctl start kpa-identity.service

restart nginx by

sudo nginx -s reload

Enable / Disable Sites and Reload Nginx

Enable a site:

sudo ln -s /etc/nginx/sites-available/sitename.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Disable a site:

sudo rm /etc/nginx/sites-enabled/sitename.conf
sudo nginx -t
sudo systemctl reload nginx

https://www.linode.com/docs/guides/how-to-configure-nginx/

https://nginx.org/en/docs/ngx_core_module.html

https://nginx.org/en/docs/http/ngx_http_core_module.html