Difference between revisions of "Nginx"
(→.net installation) |
|||
| Line 245: | Line 245: | ||
Check if dotnet is OK ? | Check if dotnet is OK ? | ||
dotnet --info | dotnet --info | ||
| + | === Setting up Reverse proxy === | ||
| + | add missing location blog to site settings in /etc/nginx/sites-available/default file | ||
| + | <pre> | ||
| + | server { | ||
| + | listen 80 default_server; | ||
| + | listen [::]:80 default_server; | ||
| + | |||
| + | |||
| + | root /var/www/html; | ||
| + | |||
| + | index index.html index.htm index.nginx-debian.html; | ||
| + | |||
| + | server_name identity.totalasstets.co.uk; | ||
| + | |||
| + | location / { | ||
| + | # First attempt to serve request as file, then | ||
| + | # as directory, then fall back to displaying a 404. | ||
| + | try_files $uri $uri/ =404; | ||
| + | |||
| + | proxy_pass http://127.0.0.1:5000/; | ||
| + | proxy_http_version 1.1; | ||
| + | proxy_set_header Upgrade $http_upgrade; | ||
| + | proxy_set_header Connection keep-alive; | ||
| + | proxy_set_header Host $host; | ||
| + | proxy_cache_bypass $http_upgrade; | ||
| + | |||
| + | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| + | proxy_set_header X-Forwarded-Proto $scheme; | ||
| + | } | ||
| + | </pre> | ||
| + | === Creating a service === | ||
| + | in /etc/systemd/system create a file like kpa-identity.service and change mod to 777 | ||
| + | sudo touch kpa-identity.service | ||
| + | sudo chmod 777 kpa-identity.service | ||
| + | content is as follows | ||
| + | <pre> | ||
| + | [Unit] | ||
| + | Description=kpa_identity | ||
| + | |||
| + | [Service] | ||
| + | WorkingDirectory=/var/www/kpa_identity/ | ||
| + | ExecStart=/usr/bin/dotnet /var/www/kpa_identity/identity.api.dll | ||
| + | Restart=always | ||
| + | RestartSec=10 | ||
| + | KillSignal=SIGINT | ||
| + | SyslogIdentifier=dotnet-kpa_identity | ||
| + | User=root | ||
| + | Environment=ASPNETCORE_ENVIRONMENT=Development | ||
| + | Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false | ||
| + | |||
| + | [Install] | ||
| + | WantedBy=multi-user.target | ||
| + | </pre> | ||
| + | enable it | ||
| + | sudo systemctl enable kpa-identity.service | ||
| + | start it | ||
| + | sudo systemctl start kpa-identity.service | ||
| + | |||
| + | restart nginx by | ||
| + | sudo nginx -s reload | ||
-------------------------------- | -------------------------------- | ||
[https://www.linode.com/docs/guides/how-to-configure-nginx/ https://www.linode.com/docs/guides/how-to-configure-nginx/] | [https://www.linode.com/docs/guides/how-to-configure-nginx/ https://www.linode.com/docs/guides/how-to-configure-nginx/] | ||
Revision as of 12:02, 30 November 2024
Tip : if you don't want to write sudo every time write this once and enter password to access root
sudo -s
Contents
Install
sudo apt-get update sudo apt-get install nginx
install curl to test setup but not mandatory
sudo apt install curl
Adjusting Firewall
sudo ufw app list sudo ufw allow 'Nginx HTTP' sudo ufw allow 'Nginx HTTPS'
sudo ufw status
sudo ufw enable
Checking web server
systemctl status nginx curl -4 logicmade.co.uk
parameter -4 represents ipv4
in the browser go to http://localhost to see if nginx working
Start Stop Reload Nginx
sudo systemctl start nginx sudo systemctl stop nginx sudo systemctl restart nginx
also reload, disable, enable parameters exists
Within the nginx commands
sudo ngninx -s stop // fast shutdown sudo ngninx -s quit // graccefuly shutdown (wait for working processes) sudo ngninx -s reload // reload the conf file sudo ngninx -s repoen // reopen the log files (?)
Setting Up Server Blocks
Creating a site (XXX.COM)
sudo mkdir -p /var/www/XXX.COM/html sudo chown -R $USER:$USER /var/www/XXX.COM/html sudo chmod -R 755 /var/www/XXX.COM
place static site with index.html in /var/www/XXX.COM/html/
sudo vi /etc/nginx/sites-available/XXX.COM
site settings
server{
listen 80;
listen[::]:80;
root:/var/www/XXX.COM/html;
index index.html index.htm;
server_name XXX.COM WWW.XXX.COM;
location /{
try-files $uri $uri/ =404;
}
}
==== Creating a symlink ====
sudo ln -s /etc/nginx/sites-available/XXX.COM /etc/nginx/sites-enabled/
==== creating an alias ====
sudo vi /etc/nginx/nginx.conf
remove # in front of '''server_names_hash_bucket_size 64;'''
==== check if any problem exists ====
sudo nginx -t
sudo systemctl restart nginx
Creating a node js site (XXX.COM)
sudo vi /etc/nginx/conf.d/sysmon.conf
server {
listen 80;
server_name XXX.COM;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.0.20:5000;
}
}
Setting SSL
- Copy crt and key files into a folder ie: /home/ali/cert
- Open site definition file in /etc/nginx/sites-available/XXX.COM
server {
listen 80;
server_name xxx.com;
return 301 https://$server_name$request_uri;
}
server{
listen 443 ssl;
server_name odyssey.sykesseafood.com;
ssl_certificate /home/ali/cert/wildcard.crt;
ssl_certificate_key /home/ali/cert/wildcard.key;
location / {
proxy_pass http://localhost:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
//proxy_set_header X-Real-IP $remote_addr;
//proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
//proxy_set_header X-NginX-Proxy true;
//proxy_redirect http://localhost:3000/ https://$server_name:3000;
}
}
- first server block is for redirecting non-ssl requests to ssl ones
- second block points where the certificates are
if the certificate is created with a pass phrase
Additionally
- Create a file ie global.pass in a folder ie /home/ali/cert/global.pass and write passphrase in it
- go to /etc/nginx/nginx.conf file and in the http section ideally under ssl add this line
ssl_password_file /home/ali/cert/global.pass;
Nginx Configuration files
All NGINX configuration files are located in the /etc/nginx/ directory. The primary configuration file is /etc/nginx/nginx.conf The file starts with 4 directives: user, worker_processes, error_log, and pid
The events and http blocks are areas for additional directives, and they also exist in the main context.
File: /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
. . .
}
http {
. . .
}
The http Block
The http block contains directives for handling web traffic. These directives are often referred to as universal because they are passed on to all website configurations NGINX serves.
/etc/nginx/nginx.conf
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
Server Blocks
The http block above contains an include directive which tells NGINX where website configuration files are located.
Each website you host with NGINX should have its own configuration file in /etc/nginx/conf.d/, with the name formatted as example.com.conf
Sites which are disabled (not being served by NGINX) should be named example.com.conf.disabled.
Regardless of the installation source, server configuration files will contain a server block (or blocks) for a website. For example:
File: /etc/nginx/conf.d/example.com.conf
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
root /var/www/example.com;
index index.html;
try_files $uri /index.html;
}
Listening Ports
The listen directive tells NGINX the hostname/IP and the TCP port where it should listen for HTTP connections. The argument default_server means this virtual host will answer requests on port 80 that don’t specifically match another virtual host’s listen statement. The second statement listens over IPv6 and behaves similarly.
Name-Based Virtual Hosting
The server_name directive allows multiple domains to be served from a single IP address. The server decides which domain to serve based on the request header it receives.
You typically should create one file per domain or site you want to host on your server. Here are some examples:
File: /etc/nginx/conf.d/example.com.conf
server_name example.com www.example.com;
The server_name directive can also use wildcards. *.example.com and .example.com both instruct the server to process requests for all subdomains of example.com:
server_name *.example.com; server_name .example.com;
Process requests for all domain names beginning with example.:
server_name example.*;
NGINX allows you to specify server names that are not valid domain names. NGINX uses the name from the HTTP header to answer requests, regardless of whether the domain name is valid or not.
Using non-domain hostnames is useful if your server is on a LAN, or if you already know all of the clients that will be making requests of the server. This includes front-end proxy servers with /etc/hosts entries configured for the IP address on which NGINX is listening.
Location Blocks
The location setting lets you configure how NGINX will respond to requests for resources within the server. Just like the server_name directive tells NGINX how to process requests for the domain, location directives cover requests for specific files and folders, such as http://example.com/blog/. Here are some examples:
File: /etc/nginx/sites-available/example.com
location / { }
location /images/ { }
location /blog/ { }
location /planet/ { }
location /planet/blog/ { }
The locations above are literal string matches, which match any part of an HTTP request that comes after the host segment:
Request: http://example.com/
Returns: Assuming that there is a server_name entry for example.com, the location / directive will determine what happens with this request.
NGINX always fulfills requests using the most specific match:
Request: http://example.com/planet/blog/ or http://example.com/planet/blog/about/
Returns: This is fulfilled by the location /planet/blog/ directive because it is more specific, even though location /planet/ also matches this request.
.net installation
If you receive error like Unable to locate package dotnet-sdk do this
sudo add-apt-repository ppa:dotnet/backports
and then
sudo apt-get update && \ sudo apt-get install -y dotnet-sdk-9.0
Then install dotnet host (I'm not sure if they're necessary)
sudo apt-get install -y dotnet-host sudo apt-get install aspnetcore-runtime-9.0
Just runtime :
sudo apt-get install dotnet-runtime-9.0
Check if dotnet is OK ?
dotnet --info
Setting up Reverse proxy
add missing location blog to site settings in /etc/nginx/sites-available/default file
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name identity.totalasstets.co.uk;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
proxy_pass http://127.0.0.1:5000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
Creating a service
in /etc/systemd/system create a file like kpa-identity.service and change mod to 777
sudo touch kpa-identity.service sudo chmod 777 kpa-identity.service
content is as follows
[Unit] Description=kpa_identity [Service] WorkingDirectory=/var/www/kpa_identity/ ExecStart=/usr/bin/dotnet /var/www/kpa_identity/identity.api.dll Restart=always RestartSec=10 KillSignal=SIGINT SyslogIdentifier=dotnet-kpa_identity User=root Environment=ASPNETCORE_ENVIRONMENT=Development Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false [Install] WantedBy=multi-user.target
enable it
sudo systemctl enable kpa-identity.service
start it
sudo systemctl start kpa-identity.service
restart nginx by
sudo nginx -s reload
https://www.linode.com/docs/guides/how-to-configure-nginx/
